QCJO This is to certify that the dissertation entitled EMERGENCE AND CONSEQUENCES OF DRIFT IN ORGANIZATIONAL INFORMATION SYSTEMS presented by HARMINDER SINGH has been accepted towards fulfillment of the requirements for the Doctoral degree in Business lnforrnation Systems W7 7% * Major Professor’s Signature 4pn' / 2 g[ 20/ 0 Date MSU is an Affirmative Action/Equal Opportunity Employer 4 v-A-l-0-l-.-l-I-l-I-l-0-.-0-O-O-l-I-l-I-O-O-.-O- .l-l-u-I-I--o-I-I-I-l--0-0-|-o-l-l-I-I-I-I-I-I-I’I--O-U-I-I-h-a—.~v PLACE IN RETURN BOX to remove this checkout from your record. TO AVOID FINES return on or before date due. MAY BE RECALLED with earlier due date if requested. DATE DUE DATE DUE DATE DUE 5/08 K:/Proj/Acc&PrelelRC/DateDue.indd EMERGENCE AND CONSEQUENCES OF DRIFT IN ORGANIZATIONAL INFORMATION SYSTEMS By Harminder Singh A DISSERTATION Submitted to Michigan State University in partial fulfillment of the requirements for the degree of DOCTOR OF PHILSOPHY Business Information Systems 2010 ABSTRACT EMERGENCE AND CONSEQUENCES OF DRIFT IN ORGANIZATIONAL INFORMATION SYSTEMS By Harminder Singh This dissertation theorizes how IS portfolio drift emerges, what its consequences are, and how it is managed. I define IS portfolio drifi as locally-driven but centrally- unintended adaptations of an organization’s collection of IT assets. These changes comprise workarounds of officially-mandated applications and the implementation of alternative systems. They occur mainly because of a poor fit of the officially-mandated technology with the task it is intended to support. Drift can be costly: the expenditure on developing, purchasing and supporting the officially-mandated applications is squandered, while additional funds are needed to maintain the shadow systems. Decision quality could also be reduced, because of uncertainty over data provenance. However, drift could also be beneficial to an organization, as it reflects the innovativeness of employees in adapting to changes in local environments or in using emerging technologies to enhance their performance. Traditionally, research on IS governance has taken a rational and agency-oriented perspective. I conceptualize IS governance from a practice perspective to highlight how portfolio drift is an ongoing, macro-level outcome of the micro-level actions of various agents. This analysis reveals that the process of governance is influenced by the relative allocation of power (capital) between users and managers, and between the operational ftmctions and the IT unit, how this allocation came to be, and how it changes over time This study uses case studies of ten units within two organizations to delineate a process theory of portfolio drift, and explain the situated practices used to steer the portfolio-in- use so that it meets the goals of the agents involved. Copyright by Harminder Singh 2010 Dedicated to my parents ACKNOWLEDGMENTS I would like to thank my supervisor, Professor Brian T. Pentland, for going above and beyond the call of duty in helping me meet my schedule and in always pushing me to clarify my drinking. My colleagues in the ITM program and elsewhere in the Eli Broad Graduate School of Business have always been a refreshing source of friendship, commentary and critique. Finally, I would like to thank my wife, Amrit- her unceasing support continues to help me overcome life’s hurdles. vi TABLE OF CONTENTS LIST OF TABLES .............................................................................................................. ix LIST OF FIGURES ............................................................................................................. x CHAPTER 1: INTRODUCTION ........................................................................................ 1 CHAPTER 2: CONCEPTUALIZING DRIFT .................................................................... 7 What is an IT Portfolio? .................................................................................................. 7 Why Portfolios Drifi ...................................................................................................... 13 How Portfolio Drift Occurs ........................................................................................... 21 Consequences of Portfolio Drift .................................................................................... 27 Appendix 1: Studies that have used Ciborra’s concept of drifi ........................... 29 CHAPTER 3: GOVERNANCE AS THE MANAGEMENT OF PORTFOLIO DRIFT..32 IS Governance as the Practice of Managing Drift ......................................................... 41 Appendix 2: Examples of IS Studies using Practice Theory ......................................... 51 CHAPTER 4: RESEARCH SITES AND METHODOLOGY .......................................... 54 Sites ............................................................................................................................... 55 Data Collection .............................................................................................................. 59 CHAPTER 5: CASE STUDIES ........................................................................................ 65 Case Vignette 1: EduExcel — International Studies and Programs ................................ 65 Case Vignette 2: EduExcel — Athletics .......................................................................... 76 Case Vignette 3: EduExcel — Facilities Management ................................................... 93 Case Vignette 4: EduExcel — College of Agriculture .................................................. 101 Case Vignette 5: EduExcel — College of Business ...................................................... 120 Case Vignette 6: EduSucceed - International Center .................................................. 141 Case Vignette 7: EduSucceed — Athletics ................................................................... 152 Case Vignette 8: EduSucceed — Facilities Management ............................................. 161 Case Vignette 9: EduSucceed — College of Engineering ............................................ 182 Case Vignette 10: EduSucceed — College of Business ................................................ 210 Other Interviews: EduSucceed - Senior IT Manager, Local IT ................................... 229 Other Interviews: EduSucceed - Senior IT Manager, Central IT ................................ 236 CHAPTER 6: ANALYZING PORTFOLIO DRIFT ....................................................... 241 V11 Patterns of Drift ........................................................................................................... 243 Comparison of Drift Categories .................................................................................. 255 Process Theory of Portfolio Drift ................................................................................ 260 CHAPTER 7: ANALYZING IS GOVERNANCE ......................................................... 267 Governance Practices .................................................................................................. 270 Comparing IS Governance in EduSucceed and EduExcel .......................................... 273 Comparing Perspectives .............................................................................................. 287 CHAPTER 8: DISCUSSION AND CONCLUSION ...................................................... 292 Theoretical Contributions ............................................................................................ 293 Managerial Implications .............................................................................................. 298 Limitations ................................................................................................................... 303 Further Research .......................................................................................................... 308 Conclusion ................................................................................................................... 311 REFERENCES ................................................................................................................ 313 viii LIST OF TABLES Table 1: Components of an IT Portfolio .............................................................................. 8 Table 2: Definitions of drift ............................................................................................... 11 Table 3: Definitions and Examples of IT-based Workarounds ......................................... 16 Table 4: Studies citing Ciborra’s concept of drift ............................................................. 29 Table 5: Definitions of IS governance ............................................................................... 35 Table 6: Applying Practice Theory Concepts to IS Governance ....................................... 45 Table 7: Examples of IS Studies using Practice Theory ................................................... 51 Table 8: Backgrounds of Interviewees .............................................................................. 60 Table 9: Interview Protocol ............................................................................................... 62 Table 10: Antecedents and Consequences of Drift ......................................................... 244 Table 11: Categories of Drift ........................................................................................... 257 Table 12: Categorization of IT Governance Mechanisms in EduExcel & EduSucceed .290 Table 13: Examples of Terms used to Describe Resistance ............................................ 311 ix LIST OF FIGURES Figure 1: IS Portfolio Drift .................................................................................................. 3 Figure 2: Resultant Gap between Expected and Observed IS Portfolio .............................. 3 Figure 3: IS Portfolio Drift ................................................................................................ 13 Figure 4: Evolution of EduExcel’s and EduSucceed's IS Portfolios .................................. 57 Figure 5: Governance mechanisms, IT portfolio and instances of drift for EduExcel's ISP units ................................................................................................................................... 66 Figure 6: Governance mechanisms, IT portfolio and instances of drift for EduExcel's Athletics unit ...................................................................................................................... 78 Figure 7: Governance mechanisms, IT portfolio and instances of drift for EduExcel's Facilities Management unit ............................................................................................... 94 Figure 8: Governance mechanisms, IT portfolio and instances of drift for EduExceI's College of Agriculture ..................................................................................................... 101 Figure 9: Governance mechanisms, IT portfolio and instances of drift for EduExceI's College of Business ......................................................................................................... 121 Figure 10: Governance mechanisms, IT portfolio and instances of drift for EduSucceed's International Center ......................................................................................................... 142 Figure 11: Governance mechanisms, IT portfolio and instances of drift for EduSucceed's Athletics unit .................................................................................................................... 152 Figure 12: Governance mechanisms, IT portfolio and instances of drift for EduSucceed's Facilities Management unit ............................................................................................. 162 Figure 13: Governance mechanisms, IT portfolio and instances of drift for EduSucceed's College of Engineering .................................................................................................... 183 Figure 14: Governance mechanisms, IT portfolio and instances of drift for EduSucceed's College of Business ......................................................................................................... 210 X Figure 15: Figure 16: Figure 17: Figure 18: Figure 19: Figure 20: Figure 21: Figure 22: Figure 23: Comparative Timeline of IT Evolution at EduExcel and EduSucceed .......... 241 Drift Category 1- Making a Truce ................................................................. 248 Drift Category 2- Co-creating the Portfolio-in-Use ....................................... 251 Drift Category 3- Going it Alone ................................................................... 254 Impact of Materiality, Capital and Habitus on Type of Drift ........................ 265 Process Theory of Portfolio Drift ................................................................... 266 Evolution of IS Portfolios of EduExcel and EduSucceed .............................. 268 Governance Mechanisms in EduSucceed ...................................................... 271 Governance Mechanisms in EduExcel .......................................................... 272 xi CHAPTER 1: INTRODUCTION As more work processes are virtualized (Overby, 2008), IT has moved from being a functional tool to becoming embedded with how work is done (El Sawy, 2003). This evolution is reflected in the fact that IT expenditure now comprises more than 50% of many firms’ capital budgets (Weill and Ross, 2004), and is growing faster than other capital investments. At the organizational level, firms invest in information systems to meet their organizational imperatives, such as avoiding risk, enhancing their growth potential, attaining strategic flexibility (Bharadwaj, et al., 1999), or improving the control of work processes. For example, firms that are ‘defensive’ (Nolan and MacFarlan, 2005) may purchase systems that increase operational efficiencies, such as automated billing systems to reduce clerical preparation and error costs. On the other hand, firms that focus on product differentiation (an ‘offensive’ goal) may invest in customer relationship management systems, so that they can collect customer feedback and use it to make their products more attractive. Over time, a organization’s information systems (IS) portfolio, that is, its collection of IT assets, changes when new systems are installed or existing (‘legacy’) systems are retired. Portfolios change because of changes in the environment, such as competitive threats, new regulations, or resource shortages, or in technology (e. g. Liu, Sia & Wei, 2008), such as the shift from hierarchically-organized and centralized technology to networks, informational products and services, and the reduction of time and space constraints on human activity (Avison, Wood-Harper, Vidgen, & Wood, 1998). 1 Portfolios that are too stable hinder organizational adaptation, creating “stable systems drag” (Truex, Baskerville, & Klein, 1999). Portfolios could also change for micro-level reasons. Managers and/or users may find that the systems provided for carrying out their work do not meet their requirements. This could encourage them to search for and install applications that are a better fit for their tasks. Users may also decide to work around systems that are too cumbersome or burdensome. Such decisions are an aspect of ‘articulation work’ (Star & Strauss, 1999), when individuals adapt their actions to meet changed needs. Central IT departments are often not aware of these new systems or workarounds (Behrens, 2009), as they are usually decided on and supported locally. Organizationally, such changes to an organization’s officially-mandated IS portfolio have been argued to lead to higher-than-desired IT support costs, potential security risks, and data fragmentation (McAfee, 2004), as well as being knowledge- inefficient (Snook, 2000). On the other hand, they have also been seen as a necessary part of “process democratization” (Hill, Yates, Jones & Kogan, 2006), which holds that users should be able to make use of emerging technologies to support their work, and as resources for innovation (Behrens, 2009). This dissertation examines this phenomenon, which I term ‘portfolio drift’, and how organizations have responded to it. The concept of portfolio drift is based on Ciborra (2000) and Snook (2000), and refers to changes in IS portfolios that are locally-initiated and centrally-unintended. Drift is a result of the interaction between IT’s modifiable nature and its situated human use, and occurs through resistance, learning-by-doing, sabotage, coalition shifts, or serendipity (Ciborra, 2000). 2 Planned Change Unplanned Change Acquiring, implementing Acquiring, implementing and using and using new systems; centrally-unsanctioned systems; upgrading existing systems working around existing systems uture State of Current State , . Information of Information Systems Systems Portfolio Portfolio Managing Drift Using governance processes to balance the positive (innovation) and negative (costs, security, data fragmentation) consequences of drift Figure 1: IS Portfolio Drift ’ Expected Information fi Systems \ OK \ Planned Change Original Information . Unplanned Change . (Drift) ."Oooooo> Observed Information Systems Time Figure 2: Resultant Gap between Expected and Observed IS Portfolio While drift in has mainly been explored in the context of individual IS projects (e. g. Elbanna, 2007; Ignatiadis and Nandhakumar, 2007a), it can be fruitfully extended to examine the modifications of an IS portfolio. Portfolio drift represents the changes in an IS portfolio as centrally-unsanctioned systems are adopted, or existing systems are worked around (Figure 1)]. The end-result of drift is a gap between the expected IS portfolio and the portfolio-in-use (Figure 2), which may be either beneficial or detrimental to an organization, depending on its goals. Organizations that operate in high- reliability environments, such as utilities, would see the gap as being more of a risk than a resource for innovation, while the opposite perspective could be held by a marketing research firm. Organizations could also define the amount of drift they would allow or tolerate in their IS portfolios. While prior research has argued that IT adoption decisions are challenging because of their uncertain benefits and the substantial learning and adaptation costs (F ichman, 2004), these decisions become more complicated when portfolio drift occurs. There is additional uncertainty about two issues: will new IT investments be appropriately used or will they be worked around, and will the new IT investments duplicate the functions of ‘shadow’ applications managed by sub-units? Although studies on IS governance have identified mechanisms and structures to help organizations obtain greater value from their IT investments (e. g. Agarwal & Sarnbamurthy, 2002; Sarnbamurthy & Zmud, 1999; Schwarz & Hirschheim, 2003; Weill, 2004), a gap exists in terms of connecting these mechanisms with the micro-level actions of users and organizational sub-units. In particular, the focus on business-IT alignment at the ' This study focuses on the software components of an IS portfolio. Hardware is usually more embedded in work processes and thus, more difficult to work around. 4 organizational level does not take into account power differentials within organizations, the influence of history, and the symbolic role of IT. Moreover, the traditional agency theory perspective that underlies much of IS governance research becomes less appropriate when changes in technology (the advent of Web-based applications) and users (greater exposure to IT outside the workplace) are considered. Incorporating these issues in a study of IS governance will help clarify why business-IT alignment becomes a “long, torturous and fragile process” (Ciborra, 2002) when portfolios drift. This dissertation uses a practice lens (e. g. Bourdieu, 1977; de Certeau, 1984) to examine why drift occurs and how organizations manage the drift of their IS portfolios. Practice theory focuses on the everyday actions of individuals and how these actions shape, and are shaped by, the various types of resources available to individuals, which influence their power relationships. In their everyday lives, individuals (‘consumers’) manipulate and reinterpret products while adopting them for their own interests. In this way, they meet their needs while appearing conforrnist. Applying these concepts to studying portfolio drift highlights the situated, relational, and emergent nature of IT adoption and acceptance. In line with recent calls to examine the material properties of technology, “without reifying them (or) reducing them to the social” (Orlikowski & Yates, 2006), the study compares the salience, affordance, controllability, and symbolism of the ‘legitimate’ and ‘illegitimate’ components of an IS portfolio. The next two chapters put forward the theoretical framework for the dissertation, based on understanding prior research on IT adoption and resistance and IS governance through a practice theory lens. Chapter 4 presents the details of the case study method and the research sites. The next chapter presents vignettes of the ten case studies, 5 organized in terms of changes in their IT portfolio, episodes of drift, and the governance processes that took place. That is followed by a discussion of the findings. Finally, the dissertation concludes by discussing its theoretical contributions, limitations, managerial implications, and opportunities for further research. CHAPTER 2: CONCEPTUALIZING DRIFT This chapter's objective is to explicate the origin, parameters, and impacts of IS portfolio drift. It begins by revisiting the logic behind individual responses to organizational investments in information technology (IT). These reactions, which range from acceptance to a variety of forms of resistance to avoidance, affect the probability that these IT assets will be assimilated into organizations. In this study, portfolio drift occurrs when users use alternative systems or use the officially-mandated investments in a limited manner. From a theoretical perspective, portfolios drift because users possess the agency to respond in different ways when confronted with material artifacts that do not provide them the affordances they need. While the dominant perspective on IS governance claims that top-down control can be exerted on IS portfolios, the changing attributes of users and technology challenge such a claim. I conclude by discussing the practices organizations use to manage drift, arguing that whether drift should be supported or restricted depends on a range of contigencies. This dissertation asks: a) Why and how does portfolio drift occur? b) What are the implications of portfolio drift for IS governance? What is an IT Portfolio? The word “portfolio”, which originally meant a case for carrying papers or pictures, today refers to a collection of financial investments, the responsibilities held by a government minister, or a selection of an individual’s work used to evaluate his or her performance in some fieldz. Broadly, therefore, a portfolio consists of a collection of a variety of items, similar in certain attributes but fairly distinct in other ways. For example, in a portfolio of financial investments, bonds, stocks and other financial assets are aggregated on the basis of the volatility and magnitude of their return, so that their net combined return meets the requirements and budget of a particular investor. The different components of a financial portfolio are similar in that they are all financial assets that can be traded in markets. Thus, they can be compared in terms of their present value and the riskiness of their future predicted value. However, they are also different since they have different levels of tradability and risk. When extended to IT, the terms “IT portfolio” refers to an organization’s total investment in IT, including the human resources required to operate and support it (Weill & Broadbent, 1998). As above, such portfolios consist of a variety of components, each similar in that they are needed for some aspect of an organization’s operations and different in that they have different roles and capabilities. Some ways of categorizing these components are shown in Table 1 below. Study Categories of IT Number-crunching, Manufacturing, Business Bresnahan and Greenstein, 1996 Applications, Database, Systems Software, Communications/Networking Chatterj ee et al., 2001 Automate, Informate, Transform . Transactional, Informational, Strategic, Weill and Broadbent, 1998 Infrastructure Table I: Componena' of an IT Portfolio 2 http://www.merriam-webster.com/dictionary/portfolio, http://dictionary.oed.com/cgi/entry/50184557 (as at February 8 2010) 8 The choice of the type of IT to invest in depends on an organization’s objectives. Broadly, organizations can be classified into those that emphasize market responsiveness and new product development, and those focused on reliability and cost-effectiveness (Nolan & McFarlan, 2005; Whitworth, et a1. 2006). While most organizations would argue that they target both goals, there is usually a bias towards one or the other. For example, some retailers could sell cutting-edge designs, while others might be low-cost vendors. The same argument applies to utilities or defense technology firms: some could focus on developing creative solutions to their client’s problems, while others could focus on being low-cost and reliable. Organizations of the first type could be expected to invest in business intelligence applications to analyze demographic and sales trends, while the second type of organization would be more likely to purchase labor-replacement applications, such as RFID-based inventory management applications.3 Although the term “IT portfolio” is widely used by both IS academics and practitioners, in some key aspects, the portfolio metaphor does not transfer completely to an IT context (Ciborra, 2000). For example, while the individual components of a financial portfolio can be bought and sold fairly easily, the components of IT portfolios have high switching costs and are “sticky”, meaning that their value is often embedded in their use in a particular context (Shapiro & Varian 1999). A common transaction cost encountered in the IT adoption process is user resistance to the introduction of new technologies. Also, while the value of each component in a financial portfolio does not depend on the others, IT assets are often valuable to organizations because of their links 3 It is worth noting that an organization’s IT adoption choices are also influenced by its coordination costs (Dewan, Michael and Min, 1998), the level of slack resources it possesses (Kobelsky, Richardson & Zmud, 2002), its membership in professional associations (Swan & Newell, 1995), and the level of industry concentration (Melville, Gurbaxani & Kraemer, 2007). 9 to other assets in the portfolio (Ciborra, 2000). Finally, the ability of users to introduce new technologies implies that IT portfolios are more dynamic and reactive compared to financial portfolios, since there are at least two sources of change: management and users. Given that many actors are involved in the development of an organization’s IT infrastructure, and that its history makes many decisions path-dependent (Ciborra, 2000), it is unavoidable that IT portfolios will be more dynamic than they are commonly presumed to be, and that this dynamism originates from both ends of an organization’s hierarchy. Portfolio Drift A useful perspective for framing the evolution of frrrns’ IS portfolios is Ciborra’s (2000) concept of drift. He considered drift to be the deviation of IS systems from their planned purpose because of resistance, learning-by-doing, sabotage, coalition shifts, or serendipity. Even when management is focused on control, drift occurs because of environmental turbulence, implementation tactics, the power of the installed base, the difficulty of second-guessing final user behavior, and the complexity of new infrastructure (Ciborra & Hanseth, 2000). Examples of drift during enterprise systems implementation projects include changes in project objectives and configuration (Elbanna, 2007), and changes in power differentials within organizations (Ignatiadis & Nandhakumar, 2007a)4. The table below presents some additional characteristics of drift: it is purposeful but unplanned, based on human intervention, occurs while the technology is being used, 4 Appendix 1 lists recent IS studies that draw on Ciborra’s understanding of drift. 1 0 and is the opposite of control, i.e. it is emergent. A portfolio that drifts may end up being more successful as it has been allowed to adjust to suit different actors’ needs (Holmstrom & Stalder, 2001). The easier availability of substitutes and the multiple uses to which each technology can be put makes a portfolio fragile and ambiguous (Ciborra, 2000) Study Definition Plans developed by organizations to deal with crises and dangerous scenarios can be modified locally by those who Snook (2000) implement them, as they find ways to work around aspects of the plans that impede the fluid performance of their tasks Ciborra (2002) Process of matching between Situated human mterventrons of use and open technology Nandhakumar, Rossi, . . . and .1. alvinen (2003) Series of purposeful actions wrth un-planned outcomes Counter-concept of control; when organizations encounter Van F enema and van unexpected circumstances that highlight the incompleteness Baalen (2005) and possible failure of an initial technological design without organizations having feasible alternatives yet Table 2: Definitions of drift While drift has mainly been explored in the context of individual IS projects (Appendix 1), this study extends it to examine the modifications of an IS portfolio. Portfolio drifi‘ represents the unplanned changes in an IS portfolio as systems are purchased, adopted, resisted, or modified (Figure 3). I define portfolio drift as occurring when an organization’s IT portfolio is modified, either in terms of systems with different capabilities from the existing systems being used or existing systems being re- configureds. Specifically, IT portfolios can drift in at least three ways: 5 This study focuses on the software components of an IS portfolio. Hardware is usually more embedded in work processes and thus, more difficult to work around. 11 1) Changes in the systems making up a portfolio: the introduction of shadow systems6 - These systems are put in place when: a. existing systems lack certain capabilities, or b. users have experience with or learn about newer technologies, usually outside work 2) Avoiding the use of systems in a portfolio: the use of workarounds - Users work around a system when: a. it is a poor fit for their work tasks, b. they prioritize different objectives (e. g. convenience) than managers (e. g. control), c. they want to reassert control over their work 3) Stopping the use of systems in a portfolio: - Users will stop using a system when, in a non-mandatory use context, the systems provided for them to accomplish their tasks do not enable them to do so adequately. Thus, portfolio drift is the collective and longitudinal outcome of individual responses to information technology. The next section discusses the range of such responses that can be found in the literature, and the mechanisms by which they affect an organization’s portfolio. 6 Shadow systems are IT purchases that lie outside the formal IT procurement plan, and are thus unknown to and unapproved by an organization’s formal corporate IT department (McAfee, 2006). The use of shadow systems may lead to either positive or negative consequences- the different outcomes may materialize at different levels of an organization and at different points in time. 12 Expected Information . Systems Portfolio \ . . Unplanned Change 0 (Drift) 'o.......>f’ Figure 3: IS Porifolio Drift Why Portfolios Drift While organizations may invest in various types of IT, merely purchasing something does not guarantee its use. If IT is not used by its intended users, organizations find it difficult to obtain value from their IT investments (Devaraj & Kohli, 2003). Value is obtained when IT investments are used for accomplishing old and new tasks and for linking tasks together, i.e. the IT is infused into the organization (Saga & Zmud, 1994). This goal may not be achieved if the new IT system does not fit the tasks and processes it is meant to support. Poor fit may negatively affect performance (Bendoly & Cotteleer, 2008; Gattiker & Goodhue 2005), and is the result of misalignments between the institutional and 13 ontological structures of the IT application and the organization in which it is being implemented (Sia & Soh, 2007). Institutional misalignments, such as those imposed by industrial or national regulations, which lead to missing objects, states, or transformations are the most difficult to remedy, and usually require modifications in the software. On the other hand, misalignments due to organizational requirements which only affect presentation, access, input or output can be solved more easily by adapting the organization. Besides fit, users’ reaction to a new IT system is affected by other factors, including: a) Individual factors: the level of control or autonomy users have over their work and environments (Ahuja & Thatcher, 2005; Beaudry & Pinsonneault, 2005), their willingness to experiment (Boyce, 2001), the amount of resources available to them (Pollock, 2005), their perception of the event as a threat or opportunity (Beaudry & Pinsonneault, 2005), the confirmation or disconfirmation of their beliefs after using it (Jasperson, Carter & Zmud, 2005), the fit of the technology with their identity (Speier and Venkatesh, 2002), what and how fast they learn (Bendoly & Cotteleer, 2008; Boudreau & Robey, 2005), their personal experience with the technologies (Mao & Palvia, 2008), and how dissonant or consonant their use of the system is with their prevailing practices (V aast & Walsham, 2005); b) Peer group factors: the social influence of their peers, especially if users perceive that the new IT system poses a threat to their status or power relative to other groups (Eriksson-Zetterquist et a1 2009; Jeyaraj and Sabherwal, 2008; Lapointe & Rivard, l4 2005; Walter & Lopez, 2008), or if they are inclined to imitate their social peers (Isaac, Leclercq & Besseyre Des Horts, 2006); c) Organizational factors: whether there was a mandate to adopt the new IT system (Jeyaraj and Sabherwal, 2008), the norms pertaining to new technology (Standing, Sims & Love, 2009), explicit support for change (Kim & Kankanhalli, 2009), the level of control exerted on employees, and the flexibility of processes; (1) System factors: the malleability of the new IT system (Kallinikos, 2002; Orlikowski, 2000; Pollock, 2005), its customizability and the legitimacy of its introducers (Kohli & Kettinger, 2004), its ease of circumvention (Bendoly & Cotteleer, 2008), the costs and benefits of switching to it and its perceived value (Kim & Kankanhalli, 2009). Thus, even if an organization invests in an IT portfolio, users may not be willing to use the systems in the portfolio for a variety of reasons. However, most IT management studies (e.g. Sarnbamurthy & Zmud, 2000; Schwarz and Hirschheim 2003) limit users’ scope for action while privileging managers’ intentions. According to this top-down, managerially-oriented perspective, organizations adopt a new IT system when managers decide to invest in it, and users are restricted to specifying their requirements, testing the system, and using it. This top-down view of the introduction of IT in organizations contrasts with Ciborra’s (2000) argument that IT adoption processes are characterized by bricolage, and that business-IT alignment is difficult, if not impossible, to attain because of the improvisations and unexpected outcomes encountered. This is because the managerially-oriented perspective does not consider the agency of users (Emirbayer and Mische 1998) in affecting organizational IT portfolios. 15 Because of their agency, users’ responses to new technologies range from positive resistance, full compliance (acquiescence), neutral, apathy, negative resistance (passive, active or aggressive), to avoidance (Ferneley & Sobreprez, 2006; Lapointe & Rivard, 2005; Standing, Sims & Love, 2009). A key way in which resistance is manifested is in workarounds. Workarounds have been recognized as being an important aspect of the use of information systems (cf. Gasser, 1986; Koopman & Hoffman, 2003). They are seen as the result of articulation work and are “necessary to meet local resource constraints, deadlines, configuration limitations, or a mix of technical capacities” (p. 266: Gerson & Star, 1986). Whether or not a misfit of an IT system with the procedure it is meant to support leads to a workaround, and the extent of the workaround, depends on the combination of the factors discussed above. Study Definitions of workarounds Users altering input data or procedures to compensate for system shortcomings, Gasser, 1986 or using backup systems Result of articulation work; “. .. misfits with the idealized representations of work that requirements have represented” “. .. necessary to meet local resource constraints, deadlines, configuration limitations, or a mix of technical capacities” “. . . often invisible when the end product of development is examined, nor do they necessarily appear in the documentation of the system.” Gerson & Star, 1986 “... typically find multiple workarounds which are themselves potentially in conflict. . .” “. .. no way of guaranteeing that two workarounds, each adequate in its local context, will not recursively prove to be incompatible in a larger context.” (p. 266-7) “. .. workarounds solve the due process problem only locally and temporarily” (p. 267) (In ERP) Provide the needed functionality without touching the ERP scripts Soh, Sia & Tay-Yap, 0 Manual (“by hand” rather than using IT) 2000 - ERP alternative (finding an alternative way to perform the function with the package) Table 3: Definitions and Examples of I T -based Workarounds 16 Koopman & Hoffman, 2003 Table 3 (cont ’d) a) A procedural change in computer system use intended to compensate for a design flaw, typically a software behavior that is perceived to be a flaw b) A procedural change to using a computer system intended to compensate for a hardware or component failure c) A new procedure that uses a computer system in a way not originally envisioned to accomplish a task d) A procedural deviation to circumvent an intentionally designed-in limit or constraint on computer system operation Boudreau & Robey, 2005 Reinvention: Work-around system constraints (work processes rigidly embedded in the software design) in unintended ways; outcome of improvised learning Pollock, 2005 “. .. represent resistance on behalf of users and the means by which they attempt to wrest control from a technology or an institution.” (p. 497) Today, the blurring of the roles of users and designers means that we have to consider how their existing networks constrain or support (legitimize) attempts to work-around. Femeley & Sobreperer, 2006 3 types of workarounds: o Hindrance: To circumvent system procedures or processes seen to be too time-consuming, onerous or difficult , o Harmless: Does not significantly affect workflow or the accuracy of captured data 0 Essential: Essential to complete the task at hand Azad & King, 2008 6‘ a means to decouple day-to—day practices of system usage from the intended system design” (p3) Bendoly & Cotteleer, 2008 Circumventing protocols regarding: sequence of activities, permissible activities, data formatting, and source of information 0V0 specific definition) Examples of workarounds Kraut, Dumais & Koch, 1989 Users logged on twice to perform two tasks simultaneously and create a secret note-passing system within the IS; Helped maintain work-rate and social ties Dery et al, 2006 Managers circumvented: o the new procurement system by using corporate credit cards; 0 the requirement to use e-recruitment in the new HR system by hiring via the national recruitment center 0 the use of SAP to obtain financial figures since the monthly figures were sent to them in hard copy Workarounds have been defined in a variety of ways (Table 3), with the essential aspect being the circumvention of a mandated procedure to achieve one’s goal. They are 17 situated practices that rely upon the interpretive flexibility of work rules and are negotiated by social actors (Azad & King, 2008). They are an example of locally-driven but centrally-unintended adaptations of an organization’s IS portfolio, or what I call ‘portfolio drift ’. Users affect IS portfolios in at least three different ways: a) b) 6') They aflect the adoption rate of technologies: Even in situations of mandated use, users have been able to find workarounds for what they view as the technology’s constraints (Bourdeau & Robey, 2005). Users could also limit their adoption as an attempt to reassert control over their work. This could be in retaliation to management’s emphasis on using IT to control how work is done, which reduces the scope for personal creativity and makes workers more dispensable and interchangeable (Braverrnan, 1974). Finally, users may find the technologies better suited for achieving corporate-level objectives, such as uniformity and standardization, than the aims of their business units, such as experimentation and customization (Gallagher & Worrell, 2008). They can introduce new technologies as substitutes for the current ones: Their dissatisfaction with the existing technology could be due to changes in work practices or organizational control mechanisms brought on by the use of those technologies (Wagner & Newell, 2006). For example, the introduction of a collaborative technology could be used by some institutional groups to assert their dominance over other groups (Hayes, 2008). They can introduce new technologies to complement the current ones: 18 - Organizations are increasingly adopting new technologies after they have been used by individual innovators among their staff. Examples include devices, such as USB thumb/pen drives and personal digital assistants (PDAs) (e. g. the Palm, the BlackBerry and the iPhone) and communication applications, such as online chat and voice-over-intemet-protocol (V OIP). Most of these innovations begin as individual productivity enhancers, and were adopted by organizations after users had some experience of working with the IT systems provided to them. They are examples of the evolution of an IT portfolio from the bottom up, propelled not by managerial mandate but individual choice and technological improvements. Understanding these processes would help remove the sense of ‘dewc et machina’ often found in studies of IT adoption. Rather than assuming that the new technology was inserted into an organizational context by some neutral or uncaring source, it makes more sense to view the adoption of new technologies as being motivated by some underlying discomfort with the existing range of technologies, an urge to enhance one’s work effectiveness by using more advanced tools, or, even perhaps, an inclination to reduce the burden of one’s tasks in some manner. The introduction of new IT or the modification of existing IT by users points to an important change in the roles of users in the domain of IT management. Traditionally, IT management literature has limited users’ roles to testing new systems and providing requirements to systems analysts and designers. However, there has been a shift recently. Instead of studying discrete applications or technologies, researchers are more interested in complex environments that enable organizations to mobilize information and its sharing (Lytinnen & Yoo, 2002). Macro-level phenomena, which used to be considered 19 to be initiated and driven by the senior management of the business and IT departments, are now understood to be created and recreated through the micro-level actions of firm members (Orlikowski, 2002; Schultze & Orlikowski, 2004). This is consistent with Lamb and Kling’s (2003) critique that most IS research relied on a “thinly socialized concept” of the user. In its place, they called for researchers to view users as social actors, since they are influenced by their environments, affiliations, interactions and identities. Users exchange information over networks and across time, and the boundaries around them are fuzzy, as they are ensconced in a network of relationships and environments. Allowing users a greater role in IT management shifts IS research away from determinism toward voluntarism, emphasizing the agency of users (Leonardi & Barley, 2008). While the dominant assumptions about users’ roles and attributes may have been reasonable when modern IS research began four decades ago, they are less so today. Instead of having limited exposure to IT and little knowledge of it, users today live in environments where IT is pervasive, both inside and outside their workplaces, and they use IT almost as much as home as they do at work. They are thus more knowledgeable about and familiar with IT. This has two distinct effects. First, it is more likely that users today will be able to introduce new technologies into their work environments to complement or substitute what they have provided. Examples of this would be the use of online chat to communicate with their dispersed colleagues or to share files with them. Second, users start expecting their work applications to be similar to those which they use outside work, in terms of their features or attributes. They could expect more 20 collaborative features from their work applications, or user interfaces that can be easily reconfigured. Thus, the experiences and abilities of individual users, which change over time, interact with the capabilities of IT systems, both those that are officially-mandated as well as those that are not, to produce an IS portfolio-in—use, which incorporates user- initiated workarounds and shadow systems. As workarounds are repeated over time, they can become institutionalized (Azad & King, 2009) and difficult to remove from an organization’s work processes. Thus, when users work around IT systems which are designed to support their work, the aggregate impact of their individual actions is a shift in the IS portfolio of their organization. How Portfolio Drift Occurs Practice Theory Research in sociology and information systems has used the idea of structuration to examine how individual agents interact with social structures and their reciprocal effects on each other (e.g. DeSanctis & Poole, 1994; Giddens, 1984; Orlikowski, 1992). This interaction reflects, sustains and reproduces society’s norms, values and knowledge (Foucault, 1973) and orders the social world (Bourdieu, 1972). One perspective for studying such interaction practices is practice theory (Bourdieu, 1977; de Certeau, 1984). It focuses on uncovering the logic behind these daily practices to find out how social structures are created and recreated. 21 This is a useful lens for this study, since it examines the collective and mutual impact of individual actions (in this case, workarounds) on organizations. Practice theory examines how micro-level social interactions have macro-level consequences, in terms of the emergence and development of socio-structural properties (Bourdieu, 1977; de Certeau, 1984; Foucault, 1980; Giddens, 1984). The objectivity-subj ectivity divide in the social sciences is bridged by the understanding that agents are autonomous enough to transform social structures, while simultaneously being sufficiently conditioned to reproduce and incorporate them into their lived practice (Bourdieu, 1977). Agents are thus not automata, but interpreters of practices whose reflexivity frees them from mindlessly reproducing their initial conditions (Giddens, 1984). The dynamic relations between agents and their world are produced and reproduced during everyday practice. This practice is guided and enabled by social ‘fields’ (Bourdieu, 1990), which emerge through human activity. As agents interact in these fields, they produce different kinds of capital (economic, cultural, social, and symbolic), and differential access to these creates a basis for power. From the practice point of view, IT use is an emergent, dynamic, situated practice, and leads to a variety of ‘technologies-in—use”, since IT is used in many contexts and for many purposes (Orlikowski, 2000). Researchers in the field of information systems have used practice theory to study a variety of phenomena (Appendix 2). These include IT use (Orlikowski, 2000; Vaast & Walsham, 2005), knowing (Orlikowski, 2002), knowledge sharing (Carlile 2004), electronic relationships (Schultze & Orlikowski, 2004), organizational change (Boudreau & Robey, 2005), boundary-spanning (Levina & Vaast, 2005), and boundary creation and renegotiation (Levina & Vaast, 2008). These studies 22 explicate the main dimensions of practice. First, practice is emergent, situated, and recurrent (Orlikowski, 2002; Vaast & Walsham, 2005). Emergent and recurrent indicate that agents’ repeated actions enact structures, and that changes in practice require changes in agent’s actions. Situated implies that changes in the situation of agents lead to adaptations in practice, which may further modify the situation. Second, practice takes place in a community (Orlikowski, 2002). Agents in different communities act in specific ways, since practice is a shared understanding. As individual agents change, changes in practice emerge collectively but without coordination. Third, practice involves the intertwining of practices, practitioners, and praxis (Orlikowski, 2002). Practitioners are those who do the work of developing and executing strategies, praxis is the actual activity they are engaged in, and practices are what practitioners draw on in their praxis, such as operating procedures, industry practices and societal norms (Whittington, 2006). Materiality Underlying the structuration perspective in IS research is a view of IT as an ensemble (Orlikowski & Iacono, 2001; Orlikowski & Scott, 2008), where the focus is on the dynamic interactions between people and technology, the appropriation of the structures embedded in the technology, and the consequences of using a specific technology. In addition to the structures embedded in the technology, the material properties of the artifacts themselves have an impact on how they are used and their impacts. Thus, studying IT practices encourages us to take the materiality of IT artifacts into account (Orlikowski & Yates, 2006). Materiality refers to the impact of the physical attributes of technology on how it is used (Leonardi & Barley, 2008) — in other words, 23 what types of use does the technology favor, shape, invite, or constrain (Zammuto et a1, 2007)? Recent studies have sought to further refine this understanding. While an artifact’s material properties do not determine its use, neither is an emergent perspective, where people’s actions are the result of ongoing interpretation and interaction, solely sufficient for understanding the impact of technology on organizations (Orlikowski, 2010). The latter has been criticized for privileging the design of artifacts over their use (Wajcman, 2000), and human agency over technological capabilities (Berg, 1997). The sociomateriality argument posits that the social and technical aspects are entangled, not ontologically separate (Orlikowski, 2010). Following on from actor-network theory (ANT) (Latour, 1987; Callon, 1986), it argues that capacities for action are dynamically created (Orlikowski, 2010). For example, the focus would not be on how collaborative practices are supported by IT, but on how integrating IT into the act of collaboration reconfigures it, and what this implies for control and responsibility. In this way, researchers can examine the interaction between materiality and voluntarism without privileging either human agency or technological materiality (Leonardi & Barley, 2008). Portfolios-in-Use IT portfolios are collections of various technologies, each with their own attributes and affordances. Individuals interact with them in the course of their work, simultaneously learning about them and appropriating different features as required by their tasks. Individuals also introduce into this interaction knowledge, skills and experiences derived from using other technologies both within and without their work 24 environments. As they go about accomplishing their tasks, individuals decide what specific IT to use based on the fit of the tools, the ease of using them, organizational norms, and other factors. This may cause the enacted portfolio (the portfolio-in-use) to diverge from the intended portfolio. From a sociomateriality perspective, a key issue is: how do the attributes of the technologies and users influence the make—up of the IS portfolio? Another way of phrasing this question is: since portfolios are heterogeneous networks of actants (Law, 1992; Latour, 1996), how do they evolve over time? Sociomateriality researchers usually examine situations where users interact with technologies. For example, Leonardi (2007) studied how the appropriation of features of a new IS system by technicians affected an organization’s informal advice network. However, this leaves out a key role in technology use decisions: decision-makers. Churchman (1971) discussed how technology use is the result of an interaction between designers, users and decision-makers]: - designers determine the features and capabilities of the technology, - users decide which features to appropriate and how faithfully their use should be to the designer’s intentions, and - decision-makers have the authority to influence, among other things, whether the technology should be built and whether its use should be mandated. Churchman’s perspective is in keeping with practice theory, which, in addition to examining the production and reproduction of social structures, focuses on the role of capital and the power relationships it leads to between the various parties. The emphasis 7 This is in contrast to Simon (1969), who examined the interaction between users, designers and artifacts. 25 on a singular party in sociomateriality research can be seen in Leonardi & Barley’s (2008) call for studies at the intersection of materiality (physical contexts affect human actions) and voluntarism (humans have agency). It is important to ask: which parties have agency, and whose goals are being targeted? This is worth knowing as it affects the technologies that will be available to users. If an organization’s IS development process privileges the interests of its senior management or central units, it is possible that the IT system that is the outcome of this process will not meet the needs of users and managers in the sub-units. This could also go in the opposite direction: systems could meet users’ needs (e. g. flexibility for dealing with non-routine inputs) while making it difficult for central systems to monitor their sub-units. If an existing IT application is used differently from how it was intended to be, it is possible some task in another part of the organization may not be able to be done. This may make it difficult to use IT to coordinate work across an organization, because of differences in goals among employees. Differences in goals are inevitable because of specialization (Dougherty, 1992), and they manifest themselves in the affordances provided to employees by the different applications (Leonardi & Barley, 2008). The evolution of an IS portfolio is thus dependent on the appropriation and re- creation of social and technological structures, the material properties of the technologies, and the balance of power between users and their managers. The difference between intended and unintended evolution is a measure of the drift of the portfolio, although the embedded nature of IT may make it difficult to identify whether and how much drift has occurred. 26 Consequences of Portfolio Drift IT managers face this choice: do they forego their portfolios’ stability and adopt new IT innovations, or do they minimize changes so that their systems remain stable and easy to support? Those who choose the latter are driven by the realization that portfolio drift leads to portfolio fragmentation (the proliferation of redundant systems), wasted resources (the effort spent searching for shadow systems and developing workarounds, and the paid-for but unused official systems), and a misalignment between business and IS strategies. While managers are aware of the need to innovate to thrive, managing the process of adopting new systems to realize business value can be difficult (Fichman, 2004). Controlling portfolio drift is a ‘wicked problem’ (Rittel & Weber, 1973), replete with incomplete and changing requirements, and difficult to resolve because of contextual interdependencies. The upshot is that IT managers may find it difficult to provide the IT-enabled capabilities required by their organization. In such contexts, alignment could become a “long, torturous and fragile process” (Ciborra, 2002). Alternatively, IT managers who are more open to drift could see performance improvements, because of operational innovations and employees who are more satisfied with the tools they use for their work. For example, Hill et a1 (2006) argue that users will be more productive if they are able to select and integrate IT services as their needs evolve, especially if they are involved in artful, as opposed to industrialized, processes, which are less formalized and dependent on the people carrying them out. From the exploration/exploitation perspective, drift is closer to exploration, and could be an avenue for choosing mechanisms to achieve long-term reliability in the face of environmental 27 perturbation, as opposed to short-term stability, which is focused on static efficiency (F arjoun, 2010). Limiting drift is consistent with exploitation as an organization’s strategy. Current research suggests that how drift is perceived and what its impact is on organizations depends on factors such as whether innovation is driven primarily by management or employees, the proportion of knowledge work taking place, the dynamism of the environment the organization is operating in, and the IT skills of users. Chapter 8 discusses these practical and managerial issues in more detail. 28 Appendix 1: Studies that have used Ciborra’s concept of drift Study Focus Description/Findings o Examines notions of ‘success’ and ‘failure’, and lists of ‘critical success- or failure factors’ 0 Implementation is a process of mutual transformation of organization and technology Ber 2001 Myths that hamper 0 Only gets off the ground when supported by g, implementation processes central management and future users 0 Management of implementation = balancing between initiating organizational change, and drawing upon IS as a change agent, without pre-specifying or controlling it Increase in organizational, 0 Difficulty of establishing electronic patient institutional, political and record systems (EPRs) because EPRs often Ellingsen & technological complexity conceived as the central, all-encompassing Monteiro, 2001 affects IT implementation source of information, neglecting the -) their impact is patchwork-like character of information underestimated sources 0 Consider technology innovation in relation to Principles to be followed some-organizational change . . . . . o Consrder not only the local organizational, but during IS rrnplementatron I . l d . . l . Avgerou, 2001 processes Case study of a so the natrona an rntematrona context, . .’ . o Consrder both the technical/rational decrsrons organizational reform in . . . . . Cyprus and actions involved in the mnovatron process and the cultural, socral and cognitive forces of such a process 0 ERP systems are open, pasted-up, uncontrollable expanding infrastructures; Hanseth, Ciborra & Need for new meanings in 0 Strategic alignment flounders in never-ending Braa, 2001 ERP implementations tactics andcompromrses,‘ 0 Globalization generates srde effects 0 ERPs accelerate organizational drift and nmaway o Contradictions in systems developer’s role vis- a-vis end-users and system sponsors; their Howcroft and Explore the paradoxes of needs are incompatible Wilson, 2003 participatory practices 0 Paradoxes: rhetoric of empowerment, rhetoric of involvement, exclusion of dissent, illusions of compatibility, and outcome of participation Nandhakumar, grocess 0f change enacted 0 process of technology-related change is a form . . tiring enterpnse resource , . , . . . Rossr, and Talvmen, . of a drift rnvolvmg a series of purposeful planning (ERP) . . 2003 . . actions wrth un-planned outcomes implementation Table 4: Studies citing Ciborra ’s concept of drift 29 Table 4 (cont ’d) 0 Integration - unending process; produced concurrently, episodically 0 Control cannot be studied apart from technology and context because one will never Integration of management get to understand the underlying 3?:33:nag%05 and control through ERP ‘infrastructure’ ’ systems 0 control in an ERP-environment is not property of accounting function 0 control - a collective affair; local control issues in different parts of the organization are used to create notions of global management . . o Developed theoretical framework for studying Georgiadou, Purl StifiallnDEiznllrifil’tgfftiizfifies SDls based on three key concepts: the and Sahay, 2005 p installed base, reflexive standardization, and (SDIs) . . . cultivation approach to desrgn o Extends drift argument fi'om focusing on Improvisation that took technology only to include organizational acts . of improvrsatron, brrcolage and drift Elbanna, 2006 place during an ERP Dr'ft tak 1 'th . 'd implementation 0 r can . e p ace even wr rrgr technologies like ERP, not just open-ended technologies 0 Power differentials within organizations Ignatiadis & Unintended implications of fgaqeggggggign enterprise systems Nandhakumar, control configuration in an In p d l _ h' . 'd' 2007a enterprise system 0 crease contro — rgh er rrgr rty o ant = decreased control 0 Enables organizational resilience Ignatiadis & Enterpnse systems . 0 Control and drift arising from use of an enablement or constraint of . Nandhakumar, mana ers’ and users’ enterprise system are outcomes of processes of 2007b . g embedding and disembedding human actions actions 0 Traditional diffusion models assume projects Changes in project either accepted or rejected by adopters Elbann 2007a objectives and configuration 0 ANT-based drift model of diffusion a, during an ERP o Fate of software implementations depends on implementation moves made- each move could be either positive or negative 0 Organizational othering: labeling, stereotyping Social integration as and categorization of some groups in an complement to technical organization Elbanna, 2007b and operational integration 0 This conflicts with ERP’s assumption of a during an ERP smooth organizational social fabric implementation 0 Othering can also be inscribed into the ERP system, leading to costly configuration 30 Table 4 (cont’d) o Unstable and complex nature of such systems Hyvonen Jarvinen Creation of management 0 Use of metaphors inthe political process that and Pellin en 2008’ control system in accounting information systems pass through ’ multinational enterprise to become established as an enterprise-wide management tool Introduction of collaborative technology 0 in addition to looking at the socio-economic Hayes 2008 used by some institutional context, institutional change needs to be ’ groups to assert their understood by examining the fme-grained dominance over other practices undertaken by staff groups 0 Control and drift elements interacted and their Tjomehoj and Adoption of software dominance shifted as process unfolded process improvement tools 0 Control and drift not opposites, but Mathiassen, 2008 complementary, part of dialectic 31 CHAPTER 3: GOVERNANCE AS THE MANAGEMENT OF PORTFOLIO DRIFT How should IS portfolios be managed given that they tend to drift? Since the consequences of drift and the way it is perceived vary across organizations, this section discusses two alternative ways of framing the management of IS portfolios. First, the dominant perspective on IS governance revolves around control, which is based on organizational theory and agency theory (Eisenhardt, 1985). The control literature proposes that risks are managed by putting in place a structure of incentives and monitoring. The assumptions underlying this rational decision-making perspective include: a) known relationships between inputs and outputs, b) well-specified and unchanging output measures, c) a monotonic relationship between outcomes and the level of control, d) the organization’s ability to foresee the consequences of the controls adopted, and e) the stability of the controller’s and controllees’ goals over time. This traditional perspective lends itself best to regular, formal checks (such as audits), and, by focusing on restricting the format and amount of inputs and outputs, it foregrounds stability. Alternatively, IS governance can be seen as a dynamic process. This is based on the understanding that managers and users may not have the same goals, because of their competing interests, leading both parties to modify the portfolio following a logic of opposition (Robey & Boudreau, 1999). Their aim is for the portfolio to ‘settle’ at a 32 position which maximizes on the dimensions (i.e. the goals) that are the most pertinent to them. This dynamism is also driven by the impact of the material characteristics of the IT being governed on the governance process. Different types and levels of affordances influence the ease with which technologies can be governed and adopted. The path taken by the portfolio when it is being modified by users and decision-makers is drift. Managers curtail drift (so as to prevent its negative consequences) or encourage it (if they believe it benefits their organization) via IS governance processes. These two perspectives on IS governance can be distinguished in terms of Van de Ven and Poole’s (I995) mechanisms of change. The traditional perspective is based on a teleological worldview, in which an organization purposefully adapts towards a desired end-state. The alternative perspective is based on a dialectic worldview, in which power is distributed across the multiple agents involved in the activity, and shifts in the balance of power lead to changes in the status quo. In essence, acknowledging the diversity of actants in an IS portfolio highlights that the process of enacting IS governance brings up issues of conflict and confrontation. This distinction is useful as it is closer to the reality of IS decision-making, which is characterized by bounded rationality, competing objectives, and sequential phases (Boonstra, 2003). The next sections review and critique the existing literature on IS governance. The chapter concludes with the elucidation of an alternative perspective on IS governance, based on practice theory. 33 Prior Research on IS Governance With information systems becoming more integrated and heterogeneous, and as access to them is provided to more organizational members, the risks associated with them have increased (Markus, 2000). This risk is aggravated by the uncertain benefits and irreversible costs of IT adoption decisions (Fichman, 2004). The increased susceptibility to risk and possibility of significant negative performance impacts has prompted IS researchers and practitioners to ask: How do businesses ensure that their IT investments are aligned with or support their strategies? What mechanisms can organizations use to obtain greater value from their IT investments? How should IT investments be managed to ensure that they are flexible enough to allow organizations to explore future opportunities, but also stable enough to keep current operations running smoothly? These questions have been the domain of IS governance (e. g. Agarwal & Sarnbamurthy, 2002; Fonstad & Robertson, 2006). IS governance, broadly defined as the IT-relevant decision-making structure in organizations, is significantly positively correlated with firm performance (Weill, 2004), and affects the returns firms receive from their IT investments (Gu, Xue, and Ray, 2008). Poor governance can result in financial, operational and strategic impairment (Kearns & Sabherwal, 2006-7). Table 4 lists the definitions of IS governance from a range of studies. The common theme is the focus on IT-specific decision-making to achieve organizational goals, which privileges the managerial, functionally-rational perspective on IT management. Studies of IS governance have discussed a variety of structures organizations can use to manage their IT resources, based on different ways of allocating 34 decision rights across multiple organizational levels and between the IT and business departments (e. g. Warkentin & Johnson, 2006; Weill & Broadbent, 2002). Study Definition 1 Sarnbamurthy & “locus of enterprise decision-making authority for core IT Zmud, 1999 activities” (p. 105); IT-related authority pattern Three models for organizing the IT function to boost Agarwal & . . . . 2 busmess mnovatlon. partner model, platform model, Sarnbamurthy, 2002 scalable model IT-related structures, architectures, and associated 3 Schwarz & authority patterns implemented to accomplish IT activities Hirschheim, 2003 in response to an enterprise’s environmental and strategic imperatives 4 Weill, 2004 Specifying the framework for decision rights and accountabilities to encourage desirable behavior in the use of IT 5 Peterson, 2004 a) The distribution of IT decision-making rights and responsibilities among stakeholders, and b) the procedures and mechanisms for making and monitoring strategic decisions regarding IT van Grembergen, Organizational capacity exercised by management to 6 de Haes, & control the formulation and implementation of IT strategy Guldentops, 2004 and thus ensure the fusion of business and IT Structure of relationships and processes to control the 7 IT Governance enterprise in order to achieve the enterprise’s goals by Institute, 2003 adding value while balancing risk versus return over IT and its processes 8 Yu & Wu, 2008 Process, structural and relational governance (i.e. behavior control mechanisms, decision-making structures, communication processes) Table 5: Definitions of IS governance A common theme in this field has been the debate between centralization and decentralization (e. g. DeSanctis & Jackson, 1994), since each option has different 35 benefits and drawbacks in terms of responsiveness and standardization. The diffusion of outsourcing has expanded the domain of IS governance. The creation of a platform for supporting organizational activities has been suggested as the key objective (Sarnbamurthy & Zmud, 2000; Agarwal and Sarnbamurthy, 2002; Schwarz & Hirschheim, 2003), through the use of relational and integration mechanisms to link IT use and management. One example is the use of horizontal governance mechanisms to facilitate cross—unit collaboration (Brown, 1999). Another stream of governance research has examined the contingencies that influence the governance structures chosen (Brown & Grant, 2005). These include the corporate governance mode, economies of scope and absorptive capacity (Sarnbamurthy & Zmud, 1999), firm culture and vision (Brown & Magill, 1994), the role of the board of directors (Nolan & McFarlan, 2005; Huff et al, 2005), and the level of globalization, which has made it important to balance local responsiveness and achieving economies of scale (Weill, Soh & Sia, 2007). Recently, some research (e. g. De Haes & Van Grembergen, 2008; Debreceny. 2006; Guldentops, Grembergen, & De Haes, 2002; Liu & Ridley 2005; Nicho & Cusack, 2007) has been canied out on the use of externally-developed and rigorously-codified fi'ameworks for IS governance, such as COBIT (Control Objectives for IT) and ITIL (IT Infrastructure Library). These are auditable lists of requirements that organizations are recommended to adopt, so that their IT systems remain usable and useful, as well as aligned with their business”. The use of these frameworks increased as concern grew in 3 Some, such as ITIL, focus on the day-to-day operational aspects of providing IT services, so as to enhance their quality. They cover procedures such as providing a help-desk, rolling out software updates and managing IT security. Others, such as COBIT, take a different approach. Developed by auditing 36 the early 20003 over the lack of internal controls in publicly-traded firms in the US. This anxiety led to the passage in the United States of the Public Company Accounting Reform and Investor Protection Act of 20029, whose Section 404 requires public firms to evaluate and report the viability of their system of internal controls in their regulatory submissions. The Act’s emphasis on enhancing internal control spurred the use of COBIT and other similar frameworks to enhance the overall level of control of work processes, especially those related to financial and accounting information. Challenges with IS Governance Literature IS governance was suggested earlier as a means of managing drift. This section examines the applicability of the prior literature to this issue. It is divided into two parts: i) the theorizing of the IS governance concept, and ii) its underlying assumptions. The Concept of ‘IS Governance’ Three comments are worth making in terms of its theorization. First, IS governance research has largely focused on the different mechanisms and structures available. Since an IS portfolio emerges over time as managers and users compete to decide which goals it should support, an opportunity exists in terms of research on the process of governance and changes in the IS portfolio being governed. Unlike variance theories, which focus on how antecedent factors give rise to particular conditions, process theories discuss the sequences of events that take place within the context of those factors (Markus & Robey, 1988). The absence of process professionals, these guidelines emphasize balancing the risks and returns of IT use by putting in place a set of internal controls. 9 The Act is commonly known as “SOX”, after its legislative sponsors, Senator Paul Sarbanes and Representative Michael Oxley. 37 research gives rise to three gaps in our understanding of IS governance: a) how do the competing interests of users and managers interact over time to make up a narrative of organizational IS governance (Robey & Boudreau, 1999); b) how do changes by users at the level of individual systems impact changes at the level of the portfolio; and c) is the IS governance process teleological (i.e. the portfolio progresses toward a clearly specified end-state) or dialectic (i.e. the portfolio a compromise based on the demands of groups in conflict with each other) (Van de Ven & Poole, 1995)? F leshing out a process theory of IS governance is useful because it will answer these three questions. The second comment on prior IS governance literature is that there have been few attempts to organize the various components of IS governance and allied concepts, such as IS planning, adoption, assimilation, and project control, into a coherent theoretical framework (cf. Bacharach, 1989). Doing so will provide: a) theoretical benefits: expanding IS govemance’s nomological network will improve our understanding of the antecedents and consequences of different governance practices, and b) practical value: IS govemance’s ability to enhance the business value of IT investments will be clarified. Third, similar to scientific management’s impact on work (Braverman, 1974), the use of formal IS governance frameworks has reified IS governance. Although listing and classifying governance processes into a fixed structure helps IT managers in the management of their IT assets, the disadvantage is that this approach excludes governance based on personal relationships. Thus, while governance encompasses both control and collaboration (Sundararnurthy and Lewis 2003), in practice, it is often inclined towards the former, not the latter, when applied to IT assets. Formal governance relies more on monitoring and hierarchies and less on empowerment and peer support. 38 Emphasizing formal governance practices limits the possibility that informal control of some sort, such as clan control (Ouchi, 1979), could be part of IS governance. This is contrary to the contention that informal or implicit control systems, based on shared norms, can be more effective for achieving coordination than control systems that depend on explicit rules and regulations (Denison and Mishra, 1995). These informal systems are based on the quality of personal relationships, which have been found to improve compliance with Section 404 of SOX, as they enabled CIOs to use the appropriate tactics when working with other managers to implement IT controls (Braganza and Franken, 2007). The importance of informal governance rises when we consider that employees today have more leeway to decide on the systems they use when engaging in their work tasks. Instead of relying on strict controls to enforce the use of official systems, well—developed personal relationships may be more effective at preventing workarounds or the use of shadow systems. Although informal governance is said to be unrepeatable and ad-hoc (Boh & Yellin, 2006-7), its value lies more in the shared understandings it creates in the working environment than in any explicitly- defined processes. Assumptions in the IS Governance Literature The next part of this section analyzes the assumptions made in the IS governance literature. First, managers use IS governance to achieve business-IT alignment, i.e. the harmonization of IT and business strategies. Thus, IS governance is assumed to be functional or instrumental: it has a positive effect on an organization’s IT portfolio, by ensuring that the organization is using the right systems and using them well, and IT- 39 specific risks have been mitigated. However, business-IT alignment may not result even when an IT portfolio is governed ‘appropriately’ (Ciborra, 2000). On the business side, managers may be muddling through uncertain environments, and have no clear strategy for the IT portfolio to be aligned with. In terms of the technology, the effects of improvisation by the various stakeholders, political battles, and path dependency may mean that the final portfolio may be an unexpected outcome. In contrast to formal and controlled IS governance, business-IT alignment may be comprised of user-driven unplanned activities that make work processes less onerous. Thus, IS govemance’s ability to achieve the very goal it is designed for may be inherently in doubt. A second assumption of the IS governance literature is that the IS portfolio can be controlled by management. However, the stickiness of the installed base of IT because of its high switching costs (Shapiro & Varian 1999), combined with IT’s embeddedness in social arrangements and conventions of practice (Star & Ruhleder, 1996), indicate that management’s influence on the IS portfolio is constrained. Moreover, a focus on control implies relying on single-loop learning, whereas IS implementations often require double-loop learning (i.e. revising one’s goals and principles) because of the unexpected events that occur (Ciborra, 2000). At the same time, IT’s changed characteristics have enhanced the ability of users to modify an IS portfolio. Traditionally, users were involved in structuring organizational systems by offering requirements, testing systems, and evaluating their relevance to their work (Barki & Hartwick, 1989; 1994). As greater numbers of general-purpose applications (such as Internet browsers and spreadsheet software) with more powerful capabilities became available and more broadly diffused, individuals were exposed to IT 40 outside their work environments more frequently. The increased pervasiveness of IT made them familiar and comfortable with different types of IT. This had an impact on their role as users of systems, as they were now able to modify organizational IS portfolios by installing new applications or developing workarounds. In short, they could decide on the system-in-use, instead of having to use the system as it was presented to them. This section has listed some challenges with the extant IS governance literature. The limited theoretical development and ambiguous consequences brought about by improvements in IT indicate that this domain awaits some rich theorizing. This study focuses on the impact of history on the success of IT adoption decisions, the ongoing tension between managers and users on the type of IT the organizational portfolio should be comprised of, and the effect of this tension on business-IT alignment and organizational performance. In such a context, IS governance should be viewed as an emergent process of formal and informal practices designed to achieve a truce among management and users regarding the capabilities of the IS portfolio. The next section sketches out the theoretical scaffolding for this definition, by relying on the practice lens of organizational research. IS Governance as the Practice of Managing Drift Prior research in IS governance and governance frameworks like COBIT posits that organizations should choose their IT portfolios by taking their business goals as a starting point. This will allow business-IT alignment to occur, which should enhance organizational performance. Moving beyond this instrumental, variance theory approach 41 toward a process perspective requires articulating a post-industrial managerial logic, where individuals reflect on their behavior and adjust their actions accordingly, making their responses to situations less mechanistic and more emergent (Dij ksterhuis, van den Bosch & Volbderda, 1999). This study critiques whether IT portfolio drift can be managed by IS governance. While formal IS governance processes offer certain advantages, such as their auditability, comparability across time and with other firms, and clear links with an organization’s business objectives, informal governance mechanisms can help overcome some of formal govemance’s shortcomings, which include high cost, rigidity, and complexity. The reliance of formal governance mechanisms has been at the detriment of informal measures, which could complement or even substitute some of the formal ones, since governance encompasses both control and collaboration (Sundaramurthy and Lewis 2003) In addition, the practice theory perspective highlights the negotiated process of IS governance, instead of the top-down imposition of order that the formal governance frameworks aim to bring about. This negotiation is driven by the stickiness of legacy systems, the interests of multiple stakeholders, IT’s high switching costs, and the increasingly malleable nature of IS portfolios. These factors make it difficult to use abstract frameworks to achieve the objectives management sets for its IS portfolio, including aligning it with organizational strategy. The existence of a variety of IT management frameworks underlines the multi-level nature of alignment: projects, users, management, and directors. As individuals and sub-units negotiate at each level, the 42 compromises they make accumulate and can lead to tumult in the organizational IS portfolio in terms of drift. Reacting to the reification of IS governance, this study offers a practice-based perspective for handling drift. This reflects the situated, emergent, and recurrent aspects of governance, and enables it to be understood as a longitudinal process incorporating both formal and informal practices. The next section provides some background on the practice perspective in IS research, and proceeds to discuss what a practice-based view of IS governance would look like. Governance through a Practice Lens Using a practice lens to study IS governance emphasizes its socially-situated nature. Empirical evidence for this includes the use of horizontal governance mechanisms to facilitate collaboration (Boh & Yellin, 2007; Brown, 1999), the differences between IT professionals and accountants in the tools used to evaluate IT investments (Bajaj, Bradley & Cravens, 2008), and the impact of top management’s beliefs on the use of enterprise resource planning (ERP) systems (Liang, Saraf, Hu, & Xue, 2007). Governing IT portfolios requires behavior control and communication (Yu and Wu, 2008), so as create a shared understanding. Nelson and Cooperider (1996) found that mutual trust and interests between IT and business managers had an impact on their shared knowledge, which in turn influenced the performance of their IT portfolio. Chan (2002) found that informal structures played a much more important role in improving IS performance compared to formal structures. As users and managers engage in these social practices, they are reproducing governance at different levels of an organization, and recreating 43 business-IT alignment over time. The emphasis shifts from governance to governing. Alignment is thus not a fixed state but is being achieved continually. Integrating this with practice theory is worthwhile because of the richer explanations possible. For example, practice theory provides useful terminology, such as praxis and practice for explaining how IT managers decide on the type of governance mechanisms, and symbolic capital, the authority to establish or legitimize symbolic categories (Bourdieu & Wacquant, 1992), to describe the goal of IS governance. Practice theory also enhances the definition of how choices are made in governance: differential access to symbolic capital affects the ability of agents to strengthen or weaken the level of governance. This provides an engine that drives the shifts managers and users make during the search process. Practice theory highlights that the process of governance itself changes the structures in which governance takes place. The structures that are the most relevant here are habitus and field. Habitus is akin to culture but is also more than that. It consists of the principles behind distinctive practices and classificatory schemes (Bourdieu, 1998). These principles are used during practice, as well as to generate new practices. While the habitus exists at the meso level (i.e. between the micro level (individuals) and the macro level), fields can be found at the macro level. They consist of groups of agents engaged in practice, and indicate their differing social positions. This difference identifies power relations between individuals. As agents act, they constantly shape their fields of practice and the boundaries of these fields. Table 5 below depicts the mapping of practice concepts to the domain of IS governance. 44 Practice theory Definition Application to IS Governance concept Emergent, situated, and . recurrent actions of a) IT use and resistance to adoption Practice members of a b) IT governance communijl a) Practices: formal governance Practices: what frameworks e. g. COBIT . practitioners draw on b) Praxis: actual activities of Practices vs. . . raxis durlng praxrs governance- formal and p Praxis: actual activity informal, centrally-mandated engaged in and emerging from sub-units, routine and improvised Ability to define: Authority to classify a) wfllllch corgponents of an IS S bolic capital certain properties or port 0.10’ an . . ym b) which methods of acquiring resources as valuable them, are legitimate Disposition; Principles Underlying logic of an IS Habitus behind distinctive portfolio, e. g. factory mode, practices and strategic, support mode, or turn- classificatory schemes around (Nolan & McFarlan, 2005) Organizational space in which Grou s o fa en ts users and managers interact; their Field 1’ g differential ability to engaged in practice promote/control drift indicates the power differences between them Table 6: Applying Practice Theory Concepts to IS Governance The starting point of a practice theory of IS governance is the role of agents as bearers of capital who are not enslaved by structures (Bourdieu & Wacquant, 1992). However, since capital, especially symbolic capital, is unequally distributed across agents, agents differ in their ability to achieve their competing goals, leading to drift in the IS portfolio. These goals are formed on the basis of their habitus- the prevailing ethos 45 that guide their jobs or work units. For example, some departments, such as payroll processing, may prefer to minimize changes in the IT portfolio, as they are more focused on maintaining reliability (i.e. Nolan and McFarlan’s (2005) factory mode). Bourdieu proposed that symbolic capital has both subjective and objective properties, and is formed through the shared meanings of value and worth. For example, the narratives of meritocracy, scientific management, and management scholarship have supported the value of some particular types of capital, such as schooling and professional experience, in organizations (Ozbiglin & Tatli, 2005). The symbolic capital that is pertinent in this study is the ability to decide which components of an organization’s IS portfolio are legitimate, as well as the authority to determine how these components should be obtained and managed. In the current functional perspective on IS governance, IT managers possess this capital, but users do not. Over time, situational changes affect the possession of this capital. IS portfolios have become more modifiable because of changes in IT, with greater numbers of general- purpose applications, and IT use, with increased exposure of individuals to IT outside their work environments. This has reduced the amount of symbolic capital managers had to define the IS portfolio and its governance processes. Improved IT capabilities mean that, while an IT manager could specify these objectives at the higher levels of an organization, it was difficult to prevent fiagmentation at lower levels, which allowed users to set their own goals for the portfolio. Users have adapted their IS use practice because of this situational change: they are more willing to try out shadow systems and use workarounds. Paralleling Orlikowki’s (2000) distinction between technological artifact and technology-in-use, this situational 46 change has created a gap between the intended IS portfolio and the portfolio-in-use. The latter differs from the former to the extent that certain components of the former are not appropriated by users because of a lack of fit with their tasks. If these components are mandated, users could develop workarounds, so that the portfolio does not interfere with the completion of their work. The portfolio-in-use could also include components not present in the intended portfolio, as users and managers introduce shadow systems. IT managers draw on the practices embedded in formal governance frameworks, such as COBIT, when engaging in the praxis of governance. Governance frameworks are conceptual artifacts, which can be flexibly deployed (Orlikowski, 2000). IT managers’ relations with users and business managers are constantly being reproduced or transformed as technological and organizational changes occur. As users gain in their ability to define which applications are legitimate enough to be part of their IS portfolio, IT managers respond by using their symbolic capital to define certain types of governance practices as valuable, and enact them. They deploy this capital to ensure that the IS portfolio-in-use moves back onto the intended path, thus reducing fragmentation and business-IT misalignment. The use of formal or informal control in the praxis of IT managers is a shifting balance, which depends on their power over users at a particular point in time. Formal governance mechanisms may, for example, not work well with independent-minded business unit managers, who are unconcerned with integrating their operations at the corporate level. In such a case, de-emphasizing formal governance and replacing it with informal practices, such as ceremonies involving respected outsiders or the intercession of influential senior executives, may be a more fruitful approach. Over time, the social 47 structures suggested by these informal practices may be reproduced by reflexive business managers and users, who imbibe and accept the rationale for governance after interacting with such leading personalities. In that case, such methods may be better in the long run for enhancing the level of IS governance than the straightforward implementation of formal frameworks. At the same time, since IS portfolios are heterogeneous networks of actants, it is important to consider how the material attributes of the technologies affect the practice of governance. The material properties of the technologies being used influence their amenability to being governed, as well as the kind of governance that takes place. Users will have a higher capacity to define the IT they use if the technology in question is easily circumvented or is fairly malleable. However, if it is well-embedded in their daily tasks, i.e. it has high switching costs, or is highly symbolic for their organization, such as an ERP system that represents the organization’s shift to a more modern way of working, users will be less able to swap it with something else. This leaves them more susceptible to the IT management decisions of their managers. Thus, the symbolic capital of being able to define an organization’s IS portfolio is affected not only by the formal and informal relationships between users and manager, but also by the attributes of the IT that is part of the portfolio. In some cases, these interact to influence the type of governance practices that occur. For example, an organization’s IT department may be unwilling to include additional fields in a core organizational database. Units that have greater resources, such as more established or creative managers or greater financial capital, may be able to resist this constraint and use their resources to develop their own parallel database. In contrast, units with fewer resources may not be able to do so. 48 This practice-based theory of IS governance approach integrates portfolio drift and governance in a single conceptual model. It depicts how both of these processes interact and why they occur, adding dynamism to the idea of IS governance. This reflects the idea that business-IT alignment occurs both in the short-term, indicated by the mutual understanding of current objectives, and long-term, seen in a congruent IT vision (Reich & Benbasat, 2000). This study’s practice-based theory also informs the dynamic model of alignment (Sabherwal, Hirschheim & Goles, 2001), by expanding the sources of changes in alignment beyond managerial plans. Finally, the theory presented here contributes by describing a clear, specific objective for IS governance: an unfragrnented IS portfolio which balances the interests of management and users. This interaction between governance and drift has an impact on the ability of organizations to achieve valuable IS outcomes. The practice-based theory presented here provides a deeper understanding of IS govemance’s role in managing portfolio drift. The dominant perspective on IS governance uses mechanisms and structures to allocate decision rights and control agents. In comparison, the practices are the result of the interaction between the: a) allocation of decision rights, b) relative allocation of power (capital) between position holders, 0) understanding of agents as to why decision rights are allocated in that way, and d) reconfiguration of decision rights over time (as agents in different roles learn). As this study is one of the first to examine portfolio drift, the emphasis is on presenting an initial empirical analysis of the phenomenon that focuses on describing it and examining its antecedents and consequences. Future research will then be able to build upon the findings here to open up the “black box” of drift by examining the decision-making 49 processes and interaction with governance that take place at multiple levels of an organization and across time. 50 Appendix 2: Examples of IS Studies using Practice Theory Study Research Focus Findings o How people’s interaction with Orlikowski, 2000 t°°m°1°gles enacts o technologies-in-practice: sets of rules and resources (re)constituted in people’s recurrent engagement with the technologies at hand distinctive o structuration with a practice lens: structures of situated use of technology (--) technology use facilities, norms & interpretive schemes (--) technologies-in—practice 0 How do humans 0 knowing not a static embedded know how to get capability or stable disposition of things done in actors, but rather an ongomg socral Orlikowski, 2002 complex accomplishment organizational 0 global product development. . work? competence collective and distributed, ' grounded in everyday practices 0 Three properties of knowledge: difference, dependence and novelty 0 How is knowledge 0 Three types of boundaries: syntactic, Carlile, 2004 shared and assessed semantic and p ragm atic (from across boundaries? Shannon & Weaver 1949) 0 Types of processes required at each type: transfer, translation and transformation 0 Macro-level phenomena, such as inter- o How does the use firm relations, are created and Sch 111th & of technology affect recreated through the micro-level Orlikowski, 2004 relationships actions taken by firm members between firms? 0 Using IT to mediate relationships between customer and provider firms changes these relationships Table 7: Examples of IS Studies using Practice Theory 51 Table 7 (cont ’d) Levina & Vaast, 2005 How does a boundary spanning competence emerge in practice? Boundary spanning emerges when a new joint field of practice is produced Some agents partially transform their practices to accommodate the interests of their counterparts— “boundary spanners-in—practice They produce and use objects which become locally useful and which acquire a common identity- “boundary obj ects-in-use” How do work Practices are reproduced with IT use when agents experience consonance between actions, practices and representations. W231; 2005 practices change When agents undergo dissonance ’ with IT use? between actions, practices and representations, they adapt their practices and representations to reestablish consonance Technology users enact practices from avoidance and perfunctory use to How do humans reinvention resist and reinvent Improvised learning as an explanation Boudreau & IT systems’ for changes in technology enactments Robey, 2005 potential to over time transform their In contrast to formal training, learning organizations? may be comprised of unplanned activities that spread knowledge among the user community geggfifigffirtnhZWMR Social objects are significant because . . of the relations that link them, not the relational View of . . . . . . practice theories mtrrnsrc features of mdrvrdual Osterlund & Use framework to glemtents. (Stgwalrtz, 1927)“) d t' Carlile, 2005 analyze practice rac ice is e ocus or e pro uc ion theories found in three seminal works on communities of practice and reproduction of relations Relations can be classified in terms of their differences, dependencies, changes and power dynamics 52 Table 7 (cont ’d) Levina & Vaast, 2008 o How do contextual differences create boundaries and status differences in offshore development projects? How are these boundaries and status differences renegotiated in practice to collaborate effectively? 0 0 Differences in country contexts lead to boundaries that inhibited collaboration Differences in organizational contexts mediated through organizational practices that treated vendor centers and captive units similarly Some key onshore managers alleviated status differences and facilitated effective collaboration by drawing on their position and resources 53 CHAPTER 4: RESEARCH SITES AND METHODOLOGY A case study methodology was chosen to investigate the research questions. The data consists of ten case studies on organizational experiences with portfolio drift. A qualitative approach is appropriate for this study because of the lack of prior research on portfolio drift and the need to understand the rich contexts within which IT adoption and modification decisions are made (Yin, 2003). In order to appreciate the different aspects of drift, multiple cases were used. Given that the definition of portfolio drift (i.e. the use of workarounds and shadow systems) is fairly easily identifiable, a descriptive approach was used for the case studies (Walsharn 1993). This is a well-established approach for studying IS implementations (e. g. Majchrzak, et a1. 2000; Sia et a1. 2002; Boonstra, 2003) and IS governance (e.g. Sarnbamurthy & Zmud, 1999; Schwartz and Hirschheim, 2003). Episodes of drift were sought out and analyzed to uncover how individuals in organizations responded to the introduction of new IT systems and the governance mechanisms that affected these responses. Episodes of drift represent micro-processes of adaptation which, when observed over time, can help determine which types of adaptation are more likely to have successful consequences (Barley 1986). In addition, the context in which IS portfolios develop needs to be examined, so as to clarify the influence of context on the evolution of portfolios. Some of the relevant elements are the adoption context (including voluntary versus mandatory use), desired goals, interactions 54 between users and managers, and the influence of organizational properties on system use (Isaac, et a1. 2006). Sites The two sites for the cases were chosen after specifying the theoretical unit of interest so as to produce sufficient variation in the variables of greatest interest (Eisenhardt, 1989). Ideally, the research sites should have experienced a range in the amount of fragmentation they had experienced. This would provide sufficient data to understand the complexities of portfolio drift. Both of the sites, EduExcel and EduSucceed, are large Midwestern universities that carry out activities in many domains, ranging from teaching and research to competitive sports and community outreach. They were chosen because, while they were similarity in terms of organizational attributes (e.g. size, number and variety of units, age, level of centralization), their IS portfolios differed substantially (Figure 4). While EduExcel has traditionally allowed its sub-units much more flexibility in choosing the applications they needed for their tasks, it was in the midst of planning to move to an enterprise systems model. EduSucceed, on the other hand, is a pioneer in the enterprise systems in the higher education industry, and has been running its ERP system for about a decade. Since ERP systems are put in place to standardize business processes and support a centralized strategy (Lee, Siau & Hong, 2003), it was expected that the presence of a ERP system would minimize the amount of drift in EduSucceed’s units relative to EduExcel’s. 55 During discussions with the manager in charge of change management at EduExcel, it was revealed that EduExcel had experienced a significant amount of fragmentation in its IS portfolio. It was widely known that many users were routinely using workarounds and shadow systems to carry out their tasks. This university has identified the fragmentation of its IS application portfolio as a significant obstacle to its future development. It thus had an incentive to allow me access to a number of organizational members from various business units to examine the phenomenon. The director of the ERP implementation project supported my research as he believed that some of the findings would help EduExcel limit the use of shadow systems in the future. EduSucceed was keen on participating in the project because it had found that workarounds and shadow systems were reappearing in its business units, even though many of them had been removed when the ERP system was implemented. It was currently in the midst of an exercise to remedy this, which it referred to as “rationalizing” its IT portfolio. The Chief Information Officer (CIO) was supportive of my project and helped me select, as well introduce me to, the interviewees. This project was submitted for evaluation by Michigan State University’s Institutional Review Board (IRB). The Human Research Protection Program deemed it to be exempt from IRB review under Category 1-2. 56 Shadow IT , Enterprise Systems Shadow IT \ J V EduExcel \ j V EduSucceed Time T1 T2 T3 Figure 4: Evolution of EduExcel 's and EduSucceed '5 IS Pory'olios EduExcel EduExcel is a large research-intensive university in the Mid-west with more than 45,000 students and nearly 3,000 faculty. About 30% of the students stay in campus housing. The largest colleges are Agriculture, Business, Medicine, and Education, and the smaller colleges include Music, Packaging, and Nursing. EduExcel is very decentralized administratively, and the central IT department co-exists with separate IT teams in the various units. While some of its major central IT systems have been rejuvenated, most of them have not been upgraded for some time. Some systems are nearing the end of their usable lives (being more than 40 years old) while others are no longer supported by the vendors who created them. These systems issues have led to problems such as conflicting versions of information, difficult-to-locate data, poor systems integration, and duplicate data entry. In October 2006, a decision was made to implement an ERP system that would replace the existing financial, research administration and human resources systems 57 across the university. This project is currently underway and the first modules are scheduled to go live in January 2011. A major goal of the project is that the number of shadow systems, which are currently prevalent all across campus, will decline substantially, once the system is operational. Besides that, better-streamlined workflows and a reduction in IT costs are envisaged. EduSucceed Like EduExcel, EduSucceed is also a large research-intensive university in the Mid-west. It has more than 41,000 students, 5,000 faculty and 17,000 staff members, and spends more than $300 million each year on IT. The largest colleges are Engineering, Business, Medicine, and Sciences and Arts. There are 15 other smaller colleges, such as Music, Design, and Information. EduSucceed is historically, like most universities, a very decentralized institution. There is a central IT department but each college also has its own IT personnel. Depending on the size of the college, their IT department could have from 1 to more than 60 employees. EduSucceed rolled out its ERP system between 1998 and 2000, making it one of the pioneers in the higher education sector. Other projects in the last decade include a business intelligence project. In the last two years, EduSucceed has begun carrying out a multi-year plan to enhance its IT infiastructure and services. This involves streamlining the governance structure and mechanisms and reducing the duplication of IT services and resources, so as to decide which products and services will be the responsibility of the central IT function and which will be handled by the colleges’ IT departments. This 58 initiative was triggered mainly by EduSucceed’s budgetary difficulties, due to a reduction in state funding. Data Collection Data collection took place between December 2008 and February 2010. The change management manager of EduExcel and the CIO of EduSucceed provided entry and widespread access to the business units. Along with their colleagues, they identified the subjects, who were then invited by me to participate in the study. The participants were told that the focus of the study was on understanding why IS portfolios drift occurs and how it is managed in their units. Participants were motivated to contribute because they would learn about how their peers in other work units operated with IS portfolios that had short-comings. In addition, they would find out how decision-making on IT investments and use took place in their own unit across different functions. These insights could help them identify areas where they could improve their operations by, for example, putting in place more rigorous IS governance mechanisms. Both EduExcel and EduSucceed carry out a variety of activities and operate in a largely decentralized manner. The responsibilities of their business units range from academic research and teaching and managing farms to operating power plants and housing students. Both also have significant athletics operations. To control for the confounding effect of the diversity of the contexts, one business unit from each of these categories was selected for the study: colleges, administrative, facilities management, student services, and athletics. These units differed on multiple dimensions: in terms of the size and complexity of both the organization and the IT function and portfolio. This 59 enabled us to collect data from five case sites from both universities with theoretically different IS use and governance needs. Although business units in the different categories have distinct operational foci, certain activities are carried out at almost all units. These included finance, human resource management, IT management, and operations. The interview subjects were thus sampled from each of these functions so as to enhance the comparability of the data. Three to four subjects from each of the five business units were interviewed. The subjects were managers or supervisors who are involved in and oversee any of these above- mentioned activities in their business unit. In addition, they use IT applications to fulfill their work responsibilities, and are aware of the IT applications being used by the staff in their units. The number of subjects fi'om each site varied because some managers handled more than one function, or because not all functions are carried out at each business unit. Managers or supervisors who had been with the business unit for less than six months were excluded, as they may have limited knowledge of the IT systems being used in their unit. EduExcel EduSucceed College- medium IT x 1 IT x 1 HR x 1 Finance x 1 Finance x 1 Operations x 1 Operations x 1 College- large IT x 1 IT x 2 Finance x 1 Finance x 1 HR x 1 Table 8: Backgrounds of Interviewees 60 Table 8 (cont’d) Facilities Management F inance/HR/IT x 1 IT x 1 Operations x 1 Finance x 1 HR x 1 Athletics IT x 1 Finance x 1 Finance x 1 Operations x 1 Administrative IT x 1 Finance/HR x 1 Finance/HR x 1 Central IT Management 1 1 Total l3 l4 In-depth, semi-structured and face-to-face interviews, lasting between one to two hours each, were conducted with 13 EduExcel employees and 14 EduSucceed employees (Table 8). In addition, EduExcel’s change management manager and EduSucceed’s CIO were interviewed twice. The questions were evaluated by an experienced IT manager and two academic researchers. The table below (Table 9) provides the interview protocol used in conducting these interviews. The interviews focused on the evolution of IT use, their perception of the level of fit between the official systems available and the requirements of their jobs, changes in the political and economic environment of their work unit, the sources of leadership and resistance in their unit’s IT planning and implementation efforts, and the roles and efforts of the IT support staff. The interviews were recorded, with the permission of the participants, and transcribed. This provided a source of verbatim quotations. F ollow-up interviews were used to confirm or expand on the evidence collected. 61 The following structured protocol was developed and used to guide the interviews: 1) Describe your job/role, experience, and current responsibilities 2) Describe your department: number of staff, age profile, main role, levels of hierarchy, presence of IT support 3) Describe your work process: what are the steps, who do you interact with, what IT system or systems do you use? 4) Describe each system in terms of the number of people who use it, its age (new/old), did you receive training to use it, how stable is it, and who fixes it when it goes down. 5) Which of these systems are the official systems for doing your job? Which of these are alternatives? 6) Describe the process in which you decided to use the alternative (shadow) system: who was involved, who paid for it, and how did you choose it. 7) What happened after you started using the shadow system? Did you get the benefits you planned for? Were there any unforeseen problems? 8) Have you stopped using the shadow system and reverted to the official application? Have you been asked to do so? 9) Do you work-around any official system? Why? What are the benefits and costs of working around official systems? 10) How common are these practices among your colleagues? Table 9: Interview Protocol Data Analysis Each subject and site was assigned a code denoting their functional responsibility (e.g. HR, Finance, etc) and the site (e. g. College, Facilities Management, Athletics, etc.). For example, "AthFin" indicates a finance manager in the athletics department. Each case describes a business unit’s experiences of portfolio fragmentation. Thus, the first step in the analysis was to use the interviews to create a series of vignettes or short summaries of each work unit's experiences with their IT portfolio and how they managed it. This helped identify common themes in the narratives. Although the data is from five sites, the aim is to produce analytical generalizations (Yin, 2003), where theoretical concepts and patterns are being generalized. For each business unit, these vignettes summarized: 62 a) Unit demographics (e. g. size of unit, attributes of IT support function, and IT knowledge of users) b) The IS applications that were used previously and currently, as well as those that are planned to be used in the future (e. g. how and why were they introduced, were they modified,) c) IS governance structures and practices (e. g. who has authority to decide on changes, how are requests for new systems made, what are the relationships between the central and local IT functions, what relationships exist among peer IT users across different units, what sort of internal controls are used) d) Instances of workarounds or shadow systems e) The conditions that instigated the use of workarounds or shadow systems These rich descriptions helped to surface important distinctions between EduExcel and EduSucceed that were being continually produced and reproduced, and to identify power relations in each of the sites. The next step was to combine all comments about a particular aspect from each of the cases into a large spreadsheet. This helped to decontextualize the interviewees’ comments from their original settings and place them in an alternative context (Tesch, 1990). This table was used to compare the ten cases in terms of the changes in IS portfolios in the different units, the factors associated with these changes, and the diversity of IS governance processes. This was followed by an open-ended process of generating themes and patterns by reading the vignettes and interviews (Glaser and Strauss, 1967). Governance practices and scenarios of drift that were common across the ten cases were extracted and summarized with various diagrams. This helped identify the 63 contingencies, motivations, and underlying structures that influenced and were influenced by the various practices and scenarios. Finally, these interpretations were described using the conceptual language provided in the previous two chapters to develop an abstraction of the phenomena being studied. 64 CHAPTER 5: CASE STUDIES This chapter contains case vignettes that summarize the data collected by the interview process. Each case first describes the IT portfolio in a unit: what systems were used in the past, which ones are in use now, and which ones are being planned for. Instances of drift, either in terms of shadow systems or workarounds, are, if they are mentioned, presented next. Finally, the IT governance practices in each unit are listed. These include practices internal to the unit, and those that involve its interaction with external parties, such as the Central IT function of the university or peers from other universities. At the beginning of each case, a diagram is used to summarize this information, and provide an anchor for the upcoming analysis and discussion. Quotations from the interviewees are interspersed with the case descriptions to provide an indication of the socially-rich nature of IT management practices. The five cases fi'om EduExcel are presented first, followed by the cases from EduSucceed. Finally, two interviews with IT managers from EduSucceed are summarized after the cases. Case Vignette 1: EduExceI — International Studies and Programs Recently, EduExcel made ISP a separate university-level department. ISP integrates all international activities held in EduExcel. This includes supporting the administrative and social needs of international students and scholars, and coordinating research and teaching on international topics. One driver of the reorganization was the need to reduce duplication, and thus, it was accompanied by centralization and 65 standardization in their organizational activities, such as branding, website design, and the development of educational materials. Like other units in EduExcel, ISP is involved in the ERP implementation project. It is scheduled to go live in January 2011. Governance External: internal: IT manager direct report to unit head; single IT team; Users encouraged to search for their own systems; Medium-sized lT team IT Portfolio Central: Data warehouse, grant proposal system, document viewer, HR systems, student information database Local: QuickBooks, Excel, Access Figure 5: Governance mechanisms, I T portfolio and instances of drift for EduExcel 's ISP units IT Portfolio Past Previously, each unit was using a different email client, including Eudora, and the IT staff had to know how to maintain each of them. Databases were also built in a variety of formats, such as Excel and Access. Similarly, each unit was using its own software for 66 managing its finances. These included Excel, Quicken, and QuickBooks. Finally, the websites for ISP’s different units did not look similar. Everybody was on their own island. Financial transactions from the university’s fund ledger could not be saved in an electronic format so that the data could be imported into QuickBooks. IT-savvy accounting employees downloaded the data from the imiversity’s data warehouse into Access to carry out their work. Those who did not know how to do so had to wait till the end of the month, and then print it out before entering it by hand into QuickBooks. For a guy like me, who’s obsessed with technology and things like that, it’s very fi'ustrating when you have to put something in that’s already been done before. Current The department has been standardizing many aspects of its IT portfolio. For example, about a year ago, it mandated that Microsoft Exchange/Outlook would be the standard e-mail application. Databases were migrated to MySQL, and more than 20 databases on topics as varied as visiting scholars, exchange programs, international students, and spring break alternatives, were consolidated. ISP’s finance director wanted to standardize the accounting on one system to avoid work being held up if employees left or went on leave. While this had not been an issue before, he decided to carry out the project as a pro-active measure. The biggest goal for me was to ensure that somebody could step in someone’s job if they needed to... We started out saying with my 67 directive- we need to get on one system, so that we can help each other out better.... That was the mission. I didn’t really care how we ended up, as long as everybody followed. He set up a committee to evaluate four different options: Quicken, DepACT (an accounting package provided by Central IT), the Engineering college’s accounting software, and QuickBooks. They also looked at a government accounting software but decided it was too expensive. They decided on QuickBooks because it was user-friendly, three or four units were already using it, and most of the others were using Quicken (its similarity to QuickBooks would make the transition easier). They decided not to use DepACT or the Engineering college’s software because they could not be customized, unlike QuickBooks. Also, unlike the other applications, QuickBooks enabled them to run certain reports which they needed. Although their initial plan was to implement a common system for everyone, they did not do that in the end. This was because its high cost and the discomfort over allowing everyone access to everyone else’s data. We didn’t know how comfortable (everyone) felt. . ., even though we could put controls in there, so not everybody’s touching the grills and stuff. Once QuickBooks was chosen, making it the standard financial application in ISP was fairly easy, although it was a long process. This was because five of the twelve units were already using it; the other units were provided with training. This experience has helped the finance director plan the impending move to ERP. 68 As his independent study project, a student employee built a web application that automatically feeds financial data from the data warehouse into QuickBooks. The department was not sure whether the new ERP system would deliver these capabilities and when it would do so, so it carried out the project even after planning for the ERP system had begun. The student was especially proud of bringing in some processes that were not part of book-keeping, such as the budgeting process. His ultimate aim is to map out all the processes that are connected to book-keeping and implement them in his system. He was skeptical if these capabilities would be available in the ERP system. The ERP system is cool and everything, but it’s probably not going to care about that stuff. Creating financial statements for the entire ISP department is difficult because the university’s financial system does not organize ISP’s units under ISP. Each unit has its own account, and each unit manages its funds using its own QuickBooks file. So, consolidating the data is a manual process. The finance director uses the university fund ledger system, a report called the Dean’s List, which includes the year-to-date balances for the revenue and expenditure accounts that the ISP Dean oversees, and the monthly ledger, which contains the detailed expenses, to create a financial statement in Excel for all of ISP. They are now considering automating this process along the same lines of the book-keeping application. However, they were not sure if they would go ahead with this scheme, since: a) they would be involved with the ERP implementation (which would take up time), and b) a student employee can key in the information for the report in a few hours (so it is fairly cheap to carry out). 69 ISP also developed a standard look for their website. They paid University Relations for a foundation template and the IT department is now converting all units’ websites on the basis of that template. Each unit maintains its own website. The website project has been around for a long time. It’s amazing how long these things take. Even though many HR processes also include manual steps (e. g. reminding supervisors of overdue staff evaluations and rearranging payroll data to fit local reporting requirements), nothing similar to the web application was developed. This is because Central IT refuses ISP’s Finance and Administration (F&A) department access to the system which contains the raw HR-relevant data. They have not carried out a similar standardization exercise for HR, nor have they asked around to find out how other organizations are handling their HR IT needs. The main reason is that Central HR’s IT systems are good enough for their needs. For example, HR recently replaced many of its paper forms with pre-populated electronic forms. This took place over the last three to four years as part of the preparations for the ERP project. Another example is the e-time system for Payroll. Previously, HR processes were very paper-based. For example, a job posting would require many paper forms to be filled up, which were then sent to HR, where they were re-entered into a computer system. Once the applications had closed, HR would fax the candidates’ resumes to the department that posted the job, where photocopies would be made for everyone involved in the hiring decision for that position. This process has recently become electronic. One issue with HR is that the work of its different divisions is not very coordinated. For example, when student employees are hired as full-time employees, new 70 I-9s have to be made for them very often, even though they already had one when they were students. This lack of coordination is even obvious in the new online HR systems. For example, while Academic HR uses pie-populated electronic forms, Staff HR does not. On the other hand, job postings by Staff HR are electronic, but academic job postings are not. The F&A department has mentioned these issues during the requirements gathering exercise when they met the ERP team. (I hope) the new system is going to have answers to all of them... (such functions) should be part of the central system. One Central IT system that is much-admired and well-used is Contracts & Grants’ grant proposal system. It provides the ability to search for prior proposals, lists the requirements for grant proposals, and has a salary builder to help calculate salaries for I grant budgets. Document Viewer is a web-based report creation application managed by Central IT. It can be used to create and share reports in domains such as accounting, payroll, student services, and facilities. The exchange programs office has an Access database for managing student participation in their programs. Student information is recorded in it and it is linked to the central student database for billing purposes and for accessing emergency contact information. It’s also linked to the university’s health center, which reviews the student’s health form and informs ISP if a student is cleared to go on the program. This link removes the need for ISP to store sensitive health data, which would mean having to abide by the strict HIPAA rules. The database is also linked to the exchange programs office’s website, so that it feeds the information about the programs to the website. The database is currently linked to QuickBooks through the new web application. They would 71 like for its financial component (e.g. billing, payment) to be linked to the ERP system, but 80% of its features do not have a place in the ERP system. However, they are not listing it in the inventory of systems they are preparing for the ERP implementation team. Future They are excited about the ERP system. There’re a lot of things right now that the corporate world in accounting would demand, but we’re not providing because of our systems it’s all fragmented, and decentralized They hOpe that the ERP will automatically integrate expense statements from the various units on campus, because this would save them the hassle of getting receipts from each of the different stores and systems. The ERP system should also make it easy to track transactions. Currently, Central Finance and F&A may use different numbers to track transactions, which F &A maintains in a database We’ll assign something to it, sure, but (they) create their own thing when we create it... it’s going to be the same transaction... you know it’s going to be synchronized... the new system we’re going to create will have that number and it’s going to stay that number the whole way through Another benefit they hope to gain from the ERP system is for accruals to be automatically updated when the amount accrued for a certain expenditure is less than that provided by Central Finance. Currently, the finance department has to edit the figures in its books when this happens. Because of this, they wait for the final amount before entering it into the system. 72 That’s the advantage we’re looking forward to we’ll be able to, as we’re creating the transaction, do the classifications down into the programmatic way that we need it and then at any point in time when that has been initiated, whether it’s final or not, I should be able to go out and do a report in the system and it should include those amounts as accruals. The finance director hopes that the ERP system would not just replicate the capabilities provided by their systems and would instead be much more relevant to their needs I hope that when they do the new system, they are not just focused on “this is how it was, so let’s build a system so that we can get that”. It was like that because it was an old system and that was how it needed to be... (the requirements should be my) dream list, the ideal world. IT Governance and Management lntemal IT management used to be under the F&A department, but was recently made a separate department. The F&A department takes care of accounting and human resources. It also ensures that each unit and department within ISP complies with the university’s policies and procedures on record-keeping. Over the last two years, ISP’s IT expenditure has been centralized. Previously, their IT costs were high and they had no way of knowing what their units were doing. The standardization of the application portfolio was resisted by some units because of 73 fears over job security, an interest in preserving “opaqueness” (because the shadow systems led to a lack of transparency in planning), and a lack of interest in collaborating to integrate their data or allocate the budget (which required some compromises). The centralization has also meant that IT human resources have been consolidated under one team. Before, each ISP unit included employees who devoted a percentage of their time to maintaining IT. A significant driver of the recent changes to ISP’s IS portfolio is a student employee in the F&A department. He is an IT—savvy a book-keeper who suggested significant changes and developed many new financial IT applications. For IT purchases, users communicate their requirements to the IT department, and the latter comes up with its own requirements. ISP’s IT department does not do an IT audit or inventory, but has been asked by the ERP team to provide an inventory of the systems and reports being used. The inventory focuses mainly on applications and reports delivered by Central functions, such as the monthly charge statements from university storage, Central IT, and the computer store. These statements are currently used as backups for their transaction records. An employee from the IT department manages their QuickBook licenses and maintenance for all of ISP’s units. One of their staff members built F&A’s Access database and they now have someone working part-time on IT issues. A network administrator from the IT department helped the different units install QuickBooks. When users ask for a new feature or system, they contact F&A’s IT person and carry it out within their own budget. This is in addition to any upgrades or changes carried out by ISP’s IT department. Besides the student-employee, there are no other power users in ISP. He developed the web-based book-keeping application on 74 kind of my own initiative, I guess... Trying to make my own life better and hopefully everybody else will also benefit from it. The QuickBooks standardization exercise encouraged the finance director to reorganize his department by identifying which of his employees should be champions of certain processes. In addition, he plans to choose a smaller team to be involved with the ERP implementation. So, instead of having a large number of people involved for 25% of their time, he could have fewer people involved 100% of their time. This would reduce the amount of coordination required. some people in our group . .. are comfortable with the technology changes and organization and some aren’t... instead of everybody reinventing the wheel, twice a year, trying to learn this one thing, one person is the champion of that. .. That person gets to do it twelve times a year, instead of everybody going through it once or twice a year. He plans to recruit staff from other units within ISP to be part of his “dream team” in the F&A department. Since that would involve them having to transfer their duties from their units to their colleagues before they can transfer to the F&A department, and because the units may not be willing to release the people he wants, as they might be key staff there too, he has planned the transition to take place over some time. His goal is to have his team up and running by the time ERP is operational. The finance director is worried that shadow systems will reappear in other units after ERP has been implemented because older users will be unwilling to adapt. The director considers himself one of the senior employees after being there for a decade, but instead of being like the others, he tries his best to learn new ways of working. 75 you’re going to have people (who’ve) been here 20 years or more saying “this is how we do it” they’re going to take the new system and they’re going to say “how can I make that how I used to do it?” instead of saying, “wow, this is cool!” You got the old dogs out there, don’t want to learn new tricks. I’m getting close to being an old dog, but I’m different in that I always like to work smarter, not harder... The world’s our oyster They consider the QuickBooks standardization exercise to be the first phase of the move to the ERP system, as it enabled them to reduce the number of classifications they used and standardize on one set (which are the object codes that EduExcel uses). For example, each unit might call “international travel” by a different name, e. g. “Intl Travel”, “international travel”, or “travel-intemational”. They do not expect their IT costs to fall by much when they move to ERP from QuickBooks. Their IT costs have increased substantially in the recent past because of their new projects, such as redoing the website, standardizing the email system, and providing training on the new systems. Besides these, the recurrent costs have been stable. Case Vignette 2: EduExcel - Athletics The Athletics department manages athletes for 17 sports and their facilities, such as stadia, golf courses and playing fields. It is closely linked to EduExcel’s development office, as it plays a key role in fund-raising. The employees at the Athletics department are fairly youthful, especially the coaching staff. Each year, 20 to 30 employees leave the 76 department. The biggest change happens when a football coach leaves, since the incoming coach usually brings in a new team. The workload when the last coach changed was exacerbated by the move into a new building. The Business Office has 8 staff and handles the department’s financial and HR affairs. The Ticket Office is not under it, as it is under the External Relations department. The head of the Business Office has worked there for 21 years and replaced her supervisor when she retired. Besides the head, the Business Office has three other full- time employees (one accountant and two clerks) and one part-tirne employee who handles payroll. Three of the Business Office staff are in their 405 while the other one is younger. Because of her long tenure in the department, the Budget Office manager has not had a situation where one of her employees left and took their work knowledge with them. What she finds more difficult is explaining the nature of the Athletics department or the university. The IT manager has been at his job since 1995. From 1989 to 1997, he was the video coordinator for the football team. From 1995 to 97, he did both jobs. 77 Governance External: Part of selection committee for ERP Implementation; peers in other universities Internal: IT manager not a direct report to unit head; Users rely on IT team for IT support and purchases; 2 IT employees IT Portfollo Central: Dam warehouse, Advance (reporting), Paciolan, HR systems, security Local: QuickBooks, Excel, Access Figure 6: Governance mechanism, I T portfolio and instances of drift for EduExcel's Athletics unit IT'PcutfiaHo Past In 2000/01, the Athletics department shifted away from Novell-based servers to Microsoft-based servers and installed Microsoft Exchange for email/calendars. Novell was used by Central IT too, and some of the push to shift to Microsoft-based servers came from them when they began moving in that direction. When the Business Office head began working here 21 years ago, financial transactions were recorded on paper ledgers. They then switched to the system used by the Ticketing Office, which has an accounting module (DepACT). Since “it was awful”, they reverted to paper after a year. Next, 15 years ago, they began using Quicken. They 78 switched to Quicken because DepACT, the university-supported system, was not as flexible as she needed it to be. Specifically, DepACT could not accommodate the number of fields that were needed. I tried to find something that would give us enough flexibility, (so) that we would be able to set it up the way we wanted to set it up. DepACT, the university system, couldn’t do what we needed to do. . .It didn’t have enough fields basically. Classes, categories, object codes, whatever you want to call them. It didn’t have enough variables for us. She asked around for suggestions and someone recommended Quicken. Since only one user could use Quicken at any one time, their ability to edit transactions was curtailed. If another user wanted to check something while Quicken was being used, s/he would refer to the previous night’s backup. If a mistake was found, s/he would have to wait till the end of the day to correct it. I worked at night, I waited till the person who was on it got off and then I’d go in and fix it, because it was easier than trying to tell them what was wrong. BLED! The Business Office uses QuickBooks to record and manage its financial activity. They moved to QuickBooks because Quicken can only be used by a single user at a time even though she does not like some aspects of QuickBooks. Quicken works better than QuickBooks for what we need to do, because it’s not as complex... (but) you’ve got to weigh which is better: having 79 multiple people on it at once and not having to after redo everything after 5 o’clock. They installed QuickBooks by themselves at the end of the fiscal year, so there would be no issues of having to maintain two different sets of books. The QuickBooks database is backed up every night, so even if it crashed, her office would not lose much data. The application itself is not updated to prevent problems, and the IT manager is aware of this. (We do not) install the updates. We may have upgraded versions one time. .. (If it does) weird things, (we) call(s) up and ask them if they know why it does it, they have no idea what you’re talking about... we don’t have any support for it. I don’t count on any support for it. The business manager has not considered changing to another application because she could never find one that met all her needs. She was quite keen to stop using it when she heard about the ERP, but now she is reconsidering. Even though QuickBooks does not meet her needs completely, she would prefer to stick to it than having to deal with two systems. (QuickBooks) doesn’t meet all our needs but it seems to be better than anything else. In the beginning, I was sure I’d be able to (change), now I’m not quite so sure... because everyone keeps going “oh, they’re going to have to scale it back. .. (Ideally, she would like to) get information out of the university system. 80 Since there are not many payables and receivables, she manages them with an Excel spreadsheet. She thought this was going to be part of ERP sometime ago, but not anymore. Her department does not use Access. For Excel, they only use formulas, not macros. Excel is used for preparing the budgets of the entire department and for individual areas, because QuickBooks does not permit line-item budgeting (i.e. by individual accounts). It can only accommodate an overall budget. (they have to) download stuff from QuickBooks, download into Excel, and then copy numbers over... (it is) very labor-intensive. Currently, her office does not download any financial information fi'om the main university system. Her staff manually enters everything and reconciles their balances with those of Central Finance when they receive their monthly ledgers. This helps them uncover discrepancies. Accruals (payables and receivables) are reconciled annually, not monthly. when you get the ledgers and reconcile them, and we’ve entered into our system just off what we know about, there are always surprises every month. “how come I don’t even know who the person is”. When people charge things to your account that you don’t know about, you can find it if was ours or it wasn’t ours. At the end of each year, her office submits a report that goes into the university’s published financial reports in the form of an Excel spreadsheet. This was done by the iuiiversity’s Financial Analy'sis office previously, but is now done by each department. The Central Finance office does not usually require any other report. They sometimes have to create reports that are requested by the Athletics Director or the heads of the 81 different sports. The Business Office uses the “Advance” system and other applications from Central IT for reporting. She uses Excel to create the NCAA reports. It is a very time-consuming process. For example, the numbers in one account may have to be reallocated to two or three line items in the report, or two accounts may have to be combined for a single line item in the report. Some of the numbers are in QuickBooks, while others are in other systems. One problem is that the NCAA report changes every year, and the NCAA administration does not inform schools early in the year what information it needs. Thus, the Business Office ends up keeping track of the information that was required for the previous year’s report, which often differs from this year’s report. These reports have been around for 5 or 6 years, and have changed three times. The figures are filled onto an online form on the NCAA website, which makes it difficult to keep track of what the figures are made up of. Because of this, an Excel tool was provided the next year to help users keep track of how they arrived at their figures. However, this tool was not linked to the online form. So, users had to fill up the Excel tool, print it out, and then type in the figures into the online form. The federal reports are also web-based. Although the NCAA reports were ostensibly designed so that users could use the data from the federal reports when filling up the NCAA reports, this is not so in reality. (It) probably takes me 80 hours to put that report together, pulling... I have to grab things from all different places and reallocate. They don’t tell you on the front-end what they’re going to change, they tell you at the back-end. And it hasn’t been around that long, so it’s been 82 changing a lot... people had to develop their own way to get to it, because they didn’t have a trail. they have places (where) they made mistakes, so it doesn’t work. I mean it works, but if you turn it in that way, you’re wrong Other Big 10 universities which prepare these reports obtain the data either by downloading it from their university systems or have developed customized applications for this purpose. She has approached someone to develop a financial application for her some time ago (before the NCAA reporting requirements came out), but did not pursue this. Discussions on the ERP have been going on for a long time, so she was not sure when it would actually be implemented. She was concerned that if she went ahead with her own project, which would involve reorganizing her office’s financial processes, she might have had to do the same thing again when the ERP system came around. There is no specific person in charge of HR in the Athletics department. Recruitment is managed by individual coaches (not centrally), and there is no IT system for managing applications that come in. HR’s kind of shared between several people here so it’s a come-and-go thing... HR’s spread over so many people that it’s nobody’s full-time job, it’s an afterthought for most people. We don’t have an HR person, whose person is HR... when resumes come in for coaching jobs, they create notebooks. It’s all manual. The Business Office uses the HR systems from Central HR. Similar to how they run their finances, they use HR’s system to obtain information, and then re-enter everything into their own system. The Comprehensive Automated Staffing System 83 (COMPASS) is a system from Central HR used for hiring full-time support staff. She suggested to Central HR that it could be used to hire coaches, who are hired as academic staff. That way, the process would become electronic, and less paper-based. She has been told that Compass is linked to the new ERP system but is not sure. The HR processes in the university are fragmented: there are about five different ways to hire people and the Athletics Department uses all five. Central HR used to have three offices but was recently relocated to one location. However, there are still four different offices handling hiring: a) one for full-time support staff and non-student on-call staff, b) a student employment office for student employees, c) one for graduate assistants, and d) the academic HR office for professors and fixed-term faculty. Each one has its own process and paperwork, and IT systems, with one of them being much more advanced than the others. Some of these differences were at the level of the color of the form that was handed in. When they moved to online forms, they could not be saved but only printed. The wide variety of practices made it difficult for employees in the Budget Office to figure out which form was required or what the steps were for a certain procedure. It was especially difficult for new employees. (I’ve) gotten used (to) it and I know which way to do what. But for the new person coming in, it’s ridiculous! the aim of ERP is to get it all together. They have just developed a new website for their donors. Donors will now be able to go to the site and see how much they have contributed, what level they are at, and whether they want to increase their contribution. 84 The department’s Exchange server is managed by AIS as part of a larger collection. However, they have full control of it. For example, they recently added a Blackberry Enterprise server since there are about a hundred Blackberries being used in this department. Coaches use them, especially for recruiting. The IT manager started offering this service in the fall of 2005. For a three-month period, about a dozen employees, including him, tried it out. Since they had no problems with it, they opened it up to everyone else. When one person sees it, it just propagates. We said ‘you know what, this is going to work out alright’ and then we started offering it. He began exploring it after a few coaches mentioned it to him. He agreed to implement it, since there were few security issues. For example, the Blackberry Management server communicates with the Exchange server behind their firewall, making the data transfer secure. In addition, if someone loses his/her Blackberry, he can kill off its email access remotely, removing all personal data from the device. This is not possible with a Windows Mobile device. It is also easier to administer compared to iPhones or Windows-based devices- users do not need to reset the passwords on their Blackberries (unlike the other two types of devices) because he directly links the Blackberry server to their user IDs. A similar example (of users pushing for new IT services) was when users moved from their Franklin planners to Palm-based devices in the 19905. The ticketing system is run by Paciolan, a vendor, and the site is hosted in California. The servers are housed in the main Athletics building. 85 Future The ERP system has been talked about for a long time. Her understanding is that, while the scope of the ERP system is not shrinking, fewer fiinctions will be available when it is first rolled out. I’ve known the university has had this going on forever. I think they have too much stuff they wanted to roll out on July 1 2010. .. they (may) just do this and these other ones are going to be have to be phased in later. Currently, these heads and the Director can view the monthly balances of each account. With the ERP, they will have access to any level of detail they want. This may influence how often they ask for reports. With the ERP, both parties will have to agree to use journal vouchers (i.e. when someone is charging someone else on campus for something). This should make it less likely that they will find surprises on their monthly balances. However, electronic document routing is required to make this work well because vouchers are processed slowly. A key issue for her is that the ERP system should provide her with the information to prepare all of the reports required by the NCAA and federal agencies. She is not sure if it will be able to do so yet. She has informed the project team of her requirements and believes that if she has the flexibility to set up the new system, she should have no problem getting the data she requires. However, there is a lot of uncertainty currently which troubles her you get a lot of “we don’t know that yet”, “we don’t know that yet” 86 I’m not one of those people who says “I have to keep it this way just to be sure,” (but) I want to know on the front-end, that yeah, looks like this will work, and then we’ll wing it! She believes that Cognos, the reporting tool in the ERP system, will reduce her compliance workload. If we can break things down the way we want to, then I should be able to write reports in Cognos and get the information that I need... But you know, it’s all a “yes, sounds good” and it should, but it remains to be seen. Since it will be rolled out on July 1 (the beginning of the fiscal year), all transactions after that date will be recorded in the ERP while all transactions before that date will be recorded in the old system. She hopes that she will not have to use QuickBooks and the ERP in parallel after that date. (that depends on) how comfortable I am when we try to set it up. When we go through how we structure the accounts and stuff . .. if it’s not going well, then we’ll have to do them both. I would like not to do them both. IT Governance and Management lntemal Over time, the department has begun to use IT more intensively. This stuff is getting to be a bigger piece of day-to-day work, day-to-day operations. The Athletics department has two IT employees: a manager and his assistant. They support more than 300 workstations in 10 buildings, and over 200 full-time staff. 87 When the IT manager began in his role in 1995, there were about 50 computers in the department. Most of the staff who were around then have left, and the new ones who have been recruited are fairly computer-savvy. The IT team manages and secures all PC and server applications in the buildings run by Athletics, including all stadia and offices. These include office applications, email (Microsoft Exchange) and a web server that hosts content for the website (which is run by CBS Sports). Specifically, they install the applications, make sure they point to the right data sources on the server, and manage the back-ups. They are aiming to retain between 6 to 8 weeks of data. They do weekly as well as annual back-ups. Every week, they get calls to restore some data and they manage to do so. The IT manager admits he’s under-strength but does his best. We’re a little understaffed. But we make do and with the budget constraints coming up, we’re doing what we can. So far, the IT manager has not hired students to help out. One difficulty with hiring students is that they would lack the institutional knowledge required. This was compounded by the short time they would be able to work for him. In place of students, he has contracted help from Central IT. He uses them as his back-up when he goes on vacation, but this has not stopped his colleagues from calling him while he is away. However, with the impending budget cuts, he thinks he may have to start hiring students. .. if you have to go out and know all the personalities and everybody that’s in 10 different buildings, by the time you’ve got that whole thing figured out, it’s time to go! 88 He tries to stick to his daily schedule but cannot always do so. While some of the staff do not bother him with their IT issues, another group is at the other extreme. Fires have to be put out continually, it just happens... (about a third of the staff) are rather carefiil with what they do. They have a good grasp of systems and don’t get themselves in too much trouble... there are some you hear from all the time. He is not completely sure of all the systems the business office uses. If employees learn about some software and want to purchase it for their department, they usually go through him. He evaluates their request before using his sources to get better prices. I make sure her PCs and her systems are running so that they can do their job, but I don’t do their job. We’ll go through and look, you know, ‘do we really need this? What are the advantages of this?’, they’re looking for something specialized He does not get employees replacing the regular applications with their own or asking for many changes. One major source of differentiation is the different applications used by the various sports; for example, the golf team has a swing analysis application. Usually, the officials from each team purchase these applications themselves. Usually, the software is installed by outside vendors, and the IT team helps them maintain or fix it. There has been no discussion of moving to open-source applications. We’re pretty nutsy boltsy with the software we use here. We stick to the Microsoft Office products... they’re all pretty happy with the applications we run here. 89 I guess I haven’t really had a reason to change. Nobody’s shown me a good reason to change. Users share information among themselves by using shared directories and sharing their Exchange calendars. They willingly move data from their personal shares to department shares if someone (e. g. the media) needs access to them. When employees leave the Athletics department, their access to all data (department mailing lists, shared directories, etc) is removed. Their email addresses are kept active for 3 to 6 months, and emails are forwarded to their new address once they have it. After 3 to 6 months, they expire automatically. However, their email addresses are not made defunct; they are made inactive and are available to the employees if they return. This is a common occurrence. He has not heard issues of files being unavailable to new employees who replace those who leave. He thinks the pace of change has slowed down. He aims to keep workstations for 6 to 7 years, on average. All hardware (printers, PCs, etc) is recorded in an Access database, which he started about 12 years ago. He records IP addresses, serial numbers, the type of hardware being used, storage capacity, and the type of applications that are installed. This database is updated daily, allows him to sort by building or user, and he keeps track of any issues that occur. Only the two IT staff members can access this. He has not considered using a dedicated application to manage this fiinction because this meets his needs. He does not track the software he purchases using a similar database, since he usually relies on the university’s site licensing agreements. The licenses are kept in file cabinets. 9O .. it gives me an idea of what’s going on... I put in notes, like ages of when they were put in, new PC . .. hard drive crashes, notes, so I can tell. The business office employees have not received training on QuickBooks, even though they do not use many part of it, such as handling payables and receivables, and printing checks. Her team only uses it for updating account balances and creating reports. She believes that even though some of the employees of the Athletics department are IT- savvy, they do not try and do things themselves. I do nothing in my computer without calling (him)! I mean, (he) even sets up my home computer... (he)’s pretty easy to work with and people like that. External One way the IT manager uses Central IT is to manage his security, since he does not have the resources to do it himself. There are people who work here on campus who do nothing but security. So, I use them and they do a great job. Central IT does not mandate any systems, but instead suggests new technologies that might be relevant to their needs and which they have tested. An example is the Barracuda anti-virus and spam filter appliance. He has four layers of virus protection as part of his infrastructure. What they do mandate are policies, such as the Acceptable Use Policy. Since the Athletics department is self-funding, it can decide by itself how it wants to spend its funding. However, since it is part of the university, it has to follow the university’s policies. 91 There’s nobody over there calling “you’ve got to do this.” The Big 10 schools meet annually to discuss sports administration issues, such as the NCAA reports. However, it is difficult to apply others’ experiences as each athletics department is structured a bit differently. For example, are facilities like the golf course, stadium or ice arena managed by the athletics department or rented from a separate arm of the university? Such issues have implications for the way the departments are structured and the type of information they gather. Improving the reporting process is difficult for another reason too: the terms used can be interpreted differently. Sometimes, she manages this uncertainty by asking the NCAA staff responsible for the reports what they mean by certain items. However, not everyone does this. In addition, some administrators modify where their figures go based on how they are assessed by their universities. the problem with the report is they don’t give you very good definitions. So you could take a set of financial information and you could take those definitions, and you could give the same information to ten people in a room and you will get back ten different reports. there are also places where you would think the information would be comparable, and people have different interpretations of it. .. this is kind of why you take the information for what it’s worth because you’re making a best effort to put it together, but you just don’t know how everybody else is doing it. you’ll have some people who’ll report things in a certain place because their university assesses them a fee based either on revenue or 92 expenditures or something else. ‘Well, I don’t want to show it as an expenses, cos I’ll get charged a fee on it’, and I say ‘Yeah, you get your fee charged on expenses and I get my fee charged on revenues’ so I want the opposite of what you want. While he has not been involved in the ERP project, the budget officer has. For example, she was on the first field trip to look at how Indiana University was using this, which was sometime in the 19905. Her long involvement has made her somewhat skeptical. She attributes the delay to two reasons: funding and uncertainty over what the university wanted. Before choosing the current ERP system, the university was looking at software that was not web-based. Everyone they spoke to told them that they should spend more time planning, because that was the mistake they committed. I’ve been on to more meetings than I ever dreamed I would go to. And I have another staff member that’s gone to several. It’s kind of one of those where if I still work here when this thing becomes reality, I’ll be surprised! (I’m) sure there are still going to be glitches. The Budget office head is not counting on much support for the ERP system. I think we’re going to have to do a lot of staff training internally. Case Vignette 3: EduExceI - Facilities Management The Facilities Management department constructs and manages EduExcel’s buildings, roads, parks, and other facilities. It also provides heating, cooling, electricity, water, telecommunications, and trash removal services for the campus. Facilities 93 Management’s employees perform a wide range of roles, including building cleaners, swimming pool operators, architects, engineers, and bicycle repairers. Governance EXELEL: Part of coordinating council for ERP Implementation, peers In other universities Internal: IT manager direct report to unit head; Users encouraged to search for their own systems; Medium-sized IT team IT Portfolio Central: Locak FAMIS, Excel, Discoverer, Billing, Payroll and HR, Overtime Management System, Skire, Various other systems for unique activities, AutoCAD Figure 7: Governance mechanisms, I T portfolio and instances of drift for EduExcel 's Facilities Management unit IT Portfolio Current One of the main IT systems Facilities Management uses is the Facilities Administration Management Information System or FAMIS. It is a facilities management system, covering functions such as space management, job costing, maintenance management (work orders), project budgeting and scheduling, and inventory control. It was purchased from a vendor and is maintained internally. It was recently upgraded from 94 a PC-based system to a Web-based system. Its functionalities will not be in the new ERP system, so Facilities Management will retain FAMIS and integrate it with the ERP system. F AMIS was put in place in response to customer feedback, who wanted more detailed information as to what they were being charged for (e. g. who came, why someone had come over, what material had been used). Customers used to call and complain to the employees who handled billing. Since the IT Director is also the Finance and HR Director, she heard about the problem from her staff. An application called Discoverer is used for reporting and analysis. They intend to integrate it with Cognos once it is installed. E-mail was consolidated in the last few years into Microsoft Exchange. Previously, different sub-units used different systems. Facilities Management uses intemally-developed systems for these functions: - Billing: they bill vendors and EduExcel units for the work they do; - Payroll and HR: they have to deal with many bargaining units, so their wage structure is more complex than what the Central HR system can accommodate Auto CAD is used for designing construction and renovations. The Custodial Overtime Management System (COMS) was developed because the custodial staff asked for a separate system to manage their overtime, since it was handled differently for them than for skilled trades-people and maintenance workers. Finally, there are some stand- alone systems which do not use Facilities Management’s network, such as the ones in the Elevator Electronics Shop, which remotely monitor the elevators on campus. Sometimes, policy changes led to changes in systems. For example, when a new law made Social Security numbers protected information, reports and forms in payroll and 95 personnel systems were modified. The personnel database was also modified to include the employee ID. Future A new project management system, Skire, is being implemented. It will be used to digitize their business processes, both with their internal and external customers and suppliers, such as contractors and architects. It will electronically process invoices, change orders, construction submittals, and requests for information. It will be linked to FAMIS, and through that, to the ERP’s systems. They use the online print room of a local printing company to enable contractors to electronically order documents for projects out for bid. Previously, all of these tasks were handled manually and were paper-based or recorded on various Excel worksheets. There was nothing consistent that kind of crossed the whole department. The move to Skire will improve task and document tracking, enhance accountability, and speed up document preparation. Also, Skire will help avoid instances of the organization losing its knowledge of financial accounting and individual projects when their employees leave. However, this is not a major issue, because they work on a project basis, which means that much of the knowledge is shared by employees. Despite these advantages, users resisted Skire’s deployment: People are kind of tied to their old ways, and it’s kind of tough bringing them along. .. haven’t seen the benefit of it yet The process of selecting Skire was carried out jointly by two departments (Engineering & Architectural Services and Campus Planning), as it would affect cross- 96 unit business processes. They visited a number of similar organizations that were using it and used that information to make their decision. In the longer term, Skire will become available to any organization on campus that has to interact with construction services, such as Housing and Food Services, Land Management, and other departments within Facilities Management, like Maintenance and Telecormnunications. These different units will be brought into the project for the processes that concern them. For example, Facilities Planning and Space Management were involved in developing the construction processes. It has not been decided yet whether the system will be managed by Engineering and Architectural Services once it is launched, or whether it eventually be managed as a central campus system. Another system that is planned for the future is a web application for electronic time-keeping: Although senior management has suggested this for a long time, it was difficult to implement it because it meant that new electronic time-keeping units would have to be installed in every building on campus. This is no longer an obstacle because thin clients have been installed everywhere as part of another initiative. Finally, the department hopes to put in place an electronic bidding system. Currently, contractors can view documents online, but still have to physically drop off their bids. IT Governance and Management lntemal The Facilities Management division has about 20 in-house IT staff, who support the various departments in the division. The departments rely on them for support, maintenance, and planning, as they do not have their own IT staff. The IT function was 97 only created in the 19805 and 19905. The IT director is also responsible for the division’s HR and finance functions. Two IT managers report to her: one handles the network, support and security, while the other is responsible for application and database development, administration and support. Facilities Management has just hired someone to handle its communication with the rest of the campus, such as email updates on construction and updating the department’s F acebook page. No formal framework/methodology (e.g. ISO, COBIT, ITIL) is used for organizing the IT management function. EduExcel’s lntemal Audit office does not mandate that any particular methodology be used; its requirement is that all units establish policies for various IT fimctions, such as versioning control and security. The audits focus on aspects of IT security, e. g. firewalls, password policies, etc. IT audits are not held regularly- the IT Director could only recall one in the past six years. A Mobile Device Guidance Committee was set up to evaluate mobile devices and inform users which devices will be supported by the IT department. They have standardized on Microsoft’s Internet Explorer as their browser: It’s very similar to me to us making a decision to say we only specify a certain pump, because we know that it’s a good pump, we have the parts to fix it, we know how to fix it. Although they have released standards for different aspects of IT, they still allow some flexibility. Users who want to run systems that are not on the “official list” are not told that they cannot install those systems. Instead, they are informed that IT support will not help them if they have any problems. However, they never actually do that: 98 You always have to help. Can’t exactly close the door and say ‘tough luck!’ Training is not formally organized- employees request it or attend it when they feel a need. Facilities Management recently conducted a training exercise to provide the custodial staff with basic Internet and e-mail skills, so that they could make greater use of online applications. Before this, many custodians were not reading their email, which made it difficult for management to communicate with their staff electronically. Instead of buying full-scale PCs, they purchased thin clients for the custodial staff, as they were a quarter of the cost of PCs. This also made managing these assets easier, since they were distributed across campus. The presence of these thin clients will enable the department to put in place an electronic time-keeping system and do away with the current manual/ mechanical system. Because of the diversity of the businesses they are in, Facilities Management’s IT staff encourages their users to find applications that they would like to use for their jobs and inform the IT department. Each sub-unit has “super-users”, who usually suggest applications that their department needs. Users in the different departments get together on a regular basis to share their knowledge and help each other out. a lot of our staff are self-guided We have this collection of businesses, and each one of them has very unique needs when it comes to IT. Because there’s no way we can be all things to all of those customers, each department tends to have people who are, what you call super-users. .. Often, they’re the ones who come up with different things that their department has alone and they manage it. 99 Facilities Management’s IT department makes investment decisions by figuring out what’s the most economical way to meet their to users’ business needs. For example, instead of buying 120 workstations to support the custodial staff, they purchased thin clients for a quarter of the cost. In addition, this meant that the applications had to be web-enabled, which allowed them to bypass the issue of having to access other units’ networks. External The ERP project began as a project to upgrade EduExcel’s financial and human resource systems. It later evolved to include a focus on improving collaboration across campus, through initiatives such as Environmental Information Stewardship. Thus, the ERP project marked the beginning of a formal structure of collaboration on IT across the different units on campus. It doesn’t mean that we’re any less decentralized than we were before but at least there’s a connection. The Information Technology Systems Coordinating Council (ITSCC) was created as an expanded steering committee for the ERP project, and Facilities Management’s The IT Director is part of it. However, after 1 to 1‘/2 years, the vice provost expanded its role to drive these newer cross-campus initiatives. Facilities Management’s IT managers participate in an external body of their peers, the Association of Physical Plant Administrators (APPA), whom they meet periodically. 100 Case Vignette 4: EduExceI - College of Agriculture Within EduExcel, the colleges of Agriculture and Medicine are the most complex units. The College of Agriculture has 13 departments and operates 15 experiment facilities throughout the state. Unlike most other colleges, which have only one general fiind, Agriculture has three sources of funding: the college’s general fund, the Agricultural Experiment Station (ABS), and the University Extension (UEX). Each line has its own budget director but they all work together. In budgetary terms, UEX is the largest department, while the college is the smallest. UEX operates in 82 of the state’s 83 counties, and some of its employees are hired by the university, while others are not. Those in the latter group are not in EduExcel’s HR system. Governance External: CIOs meeting Internal: IT manager a direct report to unit head; multiple disconnected lntemal IT units, currently being centralized; users search for and develop own systems IT Portfolio Central: Data warehouse, HR systems Local: CAPS (budgeting), EIS (finance & HR), CAR (budgeting), QuickBooks, Excel, Access, 8419, federal funds tracking, Digital Measures Figure 8: Governance mechanisms, I T porq'olio and instances of drift for EduExcel 's College of Agriculture 101 IT Portfolio Current UEX uses its own EIS system for finance and HR, while most departments in the college use QuickBooks for their finance needs. The college’s finance office uses a shadow system called CAPS to run its financial transactions. CAPS is managed internally off their own servers. Its administrator is a dual report to the budget officer and the C10. The finance office extracts data from the university’s system and then manipulates it in CAPS to incorporate the needs of UEX and AES. The latter two organizations have different fiscal year-ends and also report to the federal government; thus, many components in CAPS are not part of the university’s requirements. From what the CIO can deduce from her meetings, CAPS will still exist after the ERP but might change its form or function. The costs of managing CAPS are shared among the three lines. One reason why the main university systems cannot be used by the Agriculture budget office is that the different systems store data differently. For example, one stores historical data, while the other computes a year-to-date figure weekly. There are also differences in how academic appointments are stored. This makes it difficult to create reports and link them to payroll information. CAPS is a budgeting tool. Over the past 20 years, it has evolved from being a DOS-based stand-alone system running on a single workstation, to a Windows-based system, and finally to a web-based application. Today, anyone in the department with a relevant business need can access CAPS, if they have been cleared to do so. Before the 102 spread of office networks, the data could not be easily accessed by everyone. One way they overcame that was to print these books and that would get handed out a little bit, maybe to the Dean or the Director’s office. CAPS was developed to track the different funding lines, which are allocated in a very complicated manner- e. g. up to 22 other colleges are involved. In addition, Agriculture’s finance office has to prepare a variety of federal and state reports because of the high level of grants activity in the college. However, some of the human resources (HR) information they require for these reports was not available to them, as it was located in systems that could only be accessed by university-level human resource staff. Since Agriculture staff had no access to this information, they had to build a shadow system to collect and manage this information that was scattered about: a lot of bits of files and information A third reason for developing CAPS was that ABS and UEX had no mechanism for projecting activity through the end of the year. That was useful for finding out which areas would be in trouble by the end of the year. The university used “money-books” to do this for its General Fund, but they were unavailable to UEX and AES. DepACT is a sub-accounting system developed by the university’s Central IT department for handling ledger and personnel transactions. It was started by a finance officer at an Agriculture research laboratory who could not obtain the information she required from the central finance systems. She begun developing her own system and managed to convince Central IT to take it over and make it a system that every department could use. The College of Engineering broke off from this project and has 103 created CepACT. This is a budgeting and ledger system (without any personnel data) which other units can use for their own needs. DepACT and CepACT are used for book-keeping and reconciling transactions with the university’s ledger at the end of each month. Compared to CepACT, DepACT can create a wider variety of reports, and goes deeper into the sub-accounts. DepACT is newer than CAPS, but is not as flexible or useful as CAPS for Agriculture’s needs. Also, DepACT is a stand-alone system, while CAPS is a networked system that automatically pulls data from the university’s system. However, CAPS does not carry out reconciliation. The success of CAPS has interested other colleges in it. However, smaller colleges, such as Business, do not need systems as complex as it because their funding does not come from multiple sources (since their faculty does not receive many grants.) The few large grants that were received were handled independently. Engineering has a complex system too but it is used more for sub-accounting. In addition, Agriculture is also unique in that it has individuals who are on more than one account; that it, their salaries are drawn from multiple accounts, both within and without the college. Some individuals are funded by up to five different colleges. Agriculture’s budget office has also developed the CAR budget system so that it can examine the budgets of the different departments and funding sources. Since other colleges do not have such complex firnding structures, the university has not developed anything that Agriculture can use. Other systems used by Agriculture’s budget office are: a ledger system for handling transactions and payroll, an accounts receivable system, a cost-sharing system, a 104 system for handling the transition from annual salary to academic year salary, and an Access-based system for handling ‘carry-over’, when entries are sent to Central Finance. Instead of manually keying 1,200 individual entries, this last system generates one large entry that is sent by FTP to Central Finance. These multiple systems share data among themselves. Agriculture’s budget office has also developed a system to keep track of how the federal funds they receive are used. Since costs are shared among the various departments, they need to know how much effort individuals are contributing to each department. This web-based system creates a database based on how people are appointed, and the departments are allowed to modify the percentage of effort that each individual contributes to each program. This list is then sent electronically to the Central Contracts and Grants Office. This system saves them the trouble of keying in information for 300 to 400 people every year. The budget office hopes to use the research administration component of the ERP new system to handle some of these tasks, rather than having to adapt the shadow system. If the (ERP system) could handle that, that will be good, because to adapt shadow systems to the new system takes a lot of time and effort- figure out all the elements of your current state, and map it to a fiiture state which is currently unknown. A similar system that creates reports for the US Department of Agriculture is called “the 8419”. It gathers expenditure on any project related to the ABS from the campus and beyond. To maintain this level of comprehensiveness, the system tracks all new accounts that are established by the university, so that the staff can decide whether 105 they are relevant for the 8419 report. If they are relevant, the system includes them in the annual report it generates. This system is also web-based and uses Access on the back end. They believe this requirement is unique and will not be available in the new ERP system. It’s become very popular... a lot of other colleges and universities...are interested. The development of the 8419 system helped to arrest a significant HR issue. Before the automated system, collecting the data and keeping track of the new accounts throughout the year was a massive task, leading to high turnover. gathering data and somebody spending a lot of time organizing and crunching numbers and putting stuff together. Because of the complexity and largeness of the project, people were coming and the turnover was huge... (it) became a joke. You do the 8419 one year and then you leave. You never do it again They are not sure whether other schools generate this report automatically like them, or manually. Cornell is one exception. It has a mainframe-based system to generate this report. It is also moving to the same ERP system, but it has a lot more staff and funding for the transition. Thus, Agriculture’s budget office expects Cornell to be able to move the 8419 to its ERP system, unlike Agriculture. (we are) skeletally staffed... we don’t have excess capacity in order to meet the needs of this transition and that’s really what we’re up against. Most departments are also using databases built in Excel or Access. The CIO has brought together fiscal officers from each unit to create an inventory of these databases. 106 (we) just don’t know what’s out there. One problem with these databases is that when the individuals who manage them leave the organization, there is often little organizational knowledge on how they should be used. Agriculture’s budget office has discussed the danger of losing important knowledge if anyone of them leaves, since there is little cross-training. However, they have not been able to do much about it because they lack any spare capacity. For example, they have data dictionaries for the 8419 and CAPS, and a user’s manual for the 8419 but no technical manual. The IT department is working on reducing this problem through documentation and cross-training. Although there have not been any major problems because of this issue, the CIO considers the controls to be weak. We’ve tried to document, we’ve tried very hard... It’s just very, very time- consuming. An example of a recent project was to web-enable the budget creation process. They built a budget for the different units using the data from the ledger system. The units were then allowed to change these figures and submit their final budgets via the web. This process was previously done on paper. This enhancement helped them to standardize the way it was done. This project was an internal development It seemed nright be a good idea for these guys to give it a whirl. They planned to extend it to the General Fund, but should be shelving that idea because of the ERP, especially given the shortage of resources. We would do it if we had the personnel and time. The College uses a third party system called ‘Digital Measures’ to assess and report the output of its faculty. This system tracks faculty scholarship, faculty outreach, 107 other activities, publications, and grants received. Since it is a third-party hosted solution, Agriculture’s IT department is not actively involved with managing it. The IT department only provides functional administrative oversight. Digital Measures was purchased almost two years ago, and a pilot implementation was run at the Food and Research Economics group for a year. It was rolled out to the rest of the .college in October-November 2008, and the faculty members are currently entering their data for the first time into the system. The College carried out the Digital Measures project in the midst of the ERP, as the forrner’s functions will not be fiilly available in the latter. The different groups are now meeting to find out if they can link both projects together so that users will not have to enter the same information twice, or postpone Digital Measures’ roll-out so that they do not duplicate any work. The last major IT standardization exercise they were involved in was in 1989 (20 years ago) when the Student Information System was set up. About six years after that, an electronic journal vouchers system was set up for purchasing. However, this is not used by Agriculture because, even though they were told that the system would accommodate the requirements of ABS and UEX, it does not. Thus, Agriculture still prints out paper vouchers which are recorded in an Access database, and emails copies of these vouchers to those who require them. It wasn’t standardization. It didn’t work for us. It worked for everyone else, but not us. They believe that the system was not modified to meet their needs because of an impending deadline. It would have taken too long and too many resources to carry out the 108 necessary changes. That experience has made them afraid that the same thing will happen with the ERP. This is a window for us, with this new system, that we fear the same thing will happen, that they will say, “ok this is the best we can do, and I’m sorry it doesn’t accommodate you, but we have to move ahead, we have a deadline.” Future While there had been plans to incorporate the needs of UEX and AES in the ERP, these seem to have been abandoned now. The ERP package being implemented was not developed for a land-grant university, so customizing it to fit the needs of UEX and AES is difficult. EduExcel would be the first campus to attempt it. Even though this is not in the first phase, it may be part of future phases. As far as they know, the new ERP system cannot handle multiple sources of funds in a single budget reallocation entry. This has not been resolved yet and has led them to wonder whether they will have to maintain a shadow system. Also, while Central Finance automatically allocates funds to each college’s General Fund, the funds for the ABS and UEX budgets are manually recorded through budget reallocations. Thus, Agriculture receives its ftmds from both a central and a “local” source. The budget officers are also unsure how this would be handled by the new system. 109 IT Governance and Management Internal Agriculture hired a Chief Information Officer (C10) in October 2007 to oversee its three lines of business: the College, UEX, and ABS. Historically, the three lines had very decentralized IT operations. Some groups had one IT employee, some had none, and others had five. The CIO, an experienced IT manager from the industry, was asked to combine these groups and implement an enterprise system. Her hiring was prompted by the realization that even though three lines were spending a lot of money on IT, they were not getting much value from it. there’s got to be a better way of doing this, where some groups have really great IT and some groups have no IT at all... how can we spread this out and make it value-add for everybody and actually use technology to meet our mission? The CIO’s staff includes: - a team in Agriculture Hall handling the planning and funding of the enterprise system; - IT desktop support teams in other buildings where Agriculture sub-units are located; - an IT desktop support team in Agriculture Hall; and — a large web team that develops applications and works with other enterprise applications, like the Extension Information System (EIS). The C10 is currently working on revamping the IT service provision model. 110 (most IT employees now are) jack-of-all-trades...(in one day, they could) fix his printer... work on the website for a little while, then fill the database in, after that, go and build 3 computers. Her plan is to build teams of people to handle different services- network services, web services, Unix services- so that they can attain economies of scale. However, she does not plan to move to a central helpdesk model. There will still be IT staff in the units. But, because they would be part of the same organization, they could communicate and help back each other up in case one of them goes on vacation or is sick. That would reduce users’ waiting time. She has begun reorganizing her current team in this way by starting with the formation of communities of practice. Currently, her team supports the Extension, the Experimental Station, the administrative units, and two or three academic departments. The other units rely on their own IT staff or have outsourced IT support. The college has not used external vendors to develop applications or used off-the-shelf software because they see their requirements as being unique. This is mainly due to users becoming more demanding. Outsourcing IT services has not been considered- the budget office was not sure why. One of the new CIO’s first projects was to compile an inventory, since it did not exist, of all the systems within all three lines of business. A tool called ‘Track It’ was used to record Agriculture’s hardware and software inventory in an SQL database. The Excel and Access databases were not recorded in this inventory. Another project she began was to implement firewalls around each unit, and to put in place best practices for security. Her team is also creating policies for other issues, such as data security (e. g. 111 using thumb drives). However, since her office does not have the authority yet, they can only make recommendations and educate users, not mandate or sanction any behavior. Another new initiative she has planned is to offer a “pre-grant” IT service. Currently, faculty members do not plan their IT requirements when they apply for grants. This leads to last-minute urgent requests to handle their IT needs when they receive their awards. The CIO wants her staff to meet faculty applying for grants and discuss what their IT needs would be if they received their grant: e. g. websites, databases, an application server, server space, or help with setting up new computers. The CIO does not use ITIL or anything similar to guide the department’s work. She carried out an evaluation on this topic when she arrived but decided against it. This is partly because of the limited success she has had with it before, and partly because of the small size of the department. Currently, she is using parts of ITIL, instead of the whole platform. it seems a little to broad for what we’re doing. She believes that other frameworks may make more sense; for example, she has sent staff for project management training and she’s considering a change management platform. She plans to re-evaluate her decision 5 to 10 years down the road. The main developer’s position in the budget office did not exist till about seven years ago. He is the IT support person for all three lines, from writing formulas to developing applications, and is very important for their operations. Another employee began as a financial analyst but has also expanded his technical IT skills. 112 he’s got the strong IT background, but yet he’s got the ability to understand the accounting and business components... (he’s a) financial technologist. Sometimes, users suggest improvements to the budget office’s applications. If the changes can be done quickly and are relatively minor in scope, then they are put in place without any formal process. A recent example was a request to add a field that would be calculated from existing data, so that users would not have to calculate it every time. This was a quick job with limited scope, so it was carried out. Well, that was about a five minute thing to throw in, so it was just done. For some systems, the developers meet the users periodically to gauge their level of satisfaction. When there are major projects, e. g. developing the report for measuring employee effort, focus groups would be conducted with representatives from different departments. We knew what we needed but we tried to get feedback from them to make it as easy as possible. There is a process for managing users’ requests for new features and applications, especially web-based applications. Users have to sit down with either a programmer or an analyst and figure out how the information they want would fit into the workflow. CAPS’ users have to approach its administrator, who is a single point of contact, if they have any requests. (while this is) probably not an ideal process, compared to what I’ve worked with in other places... it’s functional and it gets things done. 113 There are some power users among the researchers, while UEX users mainly use Microsoft Office applications. The CIO feels that there is a dearth of technology use in teaching, and would like to see more in the future to meet students’ expectations. Since Agriculture faculty teach and conduct research globally (e. g. India, China, Afiica), many of them use Skype and similar collaborative/communication tools. There are no policies as yet to govern intellectual property rights when such tools are used. However, since the faculty members using these tools are usually not the ones engaged in heavy-duty data I gathering or analysis, there is less urgency. There has been demand to install a Blackberry enterprise server, and while it is functionally possible, the CIO feels that she does not have the manpower to do so yet. She intends to complete the planning for the enterprise system, and then begin implementing a Blackberry server, a SharePoint server, and an object server. The continuous increase in user expectations means that overall IT costs will continue to rise. Today, the number of projects being planned is greater than their capacity to complete them. It seems the more technology is out there, the more complex everybody wants everything to be. The CIO would like to implement the ERP’s research administration module to keep track of each unit’s IT spending. Funding for college-wide systems is handled by the budget office, not her office. Although she has a fairly clear idea of what technology is being used in Agriculture, she cannot clearly say why each imit needs, for example, QuickBooks, or what benefits these systems provide that the current university systems ‘ 114 do not. Removing the shadow systems will not reduce the number of IT staff significantly; instead, the potential savings will be in terms of time spent on data entry. Right now, I have no idea what people are spending we don’t know, nobody knows what they’re doing. The shadow systems were developed as and when the need arose. Based on the CIO’s experience, she thinks that shadow systems are much more prevalent at EduExcel than elsewhere. One reason for this has been the inability to obtain the information users need from the central systems. there’s no connection there for us to get directly, so we had to have a system built. I think all the pieces that we use, the reason you guys developed them, was we couldn’t get them centrally... a lot of operational expertise (is needed) to get this developed. It took a lot of time to develop that and all the other systems. Second, technology decisions have been decentralized across the entire university. Starting with a centralized system which some departments contributed to, the development of the PC meant that departments that could afford to purchased them and hired IT staff to manage them. While some units, e. g. Health, had already gone through the process of integrating their IT systems, others (e.g. Agriculture) were still doing so, others may never get around to doing 50. Finally, there is a natural tendency for a high number of shadow systems since so many decisions are made by individual faculty members because of their grants, or by departments or units. 115 External EduExcel has chosen a decentralized model of IT governance. There was some level of central IT governance previously, but it had recently been disbanded. The central IT component wants to provide very basic services, and allow units to manage their operations themselves. That’s the model that has been chosen here. It works, it’s just a different model than others, doesn’t make it bad or good. This is probably similar to other land-grant schools, although some, like Indiana University, have centralized their IT so that there are fewer shadow systems. Although Indiana’s CIO took a long time to get everyone on board, the community there is very pleased now. She attributes this to users’ needs being heard. They have a governance committee which takes input from users, and opens up their strategic plans for comments. (Other organizations) don’t listen to their user community, (leading to) very unhappy groups. The CIO meets regularly with other CIOs from Health IT and Housing and Food Services. The three of them are similar in that they used to work in environments outside of EduExcel. They have started to invite other CIOs to their meeting, so that everyone can be involved. However, not all units on campus have a C10- some have IT managers or directors, while others have CTOs. Some of the C105 are, like her, new, while others have been around longer and know the culture better. Those of us who aren’t so familiar with the culture are more apt to just charge ahead, (while the others) won’t, they know how to work through the system. 116 In EduExcel’s decentralized environment, some of the C105 use funding from grants to implement new systems. (She would like the units to) move to an enterprise model... what we’re trying to do is to tell people, if you just wait a little bit and we’ll do it the right way, we’ll set it up correctly, will be good for everybody. The CIO has encountered much skepticism with regards to the ERP launch date, which is smnmer 2010, and she is not sure why people are so pessimistic. the general consensus is there’s no way it’s going to really happen... I’m pretty new, so I don’t know a lot of the history... (people have told her that) things like this always get pushed back, pushed back. people hear July 1 2010, they just go “oh well, we’ll see what happens in June 2010” The CIO believes that Agriculture’s users do not have a good idea of the changes that the ERP system will lead to. For example, she understands that users are not aware that they will have to give up their Excel and Access databases. Users may have to enter data twice, and will continue to assume that they have the right to extract the data for their own purposes. (they) don’t really grasp what’s going to change in their lives with the new systems... most people are just ignoring them... until there are firm cut-offs, the user will mostly continue ignoring it. The budget office has been involved with the ERP for more than two years, although activities picked up only in the last year. Previously, there were more unstructured meetings. 117 playing in the sand . .. to generate some ideas... we don’t want this new system to simply replicate what we do now They are uncertain about the ERP’s impact on their work. For example, they do not know what they should do in Phase 1 when the financial transactions module is operational but the budget module is not. They are worried their current systems will not work, and believe they might have to retain some of their current shadow systems, such as the 8419 system. Failure to produce that report will jeopardize their federal funding, and consequently the jobs of many individuals. It won’t talk to the new system and vice versa, and what do we do then? We’re concerned about our current systems breaking during an interim. We rely on those for our day-to-day (work.) Another worry is the requirement for them to be become more involved with the ERP implementation right when they are preparing their budgets. The difference with the rest of the university is that they have two separate financial years; July to June (like the rest of the university) and October to September (for ABS and UEX). Since the transition will be time-consuming, their IT staff are not planning to work on any changes to their current systems. Even if the ERP team sends its staff to help with the transition, the budget officers are not sure how helpful they would be, since they would lack the contextual knowledge. ...our main responsibility is not that implementation, we have a whole another set of things to do. And yet, we have to be involved in that implementation. 118 There’s been a verbal pledge of support from the ERP to help us through these busy times and yet, there’s a learning curve involved... There’s kind of a lot of underlying knowledge that we’ve received on building blocks that doesn’t just get transferred to someone at the snap of a finger... If you just look at the people in this room, the least amount of time anybody’s been here is about 10 years, and the rest of us have been here much longer. Besides the student information system and the electronic journal vouchers system, there have been no attempts to integrate or standardize systems across the university, since the central accounting system was set up in 19605. That again shows why this is such a monumental. We’ve done piecemeal, we’ve done band-aid fixes, and not really looked at the big thing, and this one, they’re saying they want to look at the big thing. They didn’t really know what that meant. The ERP is not a major item of discussion in the CIO meetings. Since none of the C105 are on the project, their focus is on ensuring that the needs of their users and businesses are met, while the functional heads (e. g. finance, HR) work with the ERP team to develop their requirements. (The ERP) will have an impact on our users and our community (and) it’s a big technological change in the eyes of the users... (However,) the success or failure of the project doesn’t affect my life. The ERP system would have been more important for the local unit CIOs if the ERP project team had stayed with its original plan to forbid the use of all shadow systems. This is because it would have meant that they would have to understand all of 119 the changes that would have to be carried out to ensure that their users’ needs were met. However, in the last few months, the users were informed that their needs would not be met when the first phase of the ERP is rolled out in July 2010. They would thus need to retain their shadow systems. With shadow systems still being allowed, the C105 will find it easier to meet their users’ needs: users can work with their shadow systems and the C105 do not need to understand their users’ needs so quickly. The university carried out a simple IT audit in 1999 and a more comprehensive one in 2007. They examined her plans to build an enterprise model, and signed their approval. They did not do an inventory of the systems being used in the college. It is difficult for the budget office to share ideas with other universities on managing their IT systems since they are all structured differently. For example, in some schools, the Extension service and Experimental Station are part of the College of Agriculture, unlike EduExcel, where they are part of the central administration. Since they are also different from other colleges on campus, they have to come up with their own practices. There are some annual meetings and regional meetings organized by the USDA where they exchange ideas. For example, this was where the budget office’s IT staff showed off its cost-sharing system. Before building this system, the IT personnel also called up other universities to find out how they were handling this issue. Case Vignette 5: EduExcel — College of Business The College of Business consists of five academic departments, and has more than 120 faculty and nearly 6,000 graduate and undergraduate students. Unlike the College of Agriculture, it does not rely heavily on external grants and neither does it have 120 extensive facilities outside the main campus. Undergraduate advising is carried out by a team of 15 advisers, led by the assistant dean of undergraduate admissions. Governance 3% IT Managers meeting Internal: IT manager not a direct report to unit head; users search for and develop own systems, being asked to centralize spending; Medium-sized IT team Drlf‘l IT Portfolio Central: Data warehouse, HR systems, Degree Navigator, student information database, A17 (financrel), Local: Excel, Access, QuickBooks, Figure 9: Governance mechanisms, IT pory'olio and instances of drift for EduExcel 's College of Business IT Portfolio Meat The budget officer at the Business College was hired one year ago. Previously, she worked in Central Finance, and also spent two years on the ERP project’s finance team. The previous person in her position was there for eight years and moved to another of EduExcel’s colleges. She finds it advantageous to have him located nearby: 121 having that mentor is really very important to me right now, trying to learn all the iris and outs of this budgeting situation Her major tasks are reconciling the ledgers for the Dean’s unit every month, re- setting the General Fund budget every year, managing the faculty raise process, and informing the Provost whether there are any special needs that they need funding for. When she is carrying out reconciliation, she uses a database called the Financial Data Warehouse, which is managed by Central IT. The database was actually developed by Central Finance. Before the database, obtaining the data was difficult because it was located on a mainframe. Accessing data thus required programming in 2AD, a mainframe language. After running the program, the results would be printed out on paper, which the staff would then enter into Excel. Someone came up with the idea of writing a program in 2AD that would extract all the transactions. Later on, when that office began working with Microsoft Access, someone else wrote a 2AD program that extracted all the transactions and imported them into tables in a database. Working in Access was much easier than working with the mainframe. For many years, this Access database was maintained by Central Finance, separately fiom Central IT. Central IT wanted to maintain it themselves, so that the data would be located in a more secure location, and its programmers could improve the design of the database, which would make it more useful for the Finance office. This database later became the Financial Data Warehouse. The programmers there can set the tables up to be more of the field names, things made more sense and we got more information 122 She accesses this warehouse, extracts the information she needs, and imports it into an Excel table where she sub-accounts using Pivot Tables. Her predecessor did not use Excel. Instead, he imported the data into Access and did his sub-accounting there. She hopes that the ERP system will encourage more of her colleagues who carry out accounting operations to become more efficient. He had a whole system set up where he could sub-account for forms and processes, and macros and queries, and he would report off that. I do similar, but I just kind of moved away from Access. Access has been a savior, efficiency-wise, around campus. If units are not using Access, and units do not have access to this financial data warehouse, they need to and they need to now. I do have units here that do not have access to that (the data warehouse)... I’m not real comfortable with that, because... But, the issue is security with that- if I give them access to the financial warehouse, it’s the entire university’s accounts. Do I think I have professional people on staff who would not abuse it? Yeah, but I don’t know... When I’ve got office managers basically printing out their paper ledger and checking it off... when really they could be getting their data automatically and sub- accounting in Excel without re-keying in anything. The efficiency factor... I view (myself) going off to the (ERP system) and having either a canned report that I run or one that I develop myself. I also envision all my office managers being able to do that. That’s an issue with training I’m going to have because they don’t do that now. They are at paper checking 123 ledgers, and moving from there to here, where they’ll be in an electronic environment they’ll need to understand how to write a simple query. Central Finance has not mandated what software she should use. She is debating over whether she should install QuickBooks, as a replacement for the current A17 ledger system, which does not allow her to go to the level of detail that she wants. Her subordinate has informed her that the previous budget officer installed QuickBooks, but never loaded any data into it. If she decides to install QuickBooks, she would have to do the work after hours, as she will not have time during her regular workday. She would be more likely to install it if the ERP system is delayed any longer. One benefit of QuickBooks is that having her data in QuickBooks would make it easier for her to import it into the ERP system. Since the A17 system does not have enough data fields for her to sub-account appropriately, she has to tag on the additional data fields manually each month. She needs these sub-accounts for her reporting. For example, different sums of money in the General Fund are allocated for separate purposes, such as summer research grants and faculty retention. She has to keep track of each faculty’s portion of these fimds, but the A17 system does not allow her to do so. The ERP system’s General Ledger has additional fields, which she can use to sub-account on the central system and tag faculty names onto individual transactions. That way, she could automatically run profit and loss reports on different units. It’s going to be wonderful... the issue right now with shadow systems in my opinion is we just do not get what we need. So that’s why we need them. . .With the systems, we box ourselves in... 124 One issue about having shadow systems is that the same piece of information from the central system could be tagged differently by the different units when they store it in their own systems. There is no control over what he puts on. He does it for his purposes and what I tag on for my purposes. Our account numbers have all kinds of intelligence in them, 61-... means something. So, that range means something, what do you do when you’re out of numbers? So then you start picking around, what does that do for a database? You’re just like “ok, how do I know which account number is for NSF?” So, it doesn’t work very well.” You have to use and manage a shadow system right now but you have to start with what the central system gives you, that’s your starting point, if not, your ending point. What we’d want to do is put a system in that’s your starting point and your ending point. I would hope that the majority of data would just come out of the financial system, and the financial system would marry up nicely with the Payroll HR system, because I find that that’s right now, even though we have databases, there are almost starkly different from each other that you have to do a lot of mashing together... Hopefully... there’ll be a nice key number that you can constantly link together the data sources. The Business College’s HR manager uses a range of applications from different areas: HR, payroll, finance. Her predecessor used different spreadsheets to manage her work, but the current manager would like to develop her own, based on her prior 125 experience. She uses ODBC to link to databases managed by Central IT. She did not have access to the ODBC link in her previous role. Coming from my old department, I had a lot of systems in place that I felt were effective and efficient had I been able to use (this) before, I wouldn’t have had to recreate so much of it. She developed her spreadsheets by herself. She has not asked Central HR for help. I don’t think they understand the need for that kind of information as much as they do the bigger picture. In her previous role as an office manager in one of the departments in the college, she developed extensive spreadsheets to handle staff expense reports, track scholarships, and manage the endowment account. Some of her tasks are very manual, in that she has to extract the data from the university ledgers, as opposed to writing a query to obtain them from the databases. all of that was manual, it was a manual process. The HR Manager also manages the grant application process in the college. Currently, it is paper-based and manual. The Central Grants office has an online system for submitting grants, but it is not used by the Business College. This is because the Business College’s faculty do not apply for many grants, unlike faculty from the Engineering or Natural Sciences colleges. She understands that in the new ERP system, principal investigators will be responsible for creating the entire application themselves. This worries her, as it would mean fewer chances to review the material before it goes out to the Central Grants office. The colleges for whom grants are more important for 126 their funding have firll-time staff handling the grants, and they are not sure whether the new process will work for them. The assistant dean of undergraduate admissions uses Excel and the university systems for her budgeting and HR tasks. They create workarounds using Excel and Access when they are not able to perform their tasks. However, these databases are not integrated and there are no standard templates for their designs. I think all of us are very excited about (the ERP system), because the accounting system, it’s pretty archaic, and of course, all the systems don’t talk to each other... often I’ll have different windows pulled up... but it’s not like that can talk to another Excel spreadsheet. That’s what we’re dreaming about from the business enterprise system. I’m trying to think of almost like creating a utility for us or a conduit to help us... to be able to get from Point A to Point B. . . But then it’s almost like is the gap wider or more permanent when you do that, right? they’re not integrated. That’s a really big problem... because there’s no template, I don’t know if I’m using the right language... People can get to the same place through different paths... someone may be leaving, a new person coming, and then a new person says “this design eliminates potential”, or “we totally missed an opportunity by the design of it.” Earlier, there were opportunities to suggest improvements to EduExcel’s IT systems. However, when nothing changed, people started developing their own workarounds. 127 way back, information or opinions about the (EduExcel) systems were shared, but probably what you’ve heard is that it’s been years... initially, and along the way, people gave input, and ..., after 20 years, I think people say “this is what I have to work with”,...we’re going to create our own workarounds to be able to do the job and deliver within our positions. This was not true for all units. For example, unlike Central Finance, Central HR has been much more pro-active. it’s almost as if HR is anticipating or they hear it right away and act on it. . .With HR, maybe I create a temporary workaround, and then within a year, (it’s in their systems). So, there isn’t the frustration and the creation of (separate islands). Degree Navigator is an application used to help students find out the courses they need to graduate. However, it is inaccurate, so academic advisors cannot use it for degree certification. Colleges became frustrated and developed their own applications, but this was resisted by the university. This is a great example where colleges got so fed up with its inconsistencies and inaccuracies, College of Engineering actually created their own... The university was not happy about that and they really tried to put the brakes on other colleges creating something like what the College of Engineering did... The problems with Degree Navigator are related to the fact that it is developed by a Canadian software firm, and so is set in their educational system which is very different 128 from the US system. The feedback from the users has led the university to develop its own replacement. you know they have a 13th year of high school, their whole system is different, it’s like starting from Apple... It’s like every step of the way, there was this, it’s like a translation! They have gotten enough feedback, or maybe too much feedback, from the academic community that they (the university) actually wrote and designed their own degree audit And it talks to Degree Navigator and all this electronic student information system... (the university) can do incredible things with IT, they should just ignore the software company and I think that’s interesting how they were successful in... I want a diplomatic term... kind of damming off, I was picturing a darn, kind of holding back this momentum by colleges to develop their own, they got the message and they created a new IT system to basically meet our needs, and it is incredible. This new system was “soft-trialed” by the Business College a year ago (i.e. the paper processes were carried out in parallel with the new software). Last semester, the Business College did it completely electronically, and now, three colleges have gone in that direction. However, Degree Navigator has not been left aside. It is still being used but as an additional check. Now they understand at least at the state it’s at, it can’t be used for degree audit. They still want students and advisors to use it, it’s like an informal check. And they want us to help clean up the curriculum problem. But 129 they finally understand that the activity of certifying a student for graduation, doctoral or undergraduate, is a very systematic, careful pI'OCCSS. Future The new ERP system should have some flexibility to take into account the university’s complexity. It would be nice to have Central (say)... this field is this field, to maintain the key fields... These other fields... let them be flexible, that’s where we won’t back ourselves to a corner again, because then we’ll allow each department sort of be their own culture, which we are. This university is - we sell ice cream, we have cows, and we have a cyclotron- I mean, imagine it’s hard to keep everyone in the same culture... Besides the launch date of the new ERP system, another aspect of the uncertainty is over what exactly will be available on the launch date. She thinks it may be only the central accounting system, which may or may not affect her work. If users are not allowed to use sub-accounts, she would still have to do her sub-accounting on a shadow system. you say you’re going to roll the (ERP) system out, so what does that mean? The entire system, or half of the system? What is it that we’re going to do? It’s something that I just don’t know yet and will impact me quite a bit. So, I’m hoping to hear more. 130 The HR manager and the budget manager will meet the office managers and the department chairs to find out what would like to obtain from the new systems. That way, they will be able to identify the gap between what they have now and what they would actually like to have. there is a lot of information that they currently can’t have access to because of university security limitations, but with the new system, that will be gone. So, we’re hoping that as this transitions end they’ll have an opportunity to have much more information at their finger-tips. is it going to be overwhelming?....When you’ve got someone who’s never worked with general ledger information, to now have (the) full general ledger data dump, it’s going to be a huge learning curve... there has to be a desire on the part of the office manager to use the information and on the chair to want the information. There is uncertainty about how much the ERP system will change the systems they use for their work. The budget manager believes that the shadow systems will disappear because the number of fields in the ERP system will be enough for their needs. She expects to be able to use the business intelligence (BI) reporting module and extract the reports she needs. This is especially so because the Business College is not very complex. She believes that, over time, supervisors will start asking for more reports as they find out what the BI system can do. However, the new system should still enable her to find what she uses now. However, the IT manager and HR manager do not expect the introduction of the ERP system to completely stop users from using their Excel or Access databases. This is partly because they are not sure what the system will offer, and partly 131 because the system may not be as customizable as they want it to be. Also, he is not sure how to identify the users who are currently using the Excel or Access databases, and who will be in charge of getting the users to drop their older databases. Everything we’ve seen in demonstrations has been in such a rough format yet that we haven’t been able to even see what we’re going to be downloading in. How are we going to be able to download and manipulate this data? we don’t know what kind of manipulations we’ll be able to do yet. They couldn’t provide us with a demonstration... No sandbox of it. (the new system) should be able to give me exactly what I have now in my database. If I have to lose any of that ability, I will not be happy because I need to go out and I need to pull (data)... ...it’s about that comfort, and is it generational, or about experience, or educational... some of us respond more quickly and some of us don’t, and sometimes we do both systems in tandem for a while . .. to reassure ourselves. We’ll have to see how dynamic the business enterprise system is before we let go of our old way, our workarounds. The budget manager thinks that it took so long for the university to move to a new system because a), for a long time, Central Finance had no problem getting the financial statements it needed from the current system, and b) IT costs have fallen substantially at a high, high level, it works very well... much better than at the units... I worked over there so I would always say, “I get what I’m needing.” When Access came along, it’s like “this is better, why is everyone complaining?” I’m now here at the units, I definitely understand. It’s just not giving me the 132 data I need to have.” “...they went “well, it’s working” and everybody seems to be getting by with it. They’re getting by because they’re hiring IT people... if I was sitting up, it’s not my problem, they’re having to hire the people, they’re having to train the people, they’re having to buy QuickBooks or whatever, great, I don’t see a problem with that. It’s just gotten to a level where it’s affecting Central I think. Databases and database systems don’t use as much RAMs or ROMS or whatever it was. It used to be that was a huge thing... Now that’s not a problem, we should have all this information. IT Governance and Management lntemal The IT department of the Business College consists of five full-time staff and nine student employees (5 undergraduates and 4 graduate students). Most of them are in their late 205 to late 305. They are in charge of PC support, networks, and the computer laboratories. The website is run by a separate team (i.e. not part of the IT department). The IT manager has been in the college for 15 years. In that time, the college has moved from 100 computers to 800 and 3 servers to 40. He was hired as the second firll-time IT employee in the college. A few months after he began, his supervisor left for a better- paying job. After some training, he took over that position and hired one other person. He recently hired a new employee to manage the systems administration, so that he can free up his time for other tasks. He plans to hire more employees in the future. 133 We’ve been in maintenance mode for about 3 years, just fix it, fix it, fix it... there’s no time to go out and be pro-active. When he began, Central IT controlled and supported most of the university, unlike today. Now, Central IT offers an outsourcing service when you have 10 users there or 20 people, it makes no sense to hire full- time people so they'll contract to them A large portion of his time is spent on managing projects, such as installing plasma screens in hallways. One of his current employees is starting to take over some of the more routine tasks, such as managing the network, the servers, and the labs. However, the IT manager still takes care of advanced administration tasks concerning the mail server, and the firewall and other security equipment. Some of the major applications his team has created in the past include applications for tracking the progress of doctoral students, alumni, and IT support requests. The alumni database is synchronized with the data held by Central IT. The IT support requests system was first developed about 15 years ago and has grown since then. His team does not develop any databases or applications based on Excel or Access for the departments. They are usually created by the users themselves or the budget manager. He believes that the departments would develop more applications if they had more resources. He does not think there are employees in the college outside his team who would develop any applications by themselves. He advises faculty not to ask their students to write any applications, because his team find it difficult to support them when the students leave. 134 no-one knows how to support it. Then they call us and we’re “what do you want us to do about it? We told you to buy this or you should have this person from us do it”... it’s tough... we try and steer them towards in- house or canned packages, which would get rid of all those, because you can just call for support... we tell them, “look you’re wasting your GA or RA on writing this app. We have one available, or you could buy one for $500... 95% of the time the light bulb pops on and they go, “Oh yeah!” This is especially difficult to do with the smaller departments that want to control their own resources. For example, there used to be a full-time programmer in the MBA program and a half-time contract person from Central IT in the Accounting department. Both positions have now been folded into the main IT team. This is also financially efficient as it improves the scalability of the services provided by the IT department. The IT department receives money from the different departments that need IT-related services and is able to grow more efficiently. It’s not efficient to have these little people... We’ve actually done well, our staff size hasn’t really grown, the systems and the people we support has probably doubled. He is responsible for all software purchases in the College. These are typically done on an as-needed basis. His office uses an application called SMS to keep track of the sofMare in use in the college. Statistical software is purchased by his department, which also does the installation and upgrades. However, they cannot support users who have questions about using the software. By centralizing all spending, he is trying to reduce wastage. For example, after buying software for running surveys online, he found 135 that two other departments had purchased the same application and had their own licenses. So, the college was double-paying. Now, if you need the software, contact us first. First of all, we won’t let them buy it without going through us. He does not purchase any financial applications. Users connect to Central Finance and HR over the web. Some use Access and link to the central databases using ODBC. Some of the office managers in the college use DepACT, a university-developed financial system built on F oxPro. He does not think the number of people using their own applications has changed much. We don't have any financial application that I'm aware of, that the Dean's office uses. I think even the departments use Excel, Access, web, or a combination The budget manager picked up QuickBooks, Access and Excel on her own, and does not use any IT staff to support her use of IT for her work, besides the regular desktop support: It was just working with other people who understood Access databases, seeing how they did queries. You just looked in there, you were lucky to work with somebody who knew about it and you tend to say, “ok how did they do this query” and you learn that way... we’re such a silo around here just to keep everybody in the know and if others have expanded and gone off and learned new things. That would be a nice thing to share with everybody. 136 Unfortunately or fortunately, it is myself... I know that there are colleges around... that actually have a support unit that supports these IT services... They develop a separate shadow system and they maintain it for their book-keepers and accountants. The (Business) College is very, I guess you could say, efficient. Another reason why other colleges have larger IT support units is the availability of “soft money”, i.e. funding from grants. Since the Business College relies mainly on its General Fund, it does not have a separate pool of money it can use to staff to run a shadow system. This may turn out to be good thing when the ERP system rolls out. we won’t have this fiill systems group that we have nothing to do with. . ., because now this will be supported by the central (IT) Colleges with large IT support groups usually set them up because they needed good tracking mechanisms to manage their grants, and Central IT could not help them. Since the Business College did not have such grants, it did not have a large IT support staff. However, one side-effect is that the business college staff are not as efficient as they could be. The university may design a better application, but if the users think their needs are unsatisfied, they will still extract the data from the central system and manipulate it themselves. there’s always going to be drift for key people in each department because the systems are never going to do exactly what they want... you can’t write a single system that meets 100% especially in a university the 137 size of this. I talk to people who’re involved- they say it’s a lot better than what we’ve had. There is no IT support person in the undergraduate advising department. However, one of the advisers is more IT savvy than the others and others refer to him for help for tasks such as building queries and accessing data. They rely on the business college’s IT support team for desktop support. The head of the department has no issues about her staff creating new spreadsheets for their work. All shared spreadsheets are saved on the shared folder. The policy is that the files should be saved on the shared folder whenever they are created or updated. rock on! ...it’s really about management style For me, I don’t want to micro-manage, I want people to take risks, I want them to do it well, so I might recommend to them, talk to (the adviser who is more skilled than the others), he’s really great” The university’s lntemal Audit department carried out an audit a few years ago. It lasted for about one week. The Business College’s IT department carried out a “secure and sensitive data initiative” and found some individuals possessing data that they should not have on their PCs. The IT team settled one issue by creating a web application so that the data was secured on their SQL server. Another issue was users storing sensitive data they did not need to, such as five-year old credit card numbers. They educated users about data security guidelines, e. g. sensitive data should not be stored any longer than required. However, it is difficult for his team to prevent this, because if users want to download something from the central systems, they do not need to inform the IT department and thus cannot be stopped from doing so. 138 Data security issues are compounded by the widespread use of USB drives and laptops, which are expensive and difficult to secure. What they do is to rectify problems when they find them. For example, when they found some using storing credit card information which they did not need to, they converted them to use ‘webcredit’ and payment cards. The IT manager would like all such data (e. g. financial information, multicard information, and SSN) to be stored on Central IT’s servers, since they have more resources to make sure the data is secure. They are worried about users storing data on their PCs. If all data was accessed over the web, then there would be fewer data security issues That’s why the (ERP) system will be useful, any centralized system to prevent this data from leaking. I think what we might do is laptop hard- drive encryption, thumb drive encryption. Compared to IT departments in other colleges, he sees the Business College’s IT team as being slightly above average in terms of its structure and governance. For example, departments that are more structured and controlled also have many more IT employees, while departments that are less structured could have more people than they needed, so controlling them becomes difficult. External He is a member of a community that looks at network communications issues on campus. It’s made up of IT people from across campus and acts like a steering committee, giving advice to the Vice Provost. It has now broadened its ambit to include service software. One thing they are working on is a data security guide for people traveling overseas. Past 139 projects include guides on securing networks and servers. They also recently rewrote the university’s Acceptable Use Policy, because the current one is quite weak, as it protects end-users, not the university. Since the community has no official power, these documents are only guides. However, I think it’s lost its fizz. Twice a year, all budget officers on campus meet to discuss accounting issues. Central Finance also holds some meetings throughout the year. The budget officer would like to meet her colleagues more often: I wish we met more. To be honest with you, I wish there was more communication, because in many ways, this position feels pretty isolated sometimes. You are the only person in the college and to have your co- workers at the other departments, you don’t see them as much... But other than those meetings, there’s no real get-together to share ideas, to discuss. HR managers from across the college meet every month to discuss new policies that affect their work. The HR manager brings up any IT issues she has at these meetings, and also asks Central HR for tips or short-cuts. There are a lot of experts here on campus that know bits and pieces of information that can help you get to where you need to go much faster. So as often as possible, I try to use that knowledge. She discusses her department’s IT practices with other similar units all of which advise students, both in the college, such as the Hospitality Business program, the 140 Multicultural Business program, and the Lear Career Center, and outside it, such as the University Undergraduate Division: there may be people outside that have found a really good solution or workaround that we haven’t come up with Case Vignette 6: EduSucceed - International Center The International Center handles administrative issues for international students, faculty and staff. These include conducting orientations, monitoring their health insurance and visa status and immigration applications, and sending periodic updates to the federal government. The center does not handle admission issues, but works with international students and scholars once they are admitted. 141 Governance External: Personal contacts with Central IT, Peers in other universities, Student Affairs user group Internal: 2 IT employees; ad-hoc help request process Request tracking log in Access IT Portfollo Central: ERP (including Sevis module), Business Objects, PS Query, ODS, Footprints, Locak Excel, Access, INS Zoom Figure 10: Governance mechanisms, I T portfolio and instances of drift for EduSucceed 's International Center IT Portfolio Past Although the university implemented the ERP program in 1997, the center did not use it extensively till 2003. From 1997 to 2003, only the associate director and the financial team used it regularly. From August 1 2003, the government introduced its online Sevis system for keeping track of foreign students and scholars. Before this, blank paper documents were used and were stored with the organization issuing them. With the Sevis system, all records had to be kept centrally with the federal government, and many new events had to be reported. Thus, the center’s employees began using the ERP system because the relevant data on international scholars was stored there. 142 The Sevis module for the ERP system was not ready when the government announced that it was bringing forward its plans: instead of phasing in the implementation over five or six years, it decided to implement it in less than 2 years. Thus, the government system was not very well developed. The ERP vendor rushed to complete its module, but could not complete it in time. EduSucceed decided to use the beta version of the module because it faced a hard deadline and had to modify the module to make it work. The entire system took a few years to stabilize. We actually started by implementing the beta version because we couldn’t wait for the final production version. So, that didn’t work very well. (Central IT) had to make a number of modifications just to basically get it to work. So, it was an incredible process just making that transition... I would almost say a couple of years before they really had stability. It was very difficult and it was also, you know, we just had to, because we had a pretty hard and fast deadline, just getting all those records in was very stressful. They used to use QuickBooks as their financial application, but dropped it and moved to the ERP system. . it really doesn’t make sense for us anyway to do that because the authoritative data is in (the ERP system), you’re taking that and putting it into another system. It just gets a little complicated and unnecessarily complicated... I mean I’m sure there are things she may like to do differently (in the ERP system) but basically things are working out. 143 Five years ago, the center transferred a stand-alone F oxPro database that was used to track whether visiting scholars had health insurance to the ERP system. Moving the database to the ERP system meant that the center did not have to enter the same data twice into two separate systems. Current The center’s employees use the financial module of the ERP system for their financial activities and the student administration module to monitor the students. They use a few different applications for their reporting, depending on the task they are trying to accomplish. Business Objects is used for some financial reports, while for the majority of their daily activities, they rely on the ERP system’s native query tool (PS Query), Microsoft Excel and Microsoft Access. This is for two reasons: 1) the data warehouse that Business Objects draws its data from does not contain some of the data they need; and 2) they need real-time, not historical, data for their reports. The data in the data warehouse used to be “refreshed” every week, but the frequency has increased for some of the tables, such as the student data, which is now refieshed daily. PS Query runs on the production system, and can thus provide real-time data. Queries can also be nm on the Operational Data Store (ODS), which is a day-old version of the data from the production system. They use a commercial package called INS Zoom to produce the documents required for processing HIB visas, since the ERP system cannot do so. A system called Footprints is used to keep track of their communications with their clients. Footprints is essentially a helpdesk application that is hosted by Central IT, and the International 144 Center “buys a share” of it for a fee of $200 per year. The front desk staff at the center log on to the system over the web and assign the tickets to the various advisors. A Microsoft Excel spreadsheet records the details of students who have not responded or are having difficulties. A major responsibility is reporting various events to the federal government. Usually, these events are sent as batch updates to the government’s SEVIS system every night using an API. However, urgent cases, such as students whose visas expire in a day’s time and need quick renewal, are handled via the government system’s real-time interface (only if their visas will be approved.) After that, the student’s status will be updated in the ERP system, and a process called Master Sync will be run to ensure that the data in the government’s system matches the International Center’s database. The center has to do this because the government’s system is a one-way system: it receives data but does not let data flow out. If the data is not synchronized, the center will receive alerts. A similar process called Compare Process is rim daily to match the university’s data with the government’s. Any discrepancies are highlighted as alerts, and the user can decide whether to update the government’s entire database of EduSucceed students or only the ones whose status has changed. They have also set up a log in Access to keep track of student requests, and whether they have been fulfilled. This log is an outcome of the increased monitoring of international students required by the government after September 11 2001. While the ERP system was usefiil for handling transactions, it was not developed to track whether individuals had registered or fulfilled other official requirements. In addition, spreadsheets were being used to keep track of requests from students, such as requests to 145 renew visas and documents. Employees handling these requests discussed with the technical analyst how tasks, such as sending out email reminders to students or ensuring that requests were fulfilled, could be automated. It is just a continuous process that makes things more automated and faster and better service to the students so we can immediately inform them when their stuff is done. The previous example of an Access database replacing an Excel spreadsheet is part of a broader trend in the organization. The existing spreadsheets are being gradually replaced by Access databases. The spreadsheets do not duplicate information in the central databases, and were set up to help with student monitoring, although the new checklists feature in the ERP system may be able to handle that function. The associate director uses spreadsheets to keep track of their activities too. I myself would use Excel sometimes to just figure out what is going on with some of our systems and what needs to be done. For example, the“ government’s SEVIS system does not have a very useful search feature- e. g. it can provide a list of people that meet a certain criteria but only displays 20 records per screen. Thus, the associate director has to manually copy the data and paste it in a spreadsheet if she wants to match the records to other data from the ERP system using a vlookup fiinction. She is unhappy about having to do this. At every conference I say, do you know how much, how stupid this is. The international center’s data is stored on a server which they share with Central Student Affairs, and is maintained by that unit’s IT department. The center uses shared folders so with differing levels of access so that documents and data can be shared with 146 different staff members. There is no specific checklist specifying which employees or roles are responsible for or are allowed access to which documents or files. We don’t have a specific on boarding and off boarding, it’s more in people’s heads, but you know we really should write that down... I think that’s something that units can always keep working on. I mean, we’re continuing to work on things like doing better, procedures manuals, etc. But, that’s kind of a continuing process, you will never get a perfect first draft. Examples of drift Student request tracking log Before the request tracking log was set up as an Access database, the international center’s staff asked Central IT whether the ERP system could provide the required functionalities. They mentioned that a checklist feature was available, but would take some time to customize. Thus, they were agreeable with the international center developing its own Access database. However, the international center’s staff has agreed to integrate the database with the ERP system if new features that made it a viable option appeared in future versions of the ERP package. What I think we will be doing is certainly keeping an eye on whether there are opportunities to move some of that over to the mainframe. As (Central IT) upgrades to newer versions,. .. sometimes there are new options and some things that might be more laborious in the new version, there is an possibility. I would say, “yes, we will always keep that in mind.” 147 IT Governance and Management Internal There are two IT employees: a technical analyst, who creates and maintains queries and databases, and a website administrator. The technical analyst used to work for Central IT. The technical analyst creates Access databases as requested by staff, with one recent example being the log for tracking student requests. Although the web administrator and another staff member are proficient with Access development, only the technical analyst develops such databases. The center’s associate director also has a higher-than-average level of IT skills. This is because she was one of the earlier employees of the department (she has been there for nearly 20 years) and volunteered to set up their systems when they began since no one else was interested in IT then. I mean it had something to do with “ok, I’ll organize it” but I kind of just learned it, exactly, from guys like you. Little formal training on IT is canied out for non-IT employees. When the center moved to the ERP system, employees with more IT sawy helped those who were less confident of using the system. I think that it’s true that some people were comfortable and some people were less comfortable, one of the things we do and we, the international student scholar team, they work really well together as a team and people will just informally help them... a lot of people prefer to just learn a little 148 more informally... they grab a book or they look online or whatever so I think a lot of it is stuff like that. Because of the greater use of IT, applicants for new positions in the center are quizzed about their IT proficiency, unlike before. When I was hired, this is a slight exaggeration, but no one cared whether I could add, subtract, multiply. But now, we’re really looking. So we ask questions like what is your comfort level with Microsoft Office products, have you had the experience of working with a database like (the ERP system) in your previous school? Users rely on the analyst to help with general IT issues and approach him with suggestions about improvements to the databases they use. The associate director is the person employees contact if they have questions about the ERP system. If she cannot help them, she will call on her acquaintances in Central IT. For (the ERP system), people who don’t understand why I got this alert, stuff like that, I am available as well. For some of the things where people just can’t figure out what is going on, I would probably try to problem- solve there. If I can’t do it, then I would call my contact at (Central IT) and say “My brain just exploded! Could you help me with this?” Procedures and guidebooks, such as how to deal with certain situations and how to carry out some common tasks, are saved as documents in the shared folders. However, they are not very extensive. Yeah, we haven’t done as much of that as we maybe could, that’s certainly a good idea... I think the other things are more sort of colleague-to- 149 colleague. So I think that’s something you can certainly always count on a little more. External The international center’s associate director is on a mailing list for the higher education users group of the ERP package. She also interacts with companies that use the same ERP package. She thinks that Central IT is an innovator in using the ERP package’s Sevis module. the people we work with in (Central IT) are in some ways, or many ways at the forefront of really working with the Sevis functions, the (ERP) Sevis functions and helping us use them in a pretty sophisticated way. So I would say, a lot of times, we are more contributing to that list than any other really. And that’s always good to know. The international center’s business manager is not part of the financial users group that meets with Central IT every quarter, but is part of the student affairs group. The web administrator is part of a group of her peers on campus. Besides these two, the international center is not part of most of the other IT advisory groups on campus. However, this has not left it out of new developments. We are not actually formally part of those groups, but because we work very closely with them (Central IT) on the Sevis system, so I do have informal contact with a lot of people there so I don’t think it’s an issue there that they would not be aware of. It’s more time and resources. 150 The International Center has worked with Central IT on various projects, when the central systems did not meet their needs. However, they do their best to minimize this.- Overall, if we can do something in a central system, we’re trying to do that... I think their time is limited so I know whenever we have an idea like that we would present it and make a request and some of the things we are able to get and some of the things we aren’t. Our overall philosophy is use central systems when we can. But if we have a need and it doesn’t look as though (Central IT) is going to accommodate that in the near future that we will develop our own. The main contact person for such interaction is the associate director, not the technical analyst. This is partly due to the fact that the associate director has access to the real-time Sevis system, while the analyst does not because there are only ten slots available. She received the slot because she is familiar with the relevant regulations. The Sevis user community has asked for additional access slots for technical staff, but to no avail. So, she is the intermediary between the analyst and other parties: right now, (the analyst) doesn’t have access to the government system so we’re kind of working back and forth which is a little harder because you don’t have access The associate director passes on ideas for improving the ERP system from her users to Central IT, even if she thinks they are not likely to be implemented because they benefit only the center, not other units on campus. However, Central IT has carried out some projects that were specifically for the center. 151 Case Vignette 7: EduSucceed — Athletics The Athletics department at EduSucceed supports athletes in 17 sports at both the intercollegiate and recreational levels. Its activities help with fund-raising and keeping alumni connected to the university. In the past (20 years ago), the department was a separate corporation from the university, and had its own checking accounts and assets. The finance team of the department consists of the Chief Financial Officer, the finance director, an administrator, and three assistants. All of them have been around for at least 10 years. Governance External: Monthly ERP liaison meetings with Central IT, personal contacts with Central IT, peers in other universities Internal: IT manager not direct report to unit head; ad-hoc help request process; Small IT team IT Portfolio Central: ERP, Business Objects, ODS Locak Excel, Filemaker, Paciolan, NCAA compliance software Figure 1]: Governance mechanisms, I T portfolio and instances of drift for EduSucceed 's Athletics unit 152 IT Portfolio Past Before the ERP system, the finance department used a variety of locally- developed applications- a general ledger, a procurement module, etc. These systems were used for about 11 to 12 years, and were all replaced by the ERP system. Since then, we’ve strictly utilized the central system. (Before the ERP system,) I think a lot of people felt that the reporting was not sufficient to properly budget and evaluate results on a regular basis. Current The finance department uses the ERP system for most of its activities, e. g. processing payment vouchers, purchase order requisitions, procurement, etc. They also use Excel and Word. Business Objects is used to develop reports- data is obtained by querying the data warehouse and is manipulated in Excel. However, the ticketing office does not use Business Objects or the ERP system. Its employees download data from their commercial ticketing application into Excel to prepare reports for the finance department. ODS, a module in the data warehouse, stores canned reports, and the finance department has its own set of customized reports within it. Examples of these reports are: monthly budget reports for its 25 sports and 13 facilities and administrative units, balance sheets and income statements, and endowment fund reports. The canned reports are output as Excel files. While Business Objects is refreshed weekly, ODS is refreshed daily. 153 They do not use Microsofi Access, although they used to use FileMaker before. One area that still uses it is home game management. During the football season, 600 temporary employees are hired as users and ticket-takers. The supervisors in that group are paid using the standard temporary appointment option in the payroll system. The larger portion of this group is paid $12-$15 as a stipend to reimburse them for their out- of-pocket expenses. They are paid as volunteers through a process in the accounts payable system. The finance director downloads the information from FileMaker, imports it into an Excel template, sorts it and saves it as a DAT file, which is then sent to Central Accounts Payable. The checks are generated overnight and sent out. The same process is used for ticket refunds, as this helps avoid the need to set up individuals as vendors, which would require every individual’s social security number. The ERP system for Athletics was installed about 2 years after the rest of the university had gone live. This was because of historical factors- the Athletics unit was constituted as an independent organization with its own board, bank accounts, and policies. That meant that moving it to the ERP system was more complex than other units on campus. So, once the other units had gone live and the system had stabilized, the project implementation moved to the Athletics unit. Athletics gained substantially from this delay- the bugs in the system had been removed and the system implementers had a better idea of how to run the project. Consultants from Anderson Consulting carried out the implementation. Before deploying the software, they helped Athletics re-engineer its business processes. That was a very useful exercise, because it made them think about how they wanted to structure their organization and variables so they could 154 have effective reports and effective ways to slice and dice. (Today,) each team, each facility, each administrative unit (has) its own budget, its own P and L that we distribute monthly... I felt very lucky that we were able to have those resources. Since then, the processes have remained largely the same, although there have been some changes. For example, some processes are now web-based, which supports tele-commuting. There are no shadow systems now, according to the finance director, but there are workarounds: The PeopleSoft can feel a little clunky for some of the things we do and there are a lot of pages to go through to get something completed... it can seem like it’s a little clunky and that there are a lot of steps to get things processed... there are some tricks that I don’t know too much of because my assistants do it every day... The end users who are actually inputting the data are actually finding the little short cuts to the extent that they’re available. The finance director prepares reports for the NCAA and federal government (e. g. Department of Education), using the data warehouse and his own reports. He has a customized tool that helps him come up with the numbers he needs for his reports, which is linked to his financial statements. These figures are entered into a Department of Education website and a similar report with some differences is entered into the NCAA website. The compliance director uses a compliance application from the NCAA for her work, and the finance department has no access to her data, which includes squad lists, financial aid, and scholarship lists. 155 The ticketing and marketing department has undergone some significant change in the last decade. From an almost totally paper-based system, it has now shifted to a system where customers can buy their tickets online, print out their barcodes at home and bring them to the game as proof. These changes have taken place without having to lower their head-count. Previously, many staff members were involved in handling telephone calls from customers or in manning the “will call” booth. Now, these employees carry out more tasks and projects, especially in collaboration with the university development and gift office, such as processing donations. The development office uses a separate package that is linked to the ticketing application, so that they can access the ticketing data. Over a period of time we have had the ability to take on more responsibilities and not initially add any staff just because we’re move productive, more efficient, and technology has allowed us to do that. Moving online has also enabled the ticketing office to support ticketing for many more events. Traditionally, only football, basketball and ice hockey tickets were sold. Now, tickets are sold for baseball, wrestling, softball, and many other games. They are planning to further reduce their costs by stopping the mailing of paper re-order forms and sending out email reminders, which would save them nearly $20,000 in postage alone. They have 300,000 emails in their database. After moving online, the next change was the shift to using bar-codes and scanners, which took place about 4 years ago. These developments were supported by the enhanced capabilities of its software vendor, Paciolan: 156 It basically evolved because there were companies out there, our software company, Paciolan, basically offered the upgrade in technology to allow this stuff to happen. They last had a tender for the software five years ago. Paciolan’s competitor, TicketMaster, acquired it a few years ago. However, the government has now asked TicketMaster to divest Paciolan since it is merging with LiveNation. Future The department is currently in the midst of carrying out an RFP to purchase an automated compliance system. The current system is paper-based and very labor- intensive- student athletes fill up forms on their training schedule, the forms are collected, approved, compiled and audited. They would like the students to fill up the information online and make the entire process and workflow automated. That would help arrest non- compliance issues earlier. IT Governance and Management Internal The department has an IT manager who reports to the CFO. He handles desktop support, and is not involved with application development. Since the ticketing application is hosted outside the university, the local IT group does not maintain it. One employee in the ticketing department is a more advanced user than others, and she is the one the manager turns to when he wants to know whether the application will be able to offer any particular functionality in the future. There are frequent requests to enhance ticketing. 157 Some of these requests are from employees. They inform their managers about their suggestions, and the managers in turn pass on the ideas to the software vendor. there’s all sorts of ideas people want us to do, whether do this, do that or sell this or sell that. Well, a lot of it depends on can we get it done in the right time frame. Sometimes, they try and push the application’s abilities. However, the ticketing manager could not provide an example. Sometimes we really want to do something and we push the envelope and I’ll push it and I will really challenge my tech people that we want to get this to happen and they can make it happen. Paciolan can make it happen. It’s just a matter of whether it’s worth making it happen. I can’t think of an example right off the top of my head. I mean I know over the years we’ve done different things that, you know, we try to make it happen. A recent internal audit examined their internal controls for IT- e. g. passwords for folders, sharing, Excel file construction and modification rights, etc. Since they have a very small finance team and very little turnover, they have not put in place sophisticated policies and procedures, and thus do not have any documentation on these controls. For example, their password has remained the same for the past 10 years. Finally, they also do not produce a large quantity of financial reports. 158 External The finance director is involved as a unit liaison for the ERP system with Central IT. The employee show handles payroll participates in a payroll/timekeepers meeting, and the director’s assistant is part of the accounts payable group. These meetings discuss changes in policies and systems, and provide guidance on using systems. The director thinks these monthly meetings are more useful for disseminating information than for bringing up requests for changes to systems. I think the meetings are good for information passing information, and making those contacts, but when units have significant problems then they go out of the meeting room to the people and say these are the things that we need to address. That’s what I would do, and I’m pretty sure what most of the (unit liaisons) would do. When he has any issue with the ERP system or with the reports, he calls or emails his friends at Central IT for help. There is no formal procedure for making suggestions for improving the technology. He relies on his contacts at Central IT, whom he has worked with over the last ten years. They are from a unit called CPU (central processing unit). Although he has some ideas for improving the reports he obtains, he does not bring them up, because he believes that Central IT is doing very important work that has a broader impact, and that thus, he should not impede their work: There may be a hesitancy on our part to ask for some of the littler things that would be nice, but they’re not compelling, their more cosmetic... I hesitate to take up their time with trying to do some of those things 159 because they seem to be a very hard working group. They’re working on big, important projects that are university wide. I wouldn’t say they haven’t helped us when we asked, but it’s more of hesitancy on our part to ask them for some of the more minor things. The finance director meets his peers from other colleges every summer. They discuss mainly policy issues; IT is not a common issue discussed among them because they are constrained by what is offered to them by their university. One issue they face is figuring out how to get everyone to answer the NCAA reports in the same way, because different schools classify things differently. Sometimes, the ticketing office meets its vendor to learn more about the application’s capabilities. For example, the ticketing manager is attending a Paciolan conference this year, where users like us will have different ideas on how to do something different and they’ll improve it. (The athletics department) may have done that (customized the application) a few times, (but) it’s expensive so you just want to stay away from that, but they do have that capability, if you want to tweak the system with a specific need and desire. However, the extent they can change their operations is limited: they have different ideas on how to make something better... so this all comes down to can you make it work? We do it this way because technology helps us to do it this way. We can’t really change it, unless you change technology, had some times you can, sometimes you can’t. So in many respects you’re kind of, not that they have you in shackles, you’re 160 driven a little bit by what they want you to do and the people out there that have developed this stuff over the years, and make it more efficient, and it ' has become more efficient. Training on the system requires either flying the employee to California or flying a trainer in from there. So, when new employees are hired, they are expected to learn by doing the work or by asking their colleagues. The ticketing manager meets his Big 10 compatriots once a year, but they do more of their discussion over the phone outside the meetings: you talk to them all the time and get ideas from them and what they’re doing Case Vignette 8: EduSucceed - Facilities Management Facilities Management (FM) has 1,600 employees, and is the biggest division in the Facilities and Operations (F &O) wing of EduSucceed. FM has many responsibilities, which include running power plants, maintaining 5,000 fire extinguishers, and managing building environments and a fleet of vehicles. 161 Governance External: IT Commons, IT Steering Committee, Business 8. Finance user group Internal: multiple disconnected internal IT units; Monthly project review meetings, ad-hoc development request process Electronic time clock, HR Dashboard IT Portfollo Central: ERP, Business Objects, HR Metrics Fire extinguisher management system Locak F-Max, Payroll, Crystal Reports, Excel, Access, Various other systems for unique activities Figure 12: Governance mechanism, I T portfolio and instances of drift for EduSucceed 's Facilities Management unit IT Portfolio Current FM’s IT systems include: - A system for metering power and reporting usage; - A system for managing door readers and badges; - An employee awards program, which tracks staff recommendations; - A tracking system to find out who is present in each building, so that they will know where their employees are in case of an emergency. - A building monitoring system called Apogee from Siemens 162 - An Excel-based project tracking database - A subscription database that develops indices of universities’ operational costs. Many of these systems are Microsoft Access databases. Other activities are managed with Microsoft Excel spreadsheets (e. g. keeping track of fire extinguishers) and applications are being developed to replace them. Central HR has just asked them to work together on a new job posting system. Crystal Reports is used to create reports from the data in F-Max. FM’s operations department recently hired a consultant who showed them how to use Pivot Tables in Excel. This provided them with useful information for their restructuring, such as where their staff had worked, for how long, where there were overlapping job classifications, and how the areas of overlap can be addressed to save money. FM’s most significant application is a work order tracking system called Facilities Max (or F-Max), which has been used since 1998. Requests to the help desk are recorded in work orders and routed to the appropriate department. F-Max also tracks materials and equipment purchased through work orders and employees’ time. This data is sent to the ERP system as a batch file every few hours. Purchase order (PO) numbers are issued by the ERP system and manually updated in F-Max. Integrating F ~Max and the ERP system is difficult, and they have been working for the past few years to improve the links to make activities more streamlined and easier to audit. One example is purchasing- they want to be able to create a purchase order in F- Max and pay the bill in the ERP system. Our challenge becomes how do we run the two in parallel and there isn't any way that (the ERP system) would do what we do within the work 163 order system. But at the same point in time, F Max isn't capable, it doesn't have the universal transfer to the outside world that (the ERP system) does, (in terms of) financial documentation, invoicing... (The integration team hasn’t) run out of work yet with this (current) restructuring that we're going through, it's probably worked through better processes to get goods and minimize the number of activities it takes to do it. I actually don't see that group going away any time in the near future. There's a lot of clerical support time that goes into (purchasing), more so than we've ever had before... to really dot all of our i’s and cross all of our (’3... people are really going back to the old school where the purchaser needs to be separate from the person receiving, which needs to be separate from the guy doing the installation and nothing wrong with that but it's just an awful lot of activity that's going towards buying the proverbial widget... paying them electronically is great but all of a sudden you realize that if all the X's and O's don't line up you've got a bigger problem than before when you were just missing a service ticket and you called the manager and said “fax me a copy of the service ticket so I can sign it and get you guys paid.” FM has stayed with the same facilities management systems provider for the past decade. A few other vendors offer a similar package, and there have been discussions about moving to another application. However, F-Max has been heavily customized, so 164 moving would entail a significant amount of development. FM’s involvement with software vendors, such as F-Max and Siemens, has been advantageous. a lot of the features of the product were incorporated because they were working with us we're pretty strongly aligned with FMax as a company in developing the software. So, we generally have the ability to tell them, “hey, this isn't working,” or “how do I get this functionality out of the system.” And I think it helps that we’re probably a big enough customer that we'd probably get some level of support from them with resolution. a lot of times Siemens will actually come to us and ask us how is this working and we can provide them direct feedback and they as a company take that back and then implement changes on the national or world level that literally come from some of the interface that they have with us... However, such flexibility by the vendor also has its downside: they cannot upgrade to use the application’s new features and are locked in to the vendor. One option would be to use the basic version of the application without the modifications, which would require re-engineering their business processes. We’ve gone so far down the road of using it differently, that there’re features in the product that we can’t take away. Within the F-Max product, they actually have a flag in the application specifically for us to cause the application to work differently than it does for every other customer. 165 (They) couldn’t upgrade to the next version (of F-Max) because there were just too many custom agents. reloading the software but not adding all the customizations that we’ve done and using it the way it’s meant to be used. An example of a problem is that FM tracks costs, not the quality of its work. (We) can tell you where every penny went, but we can’t necessarily tell you how well we did that work. We track very well our costs, but not our work effort and our efficiency at what we do... (In the future,) we’re going to be focusing more on what we do and how we do it... we need to change how we enter data into the system. Central IT currently provides FM with its email and file storage services. if doing it on your own doesn’t give you some competitive advantage over your customer or some benefit, then you shouldn’t be doing it. . .. There is nothing I could do with an email system that would provide value to my users... why would I have my own file share servers? That doesn’t make sense. So it’s finding that balance. \For all of my networking infrastructure, I pay (Central IT) $40,000 a year. I can’t even hire a person for half of that. So there’s you know the value I get is well worth what I’m paying. But for other things it’s not. So that’s when we go off and do it ourselves. Hence, it is important for FM to run a work order system, but not a time clock system. 166 (F -max) provides our users with more flexibility. When anybody asks for data, we can provide much more data than the (Central IT) systems can... So, I think there’s value added in that situation. (The time clock system is) one of those where it makes sense but at some point we’re going to look back at this and go ‘why did we do that?’ The HR staff use the ERP system, the reporting application within it, the portal, and Business Objects. They also use spreadsheets, because they are better at manipulating data, relative to other report-creation tools. Some employees use Access; they intend to use much more of it in the future. Two of the five employees are power users, e. g. they use formulas and pivot tables in Excel. Creating the reports is not real user friendly. The interface I’ve gotten used to it, but I wouldn’t say it’s intuitive. And then the data that comes out, unless you’re dumping it to Excel, you can’t really customize it, and you can’t really create the forms. Although the HR officer used Business Objects in her previous job, she did not download the data into Excel that often. there were a lot of standardized reports that were created for everyone in HR. Whereas here, at the University, everyone does their own thing. Another issue is that different databases have different values for the same item. This is because if some figure is corrected, only some databases update their past figures to take those changes into account. Thus, she has to reconcile the figures from the different databases. She has asked the payroll office to develop an error report or a confirmation report for salary discrepancies, but was denied. 167 It’s not a big enough discrepancy that I worry about it too much, it’s just it kind of hurts credibility... I just do a kind of a once over to see if anything jumps out at me In response to these issues and requests from some HR and Finance staff, Central HR’s IT team developed a dashboard reporting system, HR Metrics, about 1 or 2 years ago. It draws data from the same data warehouse as Business Objects, but is more user- friendly and the data is refreshed. I’m hoping they don’t take it away because you can build your own reports, you can do canned reports, and it does refresh... I love it... (However, not many units are using it; maybe because, it’s just because it’s one more system you have to learn.” Examples of drift Time clock A major issue with integrating F -Max and the ERP system were errors in a 28 character string that was sent between the two applications. Most of the errors could be traced to FM’s employees who were taking shortcuts. To prevent this, the new time clock uses employee ID tags: all of a sudden, completely eliminates a lot of the data errors... becomes... a fool-proof process that gives us greater accountability. Currently, the official time document for employees is a signed timecard. F M is developing an electronic time clock for its employees even though Central IT has one, because it did not meet their requirements: a) the data from the Central IT clock goes to 168 the central payroll system, while F M wanted to route the data to its own payroll system, b) Central’s time clock only records when users punched in or out, while FM wants it to display work orders assigned to employees and messages to employees from supervisors. FM wanted to get a dump of the data, so that it could use Central IT’s clock, and the vendor told them that could be easily handled. However, Central IT was unwilling to set up the FTP server to handle that. when we look at some of the other systems offered by central services, you have to more conform your business to what their policies and systems are. Our users don’t want to do that. they’re trying to sell a specific product and their goal is to not customize it for a bunch of different folks, so that just wasn’t going to work for us. . .. I’m being recorded, so I will say it was a very frustrating situation It would have been nice if there would have been a little more partnership. They were willing to, you know what, we could maybe make some customizations, but maybe you have to make them or you know, but it was kind of an all or nothing. You know, here we are again doing our own thing. You literally could go to some place in the University and see the (Central IT) time clock, and right next to it ours. That’s just, it just looks -- it just doesn’t feel right. ...it’s one of those things you just don’t feel right about it. You just know down deep in your gut this isn’t the right thing to do. You know, but it makes sense, the costs are certainly cheaper doing this. The fimctionality of the features we get will be far greater than what we would have gotten. 169 And maybe that’s how we get into these situations is that we look at these situations in the micro, in the short terms and yeah we do this and we’ll be getting more data than anybody else. But you know if everybody does that and you end up with all these little things there needs to be somebody at the central system saying well we can include that and then everybody could take advantage of it. fir—egxtinguisher management syst:em A new system was put in place for tracking them, but users did not stop using the older one. So, they had to support both, and are now looking for a new one. It’s kind of a micro problem of what the central system is. It’s kind of the same thing. We have these systems and we don’t use them. We have systems that other groups don’t use. HR dashboard The HR office found out that F M had obtained a quote for a dashboard. She asked them to wait until she had checked with Central IT. They told her that they had a similar product. FM is holding back now, but not because they are working with Central IT. Instead, they are planning to work with the vendor who is rolling out the new version of their work order system, F -Max. Payroll Unlike the other departments in F &0, FM has its own paper-based payroll system based on F-Max. This is because F M pays its staff according to a work code, and the ERP 170 system does not have enough levels of detail to support that. The HR officer uses it to check for discrepancies with the official payroll. FM’s payroll system also reports error messages, which are useful for her. The previous head of Central Finance (who has passed away) was not aware that F M used its own system, and only found out recently. She was planning on doing some research on it, before she passed away suddenly. The current heads of Central Finance and Central HR are aware of it. However, attempts to resolve it have been pre-empted by a shared services model review that is being conducted now. IT Operations 8. Governance Internal FM’s experienced IT manager has been with FM for 18 months. His department consists of 20 people. F M’s IT department handles all the operating systems, hardware supports, database administration, and custom programming needs for their work order tracking system. It also runs a help desk that supports the PCs. There is also a team in charge of infrastructure (servers, etc) and some employees who float between the help- desk and infrastructure teams. A few people handle the development of the work order tracking system, and two permanent employees and three contractors take care of web development. All work carried out by departments in the university is charged back to the departments that requested the work. This applies to the 3 groups within FM’s IT department. We spend a lot of time figuring out which pocket to take money from. 171 Last year, they audited who had administrative rights to their PCs because there were no controls for that. From now on, managers will have authorize annually which of their staff members can have administrative rights to their PCs and state that that there is a justifiable business reason for them to have these privileges. That exercise reduced by about half the number of individuals who have administrative rights to their PCs. FM’s sub-units have their own IT departments and often source their own IT themselves. While the IT manager is trying avoid duplication, the sub-units see the IT department’s job as helping them implement applications they procure themselves. All requests for collaboration are ad hoc, via e-mails or telephone calls. An example was the new application chosen by the fire extinguisher management team. When they informed him of their choice and asked if he had any issues, he discussed their requirements with them and found that FM already possessed applications with similar functions. Another example is the IT department’s experience with the utility department. They had found their own application, and called in the IT department at the last minute to tell them that they needed hardware for the new application. When the IT department found out what the application was doing, it told the utility department that the functionality was available in F -Max. This surprised the utility department as its in-house IT employee had told them that it was not possible. The IT department then showed them how F-Max could meet their needs. It also told the utility department that they were willing to support them with either option. just like we don’t necessarily use the central systems and follow their plans, I have groups that don’t report to me 172 the same way I’m not collaborating with (Central IT), the pockets underneath me are not collaborating with me It’s one of those things we don’t want to slow people down and tell them, you know, you can’t. But at the same time if we already have two products that want to do what you want to do, why should we run a third one? If you’re a department and you can go pick your own application and you can manage it, you think you’re going to get something better than using the central system. If not better, at least it’s under your control. It could work differently and it just doesn’t, I don’t know why... we don’t cooperate, but it’s not that they’re an extension of us or we’re an extension of them, it’s they’re out doing their thing, we’re out doing our thing...” Where they could be building things that we might have already built or we have currently insight, so there’s a lot of loss. . .We’re not keeping each other informed and saying, “hey you know we already have something that does that that you can use.” The underlying issue is that IT purchase decisions are decentralized to the sub- units. The IT manager sees this as inefficient because even though departments want their own IT employees, they often end up approaching the FM IT team for help when they face a problem because they lack the experience. at the same time I can’t just say you’re on your own... We have to do what we can to help them 173 He would prefer a more structured system where the F M IT team was given full responsibility and funding to manage these systems. That way, he could put in place a service-level agreement and handle any issue appropriately. He has suggested that the departments give up their IT employees, but that idea was not been accepted. He believes that the various FM departments set up their own IT teams because they were not being well-supported by F M’s IT team. The same approach has had an impact on F M now- all units on campus can seek external bids for the services that FM offers because some of them were frustrated with FM’s service level or costs. Unlike the HR and Finance staff, some other users from, for example, the utilities department, are more likely to source IT independently. it’s interesting, you know, I didn’t really think of that before but the areas where we have pockets of IT are where we have people that have a more technical background. . .. so I guess having nontechnical users is better. He believes that there is a firndarnental lack of understanding at FM of how IT can help it organizationally. When he came in, an F-Max upgrade was a few years behind schedule, and development work was still being carried out. The project was delayed because the IT staff did not have experience in deploying applications of that size and did not realize that they had a problem. part of the problem was not recognizing there was a problem.... they just thought if they continued down the road they’d eventually get there. Which I don’t think would have happened. . .we were nine releases behind by the time we went live. 174 He managed to deploy the system by the target date, and although there about 20 problems, none of them were critical. But, when he met FM’s director, all he was asked was whether they could be fixed by the next week. you build a spaceship and you show it to me and I say what kind of mileage does it get... it was disappointing that after all the effort and everything, and it wasn’t his fault, he just doesn’t understand IT. He thinks that the director saw the list as akin to a list of defects for a building after it has been inspected by an inspector. However, some of the problems with the project were issues with the application that could not be fixed. (In) most organizations, IT is a strategic partner. They are represented high within the organization. Within Plant, we’re kind of buried down in the organization. I don’t really think there’s an understanding of what it takes to do IT. I don’t think I’ve necessarily been able to communicate the value that we can bring with technology. And what it takes to do technology. The IT manager thinks that non-IT FM employees wonder what they are getting with their 20-person IT team that costs millions, especially when the IT application do not do what they want. This frustrates the IT team. He is trying to formalize the procedure for the departments to submit their ideas for new projects by setting up a project request website. Currently, it is very informal. To prioritize the projects, he has a meeting every two weeks with the various departments. There are projects that have been on this list for five years. And . .. they’re just not a priority and they never get to the top of the list... We had it half 175 way done and we just can’t have it a priority. With everything that everybody wants, it just keeps falling down on the list... they’re focused on their higher priorities. So it’s not a high priority for them, and it’s not for us. So it’s just on the list... I met with their management about a month or so ago and said, “hey good news, we’ve got these five projects done.” They were like, “what about this one”... you can’t win. The project review meetings are more of a one-way process of him presenting his ideas. He understands their reticence. If I was in their shoes, I may not want to present what I’m doing because we might come back and say “well, you shouldn’t be doing that”. One of his first projects was to develop a list of all the projects, applications and servers his team supported. His next aim is to develop a one-page list of each user’s rules and responsibilities. This would help clarify responsibility and avoid frustration. The F M IT manager is not a believer in using methodologies, such as ITIL, in organizations. I’ve seen too many of them fail because organizations try to adopt too much too fast... they’ll try to adopt it, you know, the big bang approach. And it typically fails because I think with an organization you have to evolve to that...it’s the stuff if you’ve been in IT you know to do for a long time.... (His former colleagues) spend more time filling out forms and reporting statuses to people that are going to turn around and re-report their statuses than they are working out there. But I see that happen in organizations like that. There is value in process and structure, but you 176 have to balance that with productivity. And if you get to the point where you’re spending all of your time filling out forms, something is wrong. He prefers an approach that recognizes what is available, so as to avoid reinventing anything, and then looks at what makes sense given their context. For example, FM needs to improve its planning and expenditure tracking. This will help build trust with his users, as he will be able to tell them what they received in return for their expenditure. He currently has a list of 380 outstanding requests for changes to F-Max, which range from bugs to custom reports. He believes his department is very responsive because change requests are fulfilled within two weeks, even though only three people are handling them. He was thinking about expanding its IT group previously, but the current pressure to consolidate IT from the central administration means that is not going to occur. While the process for making IT requests is still very ad hoc, the new IT consolidation policy from Central IT is an opportunity for reflection. This is similar to what happened when they launched their energy-saving campaign. It prompted them to reduce the number of server rooms on campus, which required year-round air conditioning, by outsourcing them to a vendor so that “everybody's money ahead.” When you're knee deep in alligators, you’re worried about what's going on around you. You're not so much looking out there at what's happening... (the new policy) creates a thinking type process for anybody about what can we being doing differently... introspection or looking inwards at what we're doing. 177 External FM’s IT manager is still persevering with his efforts to work with Central IT- he is currently negotiating with them about providing Linux and Oracle support as his staff do not possess the required level of skills and as back-up in case one of his employees fell sick. Working with Central IT now would help him obtain employees who are not foreign to his environment. He is also asking them to take over some systems, such as the badge reader system. But, they are not doing that yet as they can only provide services such as hardware virtualization, not application support. I have contacted (Central IT) several times to start moving forward with potentially using them to provide some of the services that we do, and they’re just not ready. His supervisor is part of the university’s IT Steering Committee, while he sits on a committee with other IT managers that advises Central IT. Externally, he is involved in an F-Max user group. He uses that for obtaining advice on issues such as deploying handheld mobile devices. He has also given presentations to other universities that want to know more about the work order system: what issues he has had, which product he selected, and why. One example of decentralization is that there is no central authority on campus that manages the entire network. Central IT manages part of it, but within each building, there can be local administrators in charge of network ports in the building. That made it difficult for him when he was setting up the security badge readers. He wanted to rent ports in each building, but he found out that Central IT could only do that for some 178 buildings. Others were managed by other IT units, such as the engineering department or the medical centre. it was frustrating that I couldn’t go to one organization. I would think for like your network that would be the place you would have one (organization). (Someone told him) that the university is basically a collection of nine schools with a common football team... to me, when you deal with infrastructure, that you don’t decentralize. .. I have my driveway and I manage that and I can do what I want. And when I go on the freeway, they’re all the same. The HR manager has talked to Central IT about improving the integration and usability of the systems she uses. Although she can reconcile the data manually, it is very time-consuming. Central IT is aware of the data issues and mentions it during training. you may have two different datasets, both of them have compensation listed in them, but if you pull from one versus the other it won’t align. And there’s no way that you can remember all that stufl”. HR Metrics has been transferred from HR IT to Central IT for maintenance. If she has any future requests, she asks HR IT, and they communicate with Central IT to handle the request. If employees have ideas for new systems or reports, they can either approach her or approach Central IT directly; there is no structured process. Because of this, users may create reports that may be useful to her, but she may not be aware of them. Although all the reports are shared, their titles may not necessarily be clear enough to merit sharing. When someone asks her for a new HR system, c. g. a dashboard for managers to monitor HR activity, she approaches the HR IT staff in Central IT to see if they have 179 something she can use instead of buying a new application. If she needs a new report and thinks others would be interested in it, she brings it up at the monthly meeting. If it is something that only she needs, she will contact one of Central IT’s HR staff. Users in the F&O units who want a particular report or new application can either approach her or their own IT team, or even Central IT. F M’s IT team provides IT support for her department. some of the ones that I have a relationship with I might call them up and say “hey, I’m stuck on this, do you understand it?” She participates in monthly meetings with other HR and Finance managers from across campus, together with Central IT, to discuss how they can streamline processes. There are some differences across units, mainly in how they monitor: some use Excel, others Business Objects, and so on. I don’t know how they do it. I don’t know if it comes fi'om another report, or if they constantly track it... Some people only dump into Excel and that’s the way they’ll only use it, and someone else will create a report for them... for me, I’ll go and I’ll use a canned report, but then I’ll change it to what I need and hope it runs okay... It’s all over the map, and we all use different reporting data. Over the past 5 years, she has found more HR users sharing tips. “hey, here’s a spreadsheet you might want to use, don’t recreate it.”. .. We’ll talk about them in projects we have and somebody will say “hey I’ve got that already set up, I’ve got the formulas set up. Let me just send you my spreadsheets and start all over” or I’ve even had people say “1’11 180 send you my Business Objects reports, and you’ll just run it for your department.” There is no formal procedure for Central IT to find out what business and finance (B&F) personnel need for their job in terms of IT. The process is very ad-hoc: Central IT does not ask B&F users what their requirements are on its own, and B&F has not presented Central IT with a consolidated list of similar reports that the entire community uses. However, they do present their collective requests to Central HR’s IT team. For example, they needed data on new hires. They informed HR IT what they needed, and they receive a spreadsheet with a Pivot Table whenever they need it. The B&F users were not able to develop this report themselves because they do not have access to some of the data. It is still being refined as it is fairly new. She’s not sure how or how frequently HR IT and Central IT interact, although some Central IT staff work on HR IT projects. F M’s IT staff provide with reports if she has no access rights to the data. For example, she needed a consolidated report that showed everybody’s sick time. F M’s IT gave her a huge print-out: it did not aggregate the sub-department details into the major departments. She then worked with someone from Central IT to create the same report using the data in the ERP system. However, F-Max has more detailed codes than the ERP system. I just wonder is that a duplication in the skills set, because what I get from the database people in Plant is not as user fiiendly as what I get from (Central IT). . .. one of our unions that got paid time off. They don’t have sick or vacation, just one big pool of paid time. Now I can find that in the (ERP), but Plant actually codes it vacation and sick, behind the scenes. 181 Other organizational issues The purchasing process at the university is very slow- the IT manager tendered for a new security camera system and only received one bid after 5 months. When PM was about to award the vendor the contract, the vendor stopped contacting them because it had lost interest. He believes the university purchasing system is overwhelmed. He has re-initiated the process, and part of the delay comes from the need to use the purchasing office as an intermediary for any communications to or from vendor. Case Vignette 9: EduSucceed — College of Engineering The College of Engineering has about 8,000 students and is one of the largest colleges in the university. There are 11 departments within the college. It nms its own network which connects to the university’s shared backbone. This is because: a) relative to the other colleges, computing plays a central role in engineering teaching and research, and b) the college’s size makes this viable. what makes us different from other schools and colleges is the importance that computing has for engineering... with simulations and so forth the campus cannot afford to provide the level of networking that we can provide... we upgraded to giga-bit networking way before anybody else did, we updated fiber to 10, 20, now 40 gigabit and the campus doesn’t on the other hand, campus is not prepared to do (so). Why would they do that for the art museum? it’s. . .big enough (that) we think we get some efficiency in scale. 182 Governance External: Personal contacts with Central IT, monthly meetings with Central IT, IT Commons, Peers in other universities, various user groups Internal: IT manager direct report to unit head; multiple disconnected internal IT units; collaborative; structured and ad-hoc - request process; faculty liais. ' IT Portfollo Central: ERP, Business Objects, CLearn, E-recruit Locak Excel, Access, Filemaker, SharePoint Drlf‘t Check of students’ course of study Research expertise database Position management database Faculty performance measurement system Faculty promotion Figure 13: Governance mechanisms, I T portfolio and instances of drift for EduSucceed 's College of Engineering IT Portfolio Current While the college uses the ERP system as the official record of its finances, day- to-day accounting transactions are can'ied out using Microsoft Excel, Microsoft Access, or Filemaker. This is because the ERP system does not support encumbrances or budgeting at the level of detail required by the colleges. In addition, while the ERP system can handle commitments, it does so in a convoluted way. The finance office is currently working on using Access to develop its own budgeting application. This would enable it to handle multi-year and multi-unit commitments, which are more easily done in a database than a spreadsheet. 183 The ERP system is not able to act as an accounting system for the college because of the administrative cost of maintaining the large number of different codes colleges use to allocate the funds. The colleges have codes for grants and projects, which they reconcile with the higher-level codes in the ERP system. Finally, many faculty members have split appointments (i.e. they are paid by different units on campus), which makes payroll complex. Accounting packages, such as QuickBooks, are not used in the college. The figures in these shadow systems are reconciled with the monthly updates the departments receive from the ERP system. (The ERP system is) intended to support the institution so that it can do compliance, large scale budgeting allocations and so forth but the day-to- day level, when you’re doing like procurement it’s that kind of small business budgeting that they don’t support... they are trying to get better at that. They are trying to get rid of these shadow systems but there are still a lot of them out there. Some units consider their shadow systems to instead be supplemental systems, because the information they contain is not available in the central databases. However, the information they contained took a long time to get on the general ledger. Thus, the finance department is encouraging the college’s departments to drop these systems and carry out their business in the main ERP system, using the new real-time fmancials feature. The smaller colleges and units have probably done so- they lack the staff to handle alternative systems, so they were literally forced to do so. One drawback of doing so would be the loss of an additional check on the accounting numbers. 184 most people agree that it’s been very well streamlined, it’s been much more accurate, things are moving into it much faster than they used to. So, the bottom line figure is one that can be counted on... one problem you definitely have when you rely on a single database is that if there’s an error, there’s nothing to check it against. If the figure that is in the central database, the general ledger is wrong, in the old system, you were checking it against your own data. you could say, “Oops, there’s not a match there!” Just because it came out of a computer, that does not mean it’s right. That’s a mistake we make at our risk. Another process that uses a shadow system is graduate student admission. Unlike undergraduate admissions, faculty members are much more involved in this because they are recruiting assistants for their projects. There is a long-term plan that these systems will be integrated into the ERP system, although this will be difficult because of the differences among schools. To assist the users of these shadow systems, the IT department downloads the data from the central server and saves it in a local database. One of the IT employees is proficient at working with Oracle databases. The users use this copy of the data to run their analysis and reporting. The tables in the central data warehouse are refreshed at different rates- daily, weekly or monthly. The Engineering IT department downloads the data at the same frequencies. Business Objects is used to query the ERP system’s database and extract data, which is then manipulated in Excel. A recent upgrade of the software meant that the “canned” queries had to be redone. 185 Currently, faculty and graduate student hiring activities, even though they are initiated by the department, are only entered into the ERP system centrally. This is because the ERP system is difficult to navigate- there are many screens, unfamiliar terms and confusing policies. For example, for some people, a certain element may be used to denote X but for others, it denotes Y. Because of this, the HR director thinks it is important that HR expertise be consolidated. While student services and finance data are entered at the source, the same thing is not done for HR data. The HR department is getting ready to deploy E-recruit, which is part of the ERP system. The college’s IT department provides storage services for its users. It does not use the service provided by Central IT but purchased its own file servers for the purpose. The shared folders are part of the standard desktop image so that they are automatically installed on users’ computers. A course management system, CLearn, is used by faculty. Both the ERP system and CLearn are supported by their respective central teams. The budget, HR and planning department are very data-oriented, which is partly due to the background of the department’s executive director. The data guru, the institutional research person reports to me as well. We always want to make sure we are handing out good data, and when we report for... national things, whether its ASEE or US News, we want to make sure it’s accurate so we do a lot of official reporting... We’re a pretty data crazy group... we do pull a lot of data from activities in the college, that tends to be a focus in my area... I personally, because of my background as a department administrator, have a lot of hands on 186 experience in pulling data and analyzing data and downloading to Excel and doing a lot of massaging in Excel. Moving to the ERP system was a difficult process. Two main problems were: a) the data conversion exercise did not know how data was used in the units; and b) the approach. However, a major benefit was that it provided much more data and access to data. Over time, it has also become easier to work with the data. There is also a gap between the effort required by clerical staff to input the data even for simple transactions and the value of that data to managers. That was a painful, painful process for several years, and you did have to rethink everything... In the past of course, you could only get the data that somebody prepared a report for. And I know when I was in the medical school, I used to get a fair number of reports, and when I first came here, many years ago, the departments didn’t get those financial reports. They didn’t even know why they should distribute them... Had I started in engineering, I would never have even known what those reports are of, and now of course now once you have access and you become comfortable with the system, you can pull all sorts of data now. Of course you can pull a lot of wrong information if you’re not careful. And we always had standard information before, but it was limited, so now it really is a whole different world. The first instantiation of the central data system we didn’t use Business Objects. I’m trying to think of which system we used. I can’t remember, but it wasn’t as friendly. So it’s really gotten much more sophisticated. 187 Some of that wonderful data that I talked about is only available because there is a lot to each transaction... To do a PO, you used to write a few numbers on a sheet and send it in, and you would get your stuff. Now, you’ve got to go to 16 screens and then put in the data. On the end of the person who’s just looking up data, it seems better. On the end of the people who (have) to input that, it’s more cumbersome, there’s no doubt about it. Your staff have to have a lot more skills, you have to train them and retrain them... Even with the better data management systems today, users still have to spend time to ensure that the data they draw out from the system is good quality data. you can talk to (the HR director) about the clean-up issue because our HR data has to get cleaned up a lot. Jane, (the institutional data researcher), when she pulls student data, does a lot, a lot of checking to make sure she’s getting correct data. A simple issue, like if you had a graduate student who started as an undergraduate here, it can really mess up your accounts and things. So there’s a lot you have to do. You can’t just pull the data and say “here”. You spend a lot of time making sure you pull the correct data. Examples of drift Check of stu_dent§’ cogrse of sum This used to be carried out by an employee in the Dean’s office on her desktop PC. However, the report was too long and confusing and it was difficult to keep the data 188 synchronized with the central database. The college was also informed by Central Student Services that they could not make a copy of the data. This led to a discussion as to why the College was doing so. The college’s IT department responded by reorganizing the report into a single page, accessing the data remotely, and caching the report locally to reduce the waiting time. This solution has been working for the past two years. However, the current solution is still not optimal, as the data from Central is a combination of XML and binary, making it very complex to parse for the reports. This issue is faced by all colleges. The college has asked Central IT to change the data format, and is waiting for them to do so. Although other colleges have a similar problem, it is hard to standardize the engineering college’s solution across campus because a) degree requirements differ across colleges (making it hard to customize the report), and b) a complex combination of IT skills is needed to operate the solution. Research expertise database This was created because of a request by the development office. There was increasing interest from corporations in working with faculty, but they could not identify who they should write to. Since this issue was not a focus of Central IT, the database was created locally. Now, it has to be maintained by the college’s IT department in the long run. This is very costly, but has to be done because it is very important for the college overall. 189 Faculy performance measgrement svstem Currently, this is being done in Excel. There has been demand for a separate system for this purpose. When developing it, they had to bear in mind that it would be a significant change for the faculty and staff in terms of how performance evaluations are conducted. Thus, they built their own system which is much simpler and meets their needs. Each year, it is incrementally enhanced. Facug promotion system It is a complicated workflow: faculty have to collect different documents from various sources (colleagues, funding agencies, etc) to create “promotion books” that are sent to the college, the provost and the library. The college is moving incrementally to modify the process. It is standardizing the steps in the workflow across departments and has moved from paper documents to PDFs and from manual to electronic signing. Position management database The aim of this database is to link positions with budgets, so that they can find out: which positions are funded by which budgets, what the turnover rate is, and what the head count is? Currently, the data is not related. The HR department in the college asked its users what reports they were using and decided to develop an Access database that can answer these questions. That would also help remove these reports and the shadow systems that created them. They did not ask Central IT to assist or for advice. This specific functionality does exists in the ERP system but a) it is very complex and b) using it would mean asking every unit to change their business processes. Hence, 190 it is not used widely, and different colleges have come up with their own plans, with some using the ERP’s module. FacuItLrecruiting svstem (under developmenfi One of their departments wanted to roll out this new system. The HR director asked that it be demonstrated to herself and a clean for approval. After they approved it, it was demonstrated to Central IT and the college IT office. Although they thought that it was a good system, it was low in priority, so they didn’t move forward. It was then shown to HR directors from different departments; some Of them were keen to take it up and were allowed to do so. The IT director is gathering the internal requirements for such a system and will ask Central IT if it is interested in developing the system. If not, the college’s IT director will have to decide how important it is to have such a system is locally. Examples of workarounds Cheat sheets The HR director prepares cheat sheets for the departments in the college. “they tell you to do this, but you can get by doing this”... to make another little path, but they’re pretty minimal and inconsequential, and it’s to save them thirty seconds. Data aggrggation The college has departments which have sub-departments. The ID fields are set up such that the values in the sub-departments can be aggregated to come up with a value 191 for the overall college, but not for the departments within the college, or other sorts of groupings (e. g. academic vs. administrative). Thus, the department ID fields in the ERP’s databases do not “roll up” in a way that is useful for the Finance and Planning department. This is done manually in Excel using look-up tables. IT Governance and Management Internal The college’s IT department operates its own network, maintains a Linux cluster for research computing, runs a walk-up help-desk, provides IT support for the college’s administrative building, and maintains engineering applications across the college. Its annual budget is $5 — $6 million, and the network connects about 800 computers. In addition, each department in the college has its own IT support staff, with the smaller ones having one or two employees and the larger ones having a small team each. Although these IT employees report to their department’s chair, not the college’s IT director, the two sets of IT personnel work together. They are totally separate... We work closely with them a lot of things we do in coordination so the relationships there are pretty good but there is no reporting relationship. So we try to organize things so they support things that are unique to their departments when working directly with faculty they do desktop support, that kind of thing. Consolidating the different IT teams is an issue that is brought up every year. Although it is being considered with increasingly seriousness, it has not occurred yet 192 because of concerns over service control. The IT director is trying to overcome this by focusing on the division of responsibilities, not on who manages whom. We talk about that every year, and every year they get more serious about doing that. Cost. (The) department chairs are reluctant to see the loss of control. What we’re trying to do is not worry so much about who manages that individual what we’re trying to do is change our work structure- what do they have to do? And then that’s one issue where you won’t be giving this up. We’re making progress on it. Every year, we’ll get a little bit better. But it’s a long struggle. Although Central IT uses ITIL, the engineering college’s IT department does not use ITIL or any other similar guidelines for its operations. We do not, and this is a weakness of ours. We don’t do the job we should in terms of change management We do it for some things. Our data network, we do a pretty good job at that. That gets goofed up, everything (goes) So, we focus on that, but a lot of our software updates, we don’t do a good job as we should. The college’s IT department has designated a staff member with a PhD in engineering as its faculty liaison. He interacts with faculty members who request new software for their teaching needs. A recent example was a request to install Microsoft SharePoint, which was required by an auto manufacturing workflow package that the students were learning. They will call either me or him directly and they’ll say, “Look, we want to do this. We would like to do it for next fall. Can you do it?” And then, 193 we’ll we do our best to do it and, in this case, we did, it did work out. But that’s the kind of thing we do spend a lot of time with. That was for a engineering course, and we try to be as flexible as we can and that was a recent example. While Central IT purchases licenses for software used across campus (such as Microsoft Office and Oracle’s database), the college’s IT department purchases licenses for the engineering applications that are commonly used in the various departments. Sometimes, some very specific applications will be purchased by researchers using their grant funds. Being engineers, the users in this college consider good design to be important, and are unwilling to work with applications that are badly-designed. A recent example was the shift from paper to electronic time-sheets. This increased the burden on faculty, as they had to go online and approve the time-sheets. This led to a workaround: department assistants print out the sheets, faculty sign them, and the assistants then enter their approvals online. It’s the engineering way, the engineering mindset- “this is a bad design why would I want to use it? I’m too busy!” The college’s IT director is part of the Dean’s Cabinet, which consists of senior management from different parts of the college, such as research, undergraduate education, business operations, development, and corporate relationships. This group meets every week to discuss a different issue each week. Examples are graduate student recruiting, publications, and websites. Two projects the IT director is involved in now are revamping the faculty recruiting process and developing a faculty research expertise 194 database. The latter was driven by the development office, so that corporations would find it easier to hire faculty as consultants. Before initiating a project to develop a new application for these domains, the IT director asked Central IT whether they will be able to assist the college with it. Central IT could not help with the database as Central HR did not keep track of this information. Thus, a local database was created. The faculty recruiting project was still ongoing at the point of data collection. We basically developed a web-based database where somebody could come to the research page and type in a keyword, and they would get back a list of faculty with links to their respective lab homepages... And that is a big shadow system, because we now have to maintain and keep it current... That’s a very expensive product. It’s also viewed to be very important, and so we did it. And that was a decision locally. So I said, “to do this, will take this many months of (manpower) out of this job here. The developer will have to, someone will have to have the business owners do this twice a year They reviewed all that and said “Yup, the Dean guesses it’s important, big project..” Because it’s very important for the faculty here, they like the consulting opportunities, they want to be sure that if a business wants to find them, they can... we are maintaining that as a big effort. The IT director is confident the other large colleges, such as business and sciences and arts, are also doing something similar. However, the smaller schools may not be able to do so because of the lack of database expertise and the absence of a corporate relations department to initiate and drive the project. 195 There is a wide range of IT expertise among the college’s staff. For example, some users are very comfortable with the ERP software and develop their own spreadsheets without relying on the IT staff, while others have problems remembering where they saved files. In the finance department, some of the “power users” also conduct training for their colleagues. These sessions are very effective since they directly discuss how the technology can be used in the users’ contexts, not some generic organization. To minimize the problem of users losing their files, the college’s IT department asked the users to use the shared folders. However, since it lacks the authority to make this mandatory, they have made it part of the new standard image for desktop computers using Windows 7. So, with this new Windows 7 image we have, it’s predefined that your desktop documents are linked to the server. They’re just going to be there. That’ll make things much easier. We didn’t have that in XP or Vista, but with Windows 7, we’ve finally got it all figured out. That’s what I’m running now; it’s actually kind of nice. I don’t have to worry. The finance and planning department does not mandate a particular accounting program for the College’s various departments. The finance director only looks at the final figures in Central Finance and decides based on those. We didn’t dictate a single program, a single bookkeeping system, and even today here, I only get involved if they’re not doing it very well. Then we might tell them how to do it. If they don’t have problems that I can see from the Central- that looks good- and they are following our general 196 rules, so we can look at their general data, then we don’t have a single system here we dictate. External Every quarter, IT personnel from across the college meet with Central IT for two hours to share information and have training sessions on various issues, such a security, printing, and storage. Generally, the college’s IT department has a good relationship with Central IT. in my case, because I do have a lot of relationships over there, it’s easy for me we do that a lot with networking. So, for example... I have good relationships with the campus level network, so if somebody here is going to run some big experiment, they have a big bandwidth requirement, it’s easy for me to give them the heads up it works out pretty well. Over time, Central IT has become more responsive to requests from users for changes in the ERP system. One example of a change they have requested is for the inclusion of more codes to the field for faculty on leave, because it does not distinguish between types of leave, e. g. medical, sabbatical, and so on. Earlier, there was uncertainty about why some changes could not be done. you beg and they tell you that next time they do an update they’ll consider it. I would say over the years they have been responsive, but sometimes it’s taken some time. Everybody blames everybody else. You hear that there is a limit of the software. That the software wouldn’t allow it. We can only customize so many things at once. 197 So in some of the early years, you got what you got, and you forget asking for anything different... I will say that they struggled a lot in the beginning just getting through. I would say now they do a good job of resource groups... I think there’s a lot more partnership in designing the next applications and software or upgrades. We talk about what we need, how it will interact with our systems, how we collaborate with the data so that it’s optimally useful to everybody. However, some of their concerns with Central IT’s systems do not get escalated to management, leaving the issues unaddressed and fixing the workarounds in the unit. (The CIO) asked the dean how things were going and he says this whole timesheet thing is awful. It was the first time she had heard about it, and it was quite a thing none of her staff had reported up to her that there was this kind of issue... (this was) some months (after the event), so that speaks to I think the issue. I think that, even if we tell some of the staff over there does it really (get reported to their managers?) I don’t know (whether I will mention the roll-up issue to Central IT at the next meeting), I guess I have just gotten so used to it that I don’t think so. I used to bring that (the need for more codes for the leave field) up, but I guess we just do look-up tables and we have to live with it. I think if you take a bunch of really busy people, who have a system good or bad, it works. 198 One reason that Central IT was perceived as being unresponsive was that it did not have a single user “voice” to interact with. Thus, it carried out changes as and when requested by various user groups, without evaluating its value to the overall organization. A lot of them were the difficulty or problems with as they called it “it was always (the ERP system’s) fault”... what I found was that the people from (Central IT) were really helpful but what they had been doing, because the research community didn’t speak with a single voice, was that if anybody would come to them they would try to develop what they asked for. Some of it you would think, I don’t know why anyone would want that. Whether the person had a good idea or a bad idea, they were trying to respond to that. They couldn’t judge if it was good idea for the research administration. So they were just trying to be helpful, but sometimes they were solving a non problem or there was another way to solve the problem already in the system... So they have been very helpful, but they need a constituency to give them a target... that is the route they would like to take. They would like to find a system that works well and expand it rather than start from scratch or start from something that no one would know if it really meets your needs. Another challenge was that there was little recognition that because multiple units had a stake in the IT portfolio, the teams implementing the projects needed to be more diverse. This finally occurred after some poor implementation experiences, such as the previous e-recruit software. 199 . we’re finally, after ten years, figuring out that there are three big players: there’s the units, there’s IT, and there’s the central functional office, whether it’s HR, financial or students. And those three together always have to be on the same page, and the last two years we seem to be moving in that direction and getting there, and it’s starting to come together nicely. Prior to that, it was tearing my hair out. I think the big change was several really bad implementations that (had us) up in arms saying, “why did you spend money on this? This is useless to us, we don’t have what we need, we really need this”... for people to finally say “wait a minute, let’s all sit down and talk about what’s really important. Here’s our list, here’s your list, let’s go thru and prioritize” and talk about what we can reasonably do and do well. the last recruit and hire that we appointed two or three years ago was a disaster of an implementation. And in my limited view, maybe that was what was the best out there at the time. I don’t know, I wasn’t on the team back then. Maybe it was the best decision they could make then, but... it did not work for the University. . . and when that happens, when the Dean finds out that their staff are spending hours and hours doing something that is simple, they get upset. the people working on the team were great. You had the nurse recruiters sitting next to people like me who are talking about recruiting a whole different population, and saying, “well, I don’t need that, but if you really need it go ahead and I won’t take this because this isn’t that 200 important to me”. It was one of the best teams I’ve ever worked with, it really was, and I think we’re going to have a good product with the modifications that we’ve come up with. I think it’s going to be really good. It was a good team effort. The IT director believes that, previously, Central IT did not do a good job previously at evaluating whether there was any commonality across the shadow systems on campus. However, the recent reorganization of Central IT and the appointment of a CIO should help to alleviate that, and other issues, such as the increasing costs of IT. Things are becoming, I’m sure you know, more complicated. Not just the administrative systems becoming more complicated, the engineering software is becoming more complicated, because an engineer now has to do design, analysis, different kind of analysis and they like to do it. So the software is becoming bigger and more complicated, the staff have to keep up. It’s complex; sometimes I’m surprised it works! Our costs are generally trending up, so we’re trying to find efficiencies where we can and make better decisions about what not to do. That’s what motivating both at the campus level, the college level and department level- redundancy is bad. .. the campus should come to us and say “here are your options”, can’t just tell people to quit doing things, got to say “do this instea ”. That’s what a lot of the challenge is. I think people are alert to it. I think highly of (the CIO). .. I think she’ll get it. I feel very positive about her. 201 One thing that he would like Central IT to do is enable users to create their own fields in the central databases. This would stop users from downloading central data, adding the few fields they need, and storing the data as a separate shadow database. One example would be to add the field “key research interests” in the faculty records. He believes Central IT is reluctant to do so because they are concerned that providing that kind of access to local units would compromise data security. if we can get the data managed, then everybody’s on their own from then on (to develop) other business logic applications at least getting the data centralized, would be a big help for us This is a perennial issue, but is a consequence of the difficulty of providing one database for all units in the university. Central IT has improved in this regard and now, many fields have been created because of requests from units. However, they still control the ability to modify the central system, which is a point of contention with the users. The central planning was never very good at acknowledging that we have fields that we care about. That made the transition very difficult because we still needed our own system and it made keeping things up to date very difficult because every time you downloaded the new data you would wipe out the old data and you would still have these seals that you wanted that they didn’t care about. So we used to beg for them to leave some empty fields and that hadn’t worked so well. I would say that they are better now about including fields. They include it whether anybody popular likes it or not. There are fields in database that I can’t imagine who cares about it. I never had queries on it. . .I think you have to be very 202 careful about those things, but it is one of the true challenges of having a single database across such a large institution. But we don’t have the ability to make changes to the central system. We have to wait until they see the light. A unique example of a change going the opposite way (i.e. beginning with the departments and diffusing to the university) is the scholarship matching system. Developed by one of the financial managers in the College’s administrative department, it compressed a weeks-long process into a single day. She created an Access database that matched the criteria for the different scholarships, with the students’ attributes (based on the data collected from Central Student Services). The project was so valuable that she won awards from the college and was featured in the Chronicle for Higher Education. Central IT has now taken over the application and maintains it for all the colleges on campus that are using it. In the past, Central IT has had some mishaps with the roll-out of new applications. While these experiences made users wary about working with them previously, they seem now to be keen to cooperate. For example, while the ERP system was not very useful for transactional purposes earlier, the finance office is now organizing workshops for the college’s sub-departments to teach them how to use the ERP system’s new functions, such as real-time financials and commitments. These workshops are conducted by employees of Central IT and Central Finance. for example the research database. They didn’t even use employee ID, they were still using social security numbers, so they were no key between 203 the (tables)... and so we’ve gotten past those things... they do a lot with meetings, groups, task teams, key users. .. maybe we’re just like Microsoft in this respect, the university has a tendency to roll out things that are kind of half done. In the database for example, the unit-defined commitment was initially rolled out a number of years ago and it didn’t work very well at all. And I think partly, they think users out there can help them make it better. But also what happens is users try it and think, “well, this is funky” and they quit using it, they don’t try it again... (Central IT) does look at improvements. We have to train ourselves to go back and look again. The unit-defined commitments are probably pretty good. They (Central IT) are haunted a little bit, in my opinion. They throw things out too fast, too early, they don’t always explain to the user why this is good for you, what will this improve in your life... You’ve got to do more if you want them to adopt it .. we have been trying to get people across the college— we have been running some workshops here - so use the real-time financials, to use the unit-defined commitments. . ., they do look at it. I have asked the staff here to look at it... They have to use it, or get into the habit of using it... I have asked all of the departments to send their financial people to see if they can’t adapt the real-time financial and rely less on their own systems, to the extent their own systems are duplicating. If they’re just data entering something that they typed a requisition for, and it went directly 204 into the general ledger, why are we doing that? I think people are really struggling to keep up these days... We do our best to leverage what we can get out of the central system... I do think it’s part of the emphasis on bench marking and improving our administrative efficiency. We probably will do more of that. .. one of the reasons I wanted to do the workshops we do here is we do like it, we do want them to adopt it. But just saying, “0 Susie you really ought to use this new system,” when she’s barely keeping up is not realistic. I would say that there’s more of a push because there’s a feeling that we are very inefficient in the IT area and that this is something that we could do much more efficiently. Another tactic employed by the college administration is to encourage users to test whether the data in their systems was similar to that in the ERP system, which was the “book of record”. This was to make them “comfortable” with the ERP system. some shadow systems have gone away and some others have probably either stayed around or been developed... for quite a long time after the implementation, there is the comfort level. So, getting people past the comfort level....we spend a lot of time trying to convince people where there’s redundancy get rid of it... Your fmancials should tie out to (the ERP system), and if they don’t, then there’s a problem. Your shadow system isn’t matching, there’s a problem, you have to fix it. You have to fix it so that (the ERP system) is the definitive source. So, over time when they’ve got comfortable, “yes, this is working”, untying out some of those 205 shadow systems. .. not all of them went away but some of them went away. One tactic Central IT uses to encourage local units to use its services (e.g. file storage) is to indicate that users who do so will be in compliance with various policies (e. g. HIPAA and FERPA). Thus, while there are no mandates and units can run their own services if they want to, they would, if they do so, also have to handle compliance issues. That has encouraged us to use such services as they have. All along, FERPA, all these issues, have become more and more burdensome. . .That’s one of their strategies I think to attract people to use Central things. “If you use this, check the box.” Sometimes, it is hard for users to understand why Central IT decides to be more restrictive on some issues versus others. For example, the HR director would like more the interface for the ERP portal to be simplified, as it causes many errors and would save a lot of time. In addition, it is widely used, which means that it would be easy to obtain buy-in from users. However, it is not high on Central IT’s list of projects. ITS has the score card that they use, and it has all their projects on it and the impact and how they determine what gets done, and sometimes there are things like just changing the look of a page or a portal, or making the functionality better for a search, and for my mind that is a little thing, but maybe there is something deeper technology wise that makes that important. Or maybe there’s an indexing issue that I don’t know about so. To me it seems a little bit backwards, but I think they just learned over the last ten years that units usually know best how to do their business, and 206 what the role of IT is and HR is to give us good systems and good guidance, and good policy, and oversight based on what they know our needs are. The HR department occasionally works with Central IT to develop specific reports. Often, when they build new reports or complex queries, Central IT is informed so it can then customize these objects and make them available to other units, making them into ‘canned reports’. These developments are broadcast to other users via an email list. One example is the research administration domain. These reports are important for complying with regulations, and require data from the HR and Finance databases to be integrated into a single document. Other large colleges also share their reports with the rest of the university. The IT director is part of the IT Commons, which discusses topics like Active Directory, Exchange and SharePoint. Central IT attends this meeting and informs them what it is carrying out currently on those topics. Another group, which reports to the C10, is more formally-organized and discusses broader issues, such as cost models and schedules for firture upgrades. This group only consists of the IT directors of the major units on campus, both service (such as student housing) and educational. Besides these administrative groups, other members of the college’s IT department are part of cross- campus groups on different interests, such as cluster computing, web development, Macs and Windows administration. These groups are less policy-oriented and more concerned with hands-on management. The finance department’s users are also active in various groups on business intelligence, institutional research, and development. 207 They have their own communities of interest. They kind of get together pretty well. The finance director meets annually with a network of her peers in other universities across the US. They mainly discuss budgetary issues, but have expanded to IT somewhat. For example, they talked about their IT staffing. I think we feel we are more heavily staffed in the specific IT areas and not evenly distributed throughout the college... we thought in our own small group we might be more successful in doing that because we might ask questions like what’s done centrally, what do you have to rely on yourself for, that kind of thing. .. (we are) actually pretty good in terms of what we have available and the kind of data you can pull for yourself. Internally, she is involved with the budget administrators group (BAG), which is a large group hosted monthly by the Provost. She is also a member of “Big Bag”, which groups together the larger schools. There’s also the “Small Bag” group, which groups together small schools. The HR director is part of the HR unit liaison group, which meets monthly. It discusses policy changes and their impact on processes and on how data is stored. This group is closely involved with the implementation of the new recruiting system. She is also part of a HR Metrics group, which is coming up with indicators for measuring faculty performance. Since she used to work at Central HR previously, she often relies on her contacts there to find out what they are. I have my peers, people that I work with, people that I know. I pick up the phone and I say “what are you using”? I can go and look at and say “oh 208 that’s nice, oh that’s nifty”, and we come back with two or three ideas of what to do and what not to do based on what we saw. Audits are carried out by the university’s internal auditors on different aspects of the college’s IT environment. An upcoming one is on data management. that is a big issue on campus, because we know the data is all over the place with all the security issues, we’re going thru our files and determining who should have it and shouldn’t even be there. Do we even use it enough, or do we need this column or is it something we’ve always had and we really don’t need it? (this) been ongoing for probably more than a year The finance and planning department are very keen on being involved in Central IT’s planning of new systems. all of us tend to be fairly active in various central university programs that are interested in management university systems. We want a lot of input to speak up for how the new systems are managed... because we’re very data-conscious here at engineering, we have a lot of very skilled staff we are either asked to be on committees, or if we know about it ourselves, and nobody has asked, we ask to be on it. We want someone representing our interests on this... the central staff of the College of Engineering are by and large are recognized as pretty savvy users and are often asked to be part of these. 209 The increasing pervasiveness of IT in organizations means that hiring an employee requires an assessment of their IT skills, finding out what systems they would need to access for their job, and the type of training they would need if they were hired. Case Vignette 10: EduSucceed — College of Business The College of Business has more than 150 faculty, and about 1,000 graduate and 1,000 undergraduate students. It is made up of nine academic departments, and is a highly-regarded business school. Governance External: Personal contacts with Central IT, monthly meetings with Central IT, IT Commons, peers in other universities, various user groups Internal: IT manager direct report to unit head; single lntemal IT unit; collaborative; structured and ad-hoc help request process IT Portfollo Central: ERP, Business Objects, CLearn, student admission system, teaching performance measurement system Local: Excel, Access, multiple student systems, lectu re capm re system Drlft Checklist of students' course of study Course evaluation system Facilities reservation system Course evaluation system Figure 14: Governance mechanisms, I T portfolio and instances of drift for EduSucceed 's College of Business 210 leWonmofio Past In the last 10 years, EduSucceed changed its IT profile: from having 40 to 50 systems that were not integrated to an ERP system. This change has been accompanied by a shift in workload from central units to local units. For example, a decade ago, purchasing would be handled by central units- they would engage vendors, process invoices and make payments. Today, with the ERP system, these activities are carried out online by staff in the local units- they make requisitions, approve orders, and fulfill payment requests. (it went from) not being very advanced to being very, very advanced... different schools & colleges with their own flavor for whatever they need to do. .. there’s been a major work shift from Central units to academic units. . .. that changed the nature of staff work in academic units Man; The business college sees itself as an IT innovator. For example, its admissions SYStem was the basis for an internally-developed social networking site for students. The Personal data that students entered into this site supported the creation of a career services SYStem, with features such as a resume-builder, job postings, and job matching. When these students graduated, this same information was used to develop an alumni management system. Finally, the data in these systems is used as the basis for a business intelligence system. 211 When the university moved to the ERP system, the business school stopped using the admissions and alumni management systems as these functions were now handled centrally. However, these systems were still used internally with the data names being drawn from the ERP system. Currently, there is an initiative to close that down and move the business school completely to the ERP system. The IT department has built many applications for the student services department for tasks such as course bidding, student advising, and job interview bidding. These are used to manage internal transactions, and once the tasks are complete (e. g. the students have selected their courses), the data is extracted as an Excel file and uploaded to the ERP system. The law college has a similar system for its students. The student services director does not think a university-wide system will be built for course selection, because it will be too complicated. A degree audit system was built by Central IT and the business college volunteered to test it, since it does not offer majors or concentrations. The student services team used it behind the scenes and tested it repeatedly to improve it. However, when they informed Central IT that they wanted to release it publicly to students, it was stopped. To overcome that, they put up a simple checklist that students could use. They were quite unhappy when they learnt that the arts and sciences colleges had built one and released it to their students, especially since their degrees were much more complex. The student services director of the business college would have preferred it if every unit was using a central system. The current ERP system is very useful for activities within functions, e. g. finance staff performing financial transactions. However, working across functions is much more 212 difficult, and this is reflected in the system’s features. For example, the data is structured such that the same element means different things in different tables. The report interface is designed to run transactions within a particular domain, not across domains. This issue is due to differences between users and system designers over the ERP system’s role: it was designed with transactional needs in mind, but today, some users are asking for more information analysis features. Central IT is working to close this gap by asking users what their needs are. as soon as you start working horizontally across the organization, that’s when the system really starts to fail... you can have the same element in a variety of tables within the same universe... if you pick the wrong place, you could come back with highly misleading data... if you want to see a snapshot or a summary your enrolment activity in one place, you can’t gets back to that whole Visioning thing and where we want to be when we grow up... trying to guess what people want, we don’t know where we’re going... the (Central IT) organization (has) to try and guess where the university is going and where they should put their resources, and they do that by interviewing deans and directors and put(ting) together a virtual strategic plan based on what people are thinking. The finance director feels that, while the systems have changed significantly, the users have not. Most users still see their work as being transactional, and are not aware of the benefit of analyzing the information available in the system. This is slowly changing across the college. 213 Now we find ourselves with this rich data collection that we've built up over 20 years and we have data that the university doesn't have. the question is how much those people have continued to grow in using that as opposed to just how much they’ve changed the nature of how they did their old job from manual to technology. We are probably industry leaders in higher education. from an administrative systems point of view.... (but) the culture is still .. years back... we came from a transaction-based world that was all paper. All those transactions were then changed to appropriate technology but the output and the information derived from those transactions hasn’t... become part of our culture. We have a transaction culture- everybody puts information into the system, things get done. reports get generated, but we haven’t yet embraced how we can really use this data to (be) more proactive. and to seek opportunities... Recently, some enhancements have been made to the ERP system’s reporting application. For example, users can now schedule reports to run automatically at the end of every month, and can specify “current year” instead of having to type in specific dates. While these features have always been present in the system, they were not made available earlier because they were not considered a priority by senior management and Central IT. It took a lot of pushing from expert users to say, “This will make life a lot easier, we know you can do it, we know the technology is there, Business Objects tells us it’s there, can you do it, can you do it?” It took 214 over 6 months to get current time period, previous time period, current fiscal year, previous fiscal year, but it’s going to save a vast amount of time... Now, those seem like little things, those are not high strategy kinds of issues, but yet they are the kinds of things that enable you to get the information pushed out once you do get it together... There’s been a lot of push at lower levels Up at your level, Jim, I bet you never once gave a thought to “Gee, I wish I had the current fiscal year ability!” However, even within the business college, some departments have ignored the ERP system. For example, the IT department kept its paper-based, manual process. They would do the minimum required to adhere to guidelines regarding the use of the ERP system- c. g. they would enter transactions but manage their activities using spreadsheets. The finance department has helped them by deveIOping queries so that they can extract the necessary data from the ERP system and import it directly into Excel. they’d type into an Excel spreadsheet and manage... color-coding, lining them up, retyping into journal entries... There’s just kind of like no right way to do it, and so everybody’s history, tradition, everybody’s culture determines how it is done. Previously, teaching performance was analyzed locally. It is now managed centrally. The college’s IT department extracts data from Central IT’s staffing system for business intelligence purposes, such as examining teaching loads and performing historical analysis of courses and faculty. 215 £1an The student services director believes this feature is available in the ERP system but has not been switched on yet. They would like a system to automatically update a student’s course of study when she registers for a new course. Currently, the two fimctions are separated and students have to update them manually. In addition, they find it difficult to plan for their courses without knowing when they will be offered and who will be teaching them. The director would also like this to be integrated with the course registration. Examples of Drift The college’s IT manager is not a fan of the phrase “shadow system”. According to him, the college does not persist in using a system if the same function is available I from a Central application. I don't like the word 'shadows'. Shadow system to me means that we’re doing something... and we're using something as a replacement. When the university does something that matches up to what we've done, we generally don't do ours anymore. Use of Excel for financial reporting Excel is widely used to prepare financial reports for three main reasons: the lack of certain types of data, the lack of data at a required level of granularity, and the complexity of the existing reporting tool. Central IT has been meeting the local units to understand their reasons for using Excel, so that it can overcome those issues and move 216 everyone to the central reporting application. Central IT has also deployed a new reporting application that is easier to use. (Central IT) has had a big push to try and understand why they do this, and to close the gaps... they are listening, some of it’s taking a little while, but they are definitely and they have added functionalities like being able to put in unit—defined commitments so you can really plot things out (the new reporting tool is) limited in its scope but really easy to get (data)... make(s) more data visible at a time so that you’re not having to click click click all the way down... Facilities reservation system This has historically been a functionality handled completely locally. However, the university now wants to make better use of its facilities, and is urging all units to cooperate on a new central system. Central IT realized that any system it built would not meet the needs of all units on campus. Hence, it has built a load processor into which units can upload their information. This has been much better accepted by the local units. (the space management system is) a good shadow that works very well for us, but they have no idea what we’ve been doing... (more accurate to call it a) supplemental system... supplemental systems are useful, they take authoritative data and mix it with local authoritative data, so there’s not a lot of redundancy. it’s a local system tied to the central system and everyone in the university is very comfortable with that... there’ve been a lot of overtures out there 217 saying we want or Central wants to work with schools and colleges to understand that local-central data connect... (since) there’ll be local data that does not belong in Central at all... the issue then has been getting the local IT support, the players, to want to play with Central. ourse evaluation svstem While the rest of the university is using a central system for this purpose, the business college is using its own system. This is for two reasons: a) the faculty have some issues with the statistical properties of the central system, and b) by keeping it local, the college has greater control over when it is switched on and off. This is even though the central system is well-integrated with the ERP system and the learning management system, CLearn. However, another reason for the faculty’s reluctance might be that the central evaluation system crashed the first time it was run and lost data. the course evals lead to faculty tenure and what. So nobody wants to be the one to say this is the year we’re switching to the university one... They just don’t want to go there. What’s wrong with us keeping using this? In fact they were very, very anxious when we switched from paper to electronic... Because there’s a lot of research that when you do electronic, the response rate was down. So, you know, how do we coerce, persuade, automatically email students and you know if you have five classes you get five emails and you do one you get four, just too sensitive to that. . .. So, of course they lost huge credibility. You told us this was better... 218 IT Governance and Management . Internal The business college spends $5 million out of its $130 million budget on IT. Their IT department, with 35 employees, supports the college’s research and teaching needs, while the college’s administration relies on Central IT for its systems. The college’s IT department used to focus more on administrative systems, but has moved away from that. However, it does maintain and develop many student services applications, such as the course bidding system and recruitment system. The IT manager sees himself as being an innovator. Some examples of where the college has been ahead of the university include adopting Wi-Fi in 1996 and setting up lecture capture systems in all classrooms today. Currently, the different colleges are experimenting with different software solutions, and perhaps over time, this experimentation will lead to a common solution. The professional schools are more innovative than the other schools, probably because they have students with work experience who know what is available in the commercial or industrial sector. 5 (I try to) stay ahead of whatever that demand curve is (and then) sell (the) idea(s) to the deans and faculty and departments... If you don’t do it at the right moment, you can go too early, you can pick the wrong thing... if you’re too late, you’re behind the curve. You see, the hard part of my job is that you never know what the incoming class is going to be like, you’re never know what new technology is going to hit in the year between 219 September and September... If you don’t observe that, you don’t prepare for that, then you have this crush of demand. An example of Central IT being innovative was the adoption of CLearn, the learning management system, a decade ago. The business college was asked to test the prototype and the library staff worked with the faculty in putting up the material online. That’s a great example where the campus was ahead of the curve. It’s pretty rare. I’m not saying that as a slam. You’re rarely ahead of the curve, that was one was where we were really ahead of the curve. It really helped a lot, because otherwise what you would have seen was departments, some would have gone out and bought Blackboard, some would use SharePoint, some would have and then we would have this real mixture... The college’s IT department is very focused on the students’ experiences at various stages: recruitment, enrolment, and collaboration. The IT department runs a “white-glove care” help-desk seven days a week. In addition, it also handles network engineering, software development, video production, classroom support, research computing, and training small numbers of staff in collaboration with Central IT. The department works with faculty on an ad hoc basis. It does not use ITIL or other methodologies because it is too small to implement them. However, Central IT uses ITIL. you know, they have 49 guys for every 1 guy that I have, and so they can spend time on these deep conversations and we just can’t. But we don’t ignore it, we just do it in smaller ways, there’s not a system we designed that doesn’t come with documentation or we don’t review a data 220 structure before we implement it. It’s not the Wild West; they’re not just making changes to the data. We just have to do it in a simpler way. There are no regular meetings within the business college to discuss how IT can play a role in school strategies. This is reflected in the uneven development with regard to IT within the college. Some units are more advanced than others, because some departments and employees are unwilling to let go of their old systems. Another reason is that the college’s success has made it more resistant to change. In addition, some of the staff responsible for managing IT in the departments who see their jobs as more about ensuring their users can do their work, than deploying new technology. Finally, some departments have been more vocal with their demands and have managed to get their needs met that way. For example, when some faculty members repeatedly asked the dean for funding for some databases, he gave in to their request and they have now created a separate research computing function with 10 to 15 staff. unequal is the word I’d... use to describe our history.. the squeakiest wheel made the loudest noise and got the most response... I’m thinking of Admissions where the feeling is that their need for information is so specific and bizarre need to be able to cut things 7 different ways as opposed to the 5 we can get from the system... we also have the people who do have some responsibility for dealing with the technology who basically flat out say, “I am about supporting the program, I am not hired to do this kind of stuff, that‘s why I don’t look at these things on a regular basis...” So, some of that may just be “that’s not what I’m here 221 for”... It’s hard to change we’re good enough, right? Jim Collins, you know, what’s the barrier to great? Being good. One benefit of the college’s lack of centralization in terms of IT is that it enables individuals with strong opinions to drive change within the organization. .. an individual who is considered the expert and has the drive to pull together a group of people or coalition can actually effect significant change, because you can bring together a set of voices that say “we need to do this” and because there’s no one point of leadership for that particular area, then you can cause things to happen. There used to be an Information Support unit within the college, whose role was to help the different constituencies- students, faculty, and technology- make better use of the data that was available. This was closed down when a new dean took over. The student services director is very focused on constantly improving her department’s business processes and asks her staff to write down narratives describing their roles and activities. Her department has a “team calendar” spreadsheet that lists all responsibilities by position and by date. New employees quickly learn their jobs because all they need to do is filter the spreadsheet by their name, print it out, and access the shared folder under each topic. Each shared folder is organized by process numbers and contains instructions and sample emails. Her team is also very savvy with Excel, and works hard to improve its data analysis procedures and skills. They do approach the software support person in the IT department once in a while for help with SQL. 222 Some times forcing people a little bit beyond their comfort level to say, no we will be using these tools to do this. I know you can print 30 things out, study them and highlight, but we could query that too. Everybody on my team right now, I just say, “Well, you can do that, just use your v-Iookup and do it.” And they can do it. Other units will be doing it correctly, but maybe not as efficiently. .. Unlike most other business schools that are considered its peers, EduSucceed’s business college has not adopted a “best of breed” strategy. The IT manager sees that strategy as problematic because the organization ends up with a non-integrated collection of systems. He has followed a path of building all the systems the college requires off a single database. That way, they are integrated from the start. Operationally, this strategy means that EduSucceed employees have an integrated view of their clients; for example, firms have more than one role as they are seen as donors, hirers, and a source of students. External In EduSucceed, Central IT does not make anything mandatory. This can make it difficult for employees in the units to plan for the long term, in terms of what information they should collect, and impedes their continued evolution. (Central IT is more into making) suggestions... nudging, pushing... we’re not big on mandates... consistency across academic units is not something that Central has been very effective at requiring or demanding or mandating. That’s just not how (EduSucceed) does things. 223 We haven’t crossed the chasm from teenager to adult. We’re struggling with that because we’re so decentralized. There’s no overseeing body that can say..... everyone’s kind of doing their own thing, their own impetus, based on their own resources, leadership, proclivity. (It is) hard to manage fi'om the middle... without clear direction from the leadership on what the goals of the program are... 2,3,4,5 years out... it’s really difficult to provide the information that might be used The business college is involved in various university-level discussion groups on IT. These include a strategy-level discussion group and monthly unit liaison meetings between Central IT and functional staff from various departments in the college, such as the finance, HR, research administration, and student administration. During these liaison meetings, Central IT informs users about new developments in the university’s IT infrastructure, and users do the same from their point of view. There is also a Business Objects user group for those who use the reporting application. It has hundreds of members, and is not very useful because of the wider range of skills and knowledge within the group. This made the users frustrated- the training was either too easy or too complex. This led some of the advanced users, including the business college’s financial accountant, to set up their own Expert Business Objects user group. This group has also created “Business Objects Television” to help train less-experienced users. It’s people like myself (the student services director), academic unit leads and people from (Central IT) regularly will come to that and say “these are our projects”. We think these are the priorities and one or two times a year they will say, “The provost wants us to work on this. This is an 224 enhancement we need to make. (The ERP vendor) is coming out with version...something and that means we have to do modifications. So we don’t have infinite time, we programmers, to give to you, but these are ideas you’ve been tossing at us and telling us. Let’s sit here as a group and (find out) what interests are the most...” In addition to these formal links, many users use their personal relationships with Central IT staff to ensure that their needs are met. However, if a unit’s employees are less-skilled or less demanding, it is possible that that unit will have less influence on Central IT. (It’s a) quid pro quo system... when we’re moving in a new system, I’ll move all my stuff in and work in your testing environment and you can check through everything, and in return, I want, when I say I’ve got an issue, to be able to get somebody looking at it more quickly than perhaps just working through the helpdesk. if one of us isn’t generating that interaction or that prodding that we should get involved with this group because it’s going to affect (us a) few years down the stream... we are pretty savvy about using what is there and then pushing back to say we need my team actually has done things like say it’s too bad this data element isn’t in the dataset and will push back to the ITS and say do you have plans to add that data element? If not, can you give -- some times it’s there but it’s not there for us to have. 225 when we tell them the convoluted ways we’re going around to get what we need, we were able actually to persuade them to make something a query that before they were delivering as a flat report that you couldn’t filter, sort or do anything with. The IT manager is part of the IT Commons, which groups together IT managers from across campus. It has been around since 2002, and the original intent was to help Central IT plan the infrastructure needs of the university, so as to avoid the tragedy of the commons. They formed some permanent working groups for areas such as wireless networking and networking hardware. By laying down minimum standards for things such as the type of fiber that should be laid, the type of distribution layer switch, and the thickness of the conduit, they helped prevent users buying the cheapest devices they could find. They also changed the costing structure, so that it is now shared with Central IT and the local units. These activities took place between 2002 and 2005. They next shifted their attention to shared services, such as learning management systems and email. Their progress there is shown in the decline in the number of Microsoft Exchange servers from 8 to 3, and in the merging of their Windows Active Directories into a single one. This group is informally linked to Central IT. So they gather input from us, we tell them where the pain points are, and together we say well,1 these are the top 3 points, and that’s where we go off... Now, they believe they have gone as far as they can without Central IT becoming more involved in planning the university’s infrastructure. The current IT rationalization exercise taking place across the university is an outcome of this. Its objective is to 226 develop a new governance structure to decide at which units and at which level different IT-relevant decisions should be taken. The IT manager is concerned that this should not prevent innovation by the local units. However, commodity activities like email should be handled centrally or be transferred to a vendor as part of a cloud computing initiative. When this has happened in the past, the IT manager has managed to avoid laying off his staff by converting them into newer roles. One example of the IT manager’s preferred outcome is what he would like to see happening with Microsoft’s Office Communication Server. This is currently running out of the business college but is supporting 12,000 users from across the campus who are running Microsoft Instant Messenger and Live Meeting. Such applications should be transferred to Central IT once they have taken off and become a shared service across campus. However, there is no such mechanism currently. so we're coming up with a governance structure, but not a governance structure that prevents innovation at the edge. That's the challenge. We don't want to kill that engine in law and business and medical school who are probably are leaders... This is where we miss it today. There’s nobody in central campus for here. We can’t even petition to say “we’ve done as much as we can do with this. The business school shouldn’t be running Office Communication Servers. This should now be a shared service. You take it.” That’s where this new governance structure comes in... then they should be able to take the same, decide now something is a commodity, take it to a cloud... But there are funding issues with that, it’s not going to be easy. 227 The business college’s IT department is willing to approach other units to get more information about an application it is planning to install, but this is not common behavior. Sometimes, they share applications they have developed with Central IT. For example, they passed the source code of an earlier version of a business intelligence system they developed to Central IT. We typically don’t do that. We don't take a turf survey and find out, “Well, they’ve got a bit, they've got a bit, let’s start from there” While some parts of the business college are known for being very independent, others are respected for their collaboration with other units across campus. There are no guidelines or norms in this regard from the college’s senior management. there’s not a lot of consistency across (our sub-units) because our own inconsistency then filters right up to interactions with Central (IT) some people think we’re the University of (the name of the Business College), you know, there’s nothing else, in other cases, there are some pretty good examples of where we can be leaders. There isn’t a lot of that consistency out there. . ..there has not been a top-down in this school to press that. The business college at EduSucceed is part of the Association of top 25 Business Week-ranked business schools. Within that structure, employees from different universities who are in the same function interact with each other. This leads to “chimney interactions” among these higher education institutions, not little high-level institutional interaction. The IT managers in this grouping often survey each other via email when they are planning some new IT implementation. For each application, they ask each 228 other: what do you use, why do you use it, who does it serve, how much does it cost, do you like it, and what would you do differently? The person asking the questions is responsible for consolidating the information and presenting it to the group. The business college’s IT manager at EduSucceed used it when deciding what to use for the lecture capture system. Other Interviews: EduSucceed - Senior IT Manager, Local IT The IT manager of the largest college in EduSucceed has worked at the university for more than 20 years in many different jobs. In that time, he has been involved in a variety of major IT projects, such as the shift from mainframes to distributed computers, the Windows 95 roll-out, and moving networks from Novell/Netware to Windows NT. His current college has 19,000 students, 5000 staff and faculty, and 10,000 computers. He has been the IT director at this college for the last five years, and reports to the operations director, who reports to the associate dean for budget, who finally reports to the dean. This hierarchy is similar to the positions of other IT directors on campus. Only the IT managers of the business and engineering colleges report directly to the dean. This distance from the dean concerns him, although it may be changing. For example, he is meeting the Dean for the second time in his five years in this role. He attributes this change to the current IT rationalization exercise. One of my concerns in my role is that I am buried deep in the organization. When I talked to other CIO’s, their concern is that I don’t hear enough of the business issues in my role and I agree with them. I have said tactfully and diplomatically to the people I report to that I would 229 like to hear more about the strategic challenges that the Dean sees I don’t think I hear enough of that frankly because I am too low on the chain... There’s not a direct reporting line that’s changing. I am starting to have more communication directly with the associate dean for budget... We all know each other really well, I talk to (the IT managers of the business and engineering colleges) all the time. They have heard my angst about being buried a little too deep... me with my IT, I hear these issues and I can go away thinking, “how can IT help?” And that’s what I’m trying to do. IT Portfolio Current His college uses some centrally-provided software: the ERP system for finance, HR and student administration, instructional software, and Microsoft Exchange and IMAP for email. A local shadow database is used to monitor the key performance indicators (KPI) of staff and faculty. SharePoint is a collaboration application that was rolled out in the college about two years ago. The departments in his college use Quicken or Microsofi Money to track their budgets. This is because the central system is not up-to-date, i.e. it does not have real- time data. It is more useful for the overall university. If you want to know what’s in the checkbook, people will create their own local system. It’s more of a balance and check system for themselves. 230 IT Governance and Management Internal This college’s IT budget is $6 million: $2 million is for salaries, $2 million is paid to Central IT for the college’s use of the university’s network, and the balance is spent on hardware and software for the college. This college pays for a large part of the costs of the university’s network ($2 million out of $7 million) because it has the most users. The IT manager provides the 70 departments in his college with funding to upgrade their computers, based on the total number of employees they have. His department does not determine how the money is spent; it only mandates that the computers be no more than four years old. . The departments make their budget requests in fall, and find out by summer whether or not they have been approved. In the last five years, almost all requests for additional funding have been rejected, and he looks for ways to help them by finding out if other departments have the resources they want and are willing to share them. These resources range from servers, applications, cycles of spare processing time, server rooms, and staff. He has thirty full-time employees and about ten temporary student employees. Some of them run the college’s help-desk, while others are in charge of research computing, networking, security, and Windows servers. Another department handles instructional computing. Although he does not oversee them, he meets their director every week to discuss their plans. Currently, they are talking about the impact of social networking, such as Facebook and Twitter. There is also a separate Management 231 Information Systems department, which manages the KPI database and is closer to the budget and finance department. Centrally-provided applications, such as the ERP system, are supported by Central IT. An application called “Keyservers” is used to track the college’s software licenses and the number of machines. However, once in a while, they will find some computers that are not in the database, because they are only switched on irregularly. He has no direct authority to mandate that the departments in his college use certain applications. He negotiates their choices with them, and uses a different approach for different issues. Just like the University, we’re decentralized. Even though I work at the college level, the (X) department can tell me no. We will have a discussion then. I’m trying to persuade them to cooperate with the college. They want to do something that will benefit the (X) department. We may let them do it. If I feel strongly enough about what they’re doing, I will build them their own separate shadowing system. I can bring in the pressure- “Dean’s office muscle” as we call it. I don’t try to do that too ofien. Typically we try to work these things out. Usually the (X) department or (Y) department has a good reason for doing something differently or separately. At other times they need to cooperate, so we have those discussions. Twenty of the seventy departments in the college have their own IT teams, comprising about sixty staff. They report to their department heads, not the college’s IT 232 manager. He has some limited informal oversight over them, and works to increase their cooperation. One way he does this is by having social meetings every two weeks. the reporting line to me is a dotted line. It is not formal, they can tell me no. If they tell me no, I can go to their boss and pose pressure... because I work at the college level that there is a sense of being defensive, that we don’t respect them enough because they don’t work at the college level. It is my job to assure them that we value their skills and that they’re one of us. But, they don’t always believe that. We have professional disagreements and sometimes it gets intense. My job is to always work that out and I tell my folks we’re in a marriage here, there’s no divorce. We have to get along. We regularly meet once every two weeks and not everyone can come. It’s opt in, opt out. We try to build community and relationship with folks. We have email groups where we talk frequently. I meet face to face, one on one. I’ve started with the really big units a bi-monthly meeting. I brought them together, we go out to a restaurant, sometimes have beer. Purpose of just building a relationship to help when we’re working together day to day... We actually get along pretty well. Like a family, we have arguments sometimes, we yell. We’ve created quite a good system. He is concerned about security, especially with the shift to laptops and portable thumb drives. So, his team is slowly moving toward encrypting laptop hard-disks, and reminds users not to place sensitive data on portable devices. There was an instance when a member of the public found a thumb drive with sensitive data about the college. 233 Luckily, the finder mailed the thumb-drive to the Dean, who proceeded to use it as an example in his discussions with the other college’s senior administrators. We don’t want to be in the newspaper about a major security breach... That story resonated through the college and we use that story when we talk to the faculty and staff. External While users approach Central IT if they have any issues with the central systems, the IT manager takes a longer-term and broader perspective in his role as an intermediary between the college and Central IT. He collects feedback from the department chairs and Deans about the central systems, and presents an anonymized summary of their responses to the leadership of his college and Central IT. One concern faculty often mention is the overwhelming administrative burden they are placed under, with the various systems they have to use- instructional support, grant proposals, grade management, email, and so on. how can we make the work we do at (the university) simpler? That’s what I hear all the time. When we go into (the ERP system), why does it look so different from (the instructional system)? Why does email look so different from those two things? Can’t we figure out ways to make things more similar? He is part of the IT Commons, a grouping of IT managers from across campus. It was begun by a former university CIO about six to seven years ago. The aim was to build a community and to coordinate the work of the IT managers. They meet once a week for two hours and were not integrated with the rest of the university’s leadership. Before the 234 current CIO, they used to be de facto in charge of the university’s IT. The current IT rationalization exercise will change this, as one objective is a new governance structure, where IT and functional leaders will be integrated. One of the biggest achievements of the IT Commons, according to this IT manager, is the reduction in the number of email servers. Now, almost all units use, or are planning to use, the Exchange server provided by Central IT. Other improvements have been a shared help desk system called Footprints, and a shared IMAP email service. He hopes the same will happen for other applications, such as SharePoint, a document collaboration application. His college began running it 2 years ago, and currently, he is supporting about 10 other units that are using SharePoint off his servers. It is not offered by Central IT, but he hopes that it will soon be, so that he can reduce the burden on his staff. Before, each was building IT in our environment without respect for what others were doing. We were making huge redundant silos- we had email servers in every college. We had separate domains, separate networks- in fact, we were competing with each other for who could build the best and the greatest... our CIO said, “We’re wasting a lot of money doing this redundant work. Can we try to work together a little more?” What I’ve been trying to do in my area is get my IT people to focus on things that add value to what we do. If someone else can provide, why should I provide it? Something that’s unique to (my college) is probably the research computing that we do. Some of our administrative 235 processes. . .- we do things a little different in some areas from the rest of the campus and I need to focus on those. I want to use SharePoint, but I don’t want to run it. Just like email, I want to use it, but not run it... This IT rationalization project that is underway will reassess what I should be providing and what (the CIO) should be providing. The different groups in his department (e. g. servers, cluster computing etc) meet their peers from across campus weekly or less often. There are also several email lists, including one for IT jobs on campus, as the IT managers would rather hire someone from within the university. rather than losing the really good people to the outside world, we’ve created a mail group on campus IT jobs. There’s value in that. I would rather lose one of my guys to someone to another area on campus, keep them in the company... the longer you’ve been there the more you know the culture. That’s invaluable and that can take awhile to get familiar with. Other Interviews: EduSucceed - Senior IT Manager, Central IT This IT manager has been working with EduSucceed before the ERP system was implemented more than a decade ago. She is currently in charge of the ongoing IT rationalization exercise, which was put in place partly because of a decrease in fimding from the state government. EduSucceed is a very decentralized organization. There are few common policies across units and unit leaders make almost all of their decisions autonomously. This makes it difficult to introduce university-wide systems. Each unit has its own IT team, and these 236 teams do not report to Central IT. This structure has remained the same since before the ERP system was installed. The Central IT function was also divided into a few different units (infrastructure, ERP, and instructional IT) and these are in the midst of being combined. EduSucceed was one of the pioneers among higher education institutions in using an ERP system. The motivation for the project was the lack of a single authoritative source of inforrnatiOn. One consequence of this was that different units would end up recruiting the same student. To overcome this problem, a governance committee composed of information stewards was set up. These stewards were individuals from different domains across the university who used particular sets of data, e. g. admission or purchasing. This committee was not based on the university’s hierarchy or organizational structure, but on job responsibility. The project was fiinded centrally, and units that provided manpower were repaid. The Provost insisted that all of the Deans had to support the ERP project publicly so that he could hold them to their commitment to “one way of doing business”. However, this was not very helpful because each of them assumed that the “one way” would be their way. During the implementation, units that asked to leave the project were not allowed to. Instead, their concerns were addressed by customizing the software. The result is that the ERP package used by EduSucceed is highly- customized, and has high support costs. Now, the university is attempting to integrate its IT infrastructure to reduce duplication. For example, there are three separate networks and multiple Microsoft Exchange email servers. Central IT is attempting to measure the cost of this redundancy and is working on creating a governance structure that would help decide which pieces of 237 EduSucceed’s infrastructure would be centrally-maintained and which would be locally- maintained. Another area of concern is the duplication of applications. One example is local reporting systems. The ERP system’s data is the “book of record”, but many units are extracting data from the data warehouse and saving it in local reporting systems. Central IT feels that this function can be provided centrally. Upon investigation, it found that the main reason for the proliferation of local systems was that the central systems only had end-of-month figures while users needed more up-to-date information. Central IT corrected this and is now asking users to show them the reports they are using so that they can recreate them centrally and close down the local shadow systems. Another example of duplication is a customer relationship management (CRM) application for student recruitment. Central IT found out that four units were interested in such a function and convinced them to write a joint business case. However, the fimds were not approved by the Provost. Since the units are autonomous with respect to their funding decisions, they decided to go ahead and deploy them on their own. Today, three years on, there are 6 CRM packages running in EduSucceed. This issue is exacerbated by the continuing presence of IT staff in the local units. Once the ERP system was installed, these IT employees built new local systems. Central IT is encouraging the units to adopt commodity services like email by informing them that they can give up a certain number of individuals if they adopt the central solution, and use the same individuals to take care of discipline-specific software. Enhancements to the ERP system are decided by a governance structure where the IT team presents to each domain (e. g. admissions, finance, human resources) the requests their members have made, the effort required for each request, and how many of the 238 requests can be fulfilled. This prompts the domain members to inform Central IT which requests are more important and should thus be a higher priority for development. Requests for new modules for functions that are not available at present, such as managing fimd-raising, go through this procedure: users interested in this domain must be brought together so that a community can be built, a business case must be written by these users, and finally new capital funding can be requested. This ensures that the users of the software are committed to it, and are involved from the start with its selection. Such structures did not exist for IT infrastructure. Central IT staff and IT managers in the different units do not meet to discuss such issues. Although they are all members of a cross-campus group, it has no authority and is more of an informal channel for sharing ideas. If someone had an idea, he or she would put together an ad hoc group to work on it, and others could join them if they were interested. An example is the learning management system. It was developed by a faculty member and offered to others. When the dean of the largest college mandated its use by his faculty, its user base increased tremendously, despite the absence of any production support mechanism or governance structure. Central IT wants to run it with the same level of structure as the ERP system, while still allowing the faculty to continue innovating. This was unlike managing the ERP system, where the focus was on “keeping (the) trains running on time”. Another example of a domain that requires more structured governance is research technology. EduSucceed is part of a consortium of €105 of research-intensive universities in the Midwest who are now collaborating on developing applications for the cloud computing environment. Since most universities are not comfortable with this 239 environment, their model is “above the university and below the cloud”, so that universities can use these applications without handing any data over to vendors. One example is book digitization; they are now planning data storage for research computing. 240 CHAPTER 6: ANALYZING PORTFOLIO DRIFT The purpose of this chapter is to answer this research question: why and how does portfolio drift occur? When the data collection was initiated, EduExcel was expected to have a higher level of drift in its IT portfolio compared to EduSucceed. This was because EduSucceed had implemented a centralized ERP system a decade ago, and this system was being used by all of its units. EduExcel, on the other hand, is in the midst of its ERP implementation, and has not carried out major IT projects led by its Central IT unit in many years. Figure 15 depicts how the two institutions’ IT portfolios have evolved differently. Thus, while both universities are decentralized in terms of their organization, they differed from each other in terms of the level of influence their respective Central IT units had on the overall operations of their institution. Shadow IT Enterprise Systems Shadow IT \ J V EduExcel k J V EduSucceed Time T1 T2 T3 Figure 15: Comparative T imeline of IT Evolution at EduExcel and EduSucceed 241 Surprisingly, EduSucceed was found to have a considerable amount of drift in its IT portfolio. Although its ERP system was still used by every unit for their financial, HR or student services needs, other aspects of its IT portfolio were less standardized. Many units had developed or purchased their own reporting applications to complement or supplement the one that was offered by the Central IT fimction. Other applications were deployed to support collaboration, customer interaction and performance assessment, since these functions were unavailable from the applications Central IT provided. Finally, there were instances where local units installed their own systems, even though similar functionalities were available from the applications offered by Central IT. This situation was one of the triggers for the IT rationalization exercise that was currently being conducted. With EduExcel, in contrast, the challenge was in defining drift. Since there were very few central systems, there was in some sense no “original portfolio” from which the five units in EduExcel had to drift away. Their IT portfolios consisted of various shadow systems that had been developed over time to deal with the lack of appropriate or useful central IT systems. There had also been little attempt by Central IT to manage the proliferation of local IT systems until the current ERP implementation project. However, there were units that were trying to minimize portfolio fragmentation within their own units- some were succeeding, while others were not. All of these took place in a context marked by continuously declining state contributions to higher education. 242 Patterns of Drift In the previous chapters, portfolio drift was defined as locally-driven but centrally-unintended adaptations of an organization’s collection of IT assets. In addition, drift was said to comprise workarounds of officially-mandated applications and the implementation of alternative ‘shadow’ systems. During the interviews, it was fairly easy to identify examples of shadow IT and obtain information on the reasons for their existence and the roles they played in a particular organizational unit. However, it was much harder to obtain data on workarounds. This was for at least two reasons. First, the interviewees were managers, and thus, many of them did not carry out the routine transactions of their units. Workarounds are usually more familiar to the employees who carry out such transactions. Only in one case was a list of workarounds formally recorded and distributed. Otherwise, knowledge of workarounds was said to be transmitted informally within work groups. Second, the managers had a greater awareness of the different systems that were present, both official and non-official, because they were usually involved in approving the purchase or development of these systems. In contrast, workarounds do not need to be approved by managers before users carry them out. Hence, it is likely that managers will not be aware of the workarounds being used by their staff. Despite the lack of detail on workarounds, the existence of shadow systems is sufficient evidence that IS portfolios do drift. Portfolio drift refers to the ongoing, macro-level outcome of the micro-level actions of various agents. The practice theory perspective adopted in this study, along with the focus on examining IT artifacts as ensembles, focuses the analysis of portfolio drift on these three elements: the appropriation and re-creation of social and technological 243 structures, the material properties of the technologies, and the balance of power between users and their managers. These elements were used to differentiate the abstract patterns of drift that surfaced from the inductive examination of the data. Table 10 summarizes the instances of drift and their antecedents and consequences. This analysis revealed that the various instances of drift could be aggregated into at least three categories. These categories are discussed below, along with examples from the data. Shadow systems Antecedents Consequences 7 A "I. y , EduSucceed 7 I 7 Periodicity of data in the Central changed central system different periodicity (monthly to from what was required- weekly) unable to get up-to-date Surveying local units to . information learn about the reports they Budgeting and . . . . Faculty apporntrnents splrt are usrng, so they can be fmancral . . . mana ement across different unrts- not re-created 1n central . g . reflected in the central application applications , system Users reluctant to grve up Lacked required fields - own applications because need to record information they are a check of the not captured by the central amounts in the central system ledger Users share reports/queries Reporting Users do not like features after building them applications in central reporting Users build reports in application Excel after extracting data from data warehouse Multiple email servers and . . . . applications E-mail & Drssatrsfactron wuh. Difficult to share calendars . exrstrng IMAP email . . calendaring . . Email servers being applrcatron consolidated- not coordinated by Central IT 244 Table 10: Antecedents and Consequences of Drift Table I 0 (cont ’d) Functionality exists in ERP Position system but very complex Duplication- applications management and would require every with same functionality database unit to change their built by multiple units business processes t fr ’ Research expertise £33223 pgi'rtlngfsllege S Has to be locally maintained at high cost- database Useful for development office not a focus of Central IT Faculty recruiting system Requirements differ across colleges and departments so difficult to build standard system Developed by department within a unit Used in some departments, not by unit or Central - low priority Faculty promotion system Paper-intensive system, with complicated workflow Incremental improvements locally- e. g. standardizing steps across departments, paper to PDF, and manual to electronic signing Fire extinguisher Users requested new system to replace Users using both new and management system spreadsheet being used old tracking systems now Eggglrnttofiproached Sub-unit stopped work on HR dashboard HR officer found out that project, but not working Central IT had similar wrtl:l Central IT- strll vvrth product ven or Functionality Of ERP Used as a check on the system lirnited- does not official a 011 fi es Payroll handle level of detail in (3 tr a1 1:1 If d FE?” work-codes required by on an rnance sub-unit not informed Collaboration Requests from users to use One unit, not Central IT’ application Sharepoint supporting users from ten units 245 Table 10 (cont’d) Student course E duExcel ' ' Vendor’s application did not meet local Central IT responded by building its own checking tool specifications :jeilalcseemsenlteaepfillcatron Functionality of ERP system limited- wage Payroll flexierzgfiggxbfib Duplicate systems what is available in central system Functionality of central system limited: I did not have required number of fields I did not support 0 Multiple applications being Budgeting and budgeting used financial I did not support split 0 Difficult to discover management faculty appointments or applications and reports applications funding being used- quandary for I did not have required ERP implementation team periodicity of data No link between university system and local financial applications Making a Truce This type of drift is the result of a negotiated agreement to preserve the balance of power at many levels: between users and managers, between central and local units, and between IT and other functions. From a Bourdieuan perspective, the relative positions of different agents in a field are determined by the types and amounts of capital they hold. In addition, different forms of capital are both the weapons and objectives as agents struggle to dominate other agents in a field. 246 The field here is the social space in which different units interact to decide on IT investments. While both the local and central units possess the means of developing new applications, which is a form of economic capital, only the local units can pronounce which application provides the authoritative information they require. The latter ability is a form of cultural capital. Units rich in this field-specific capital of authoritativeness dominate the field. They excel at resisting efficiency-driven requests to use pre-existing applications. The dominated central unit cannot enforce a mandate to use pre-existing applications because declaring a system as being authoritative has consequences for the clients whom only the local units interact with. These clients could be the government, students, or the senior management of the local units. The resistance of the local units compels the central unit to deploy its financial resources to modify its portfolio. Although financial resources are also a form of economic capital, they play a limited role in this field. This is partly because the local units are fairly autonomous in how they manage their budget. Thus, the attempts to fill a gap in the organization’s IT portfolio play out in a series of offers and counter-offers between both parties (Figure 16). The negotiations as to which application fits conclude once a decision is arrived at, but can be re-visited by the local unit if the functionalities of the pre-existing applications change. Three examples of this type of drift are presented below. 247 Central Central function Central function Central function function Proposal Counter- Modified Proposal Proposal ---- Local Local function Local function Local function function T1 . T2 T3 T4 Time Figure 16: Drift Category 1- Making a Truce Example 1: student request tracking log After September 11 2001, the federal government required universities to monitor their international students much more closely. The International Center was the department responsible for this at EduSucceed. At that point, there was no mechanism to track whether students were fulfilling their administrative responsibilities, such as registering for classes, or whether their requests were being answered appropriately. The ERP system was used to carry out transactions, but not monitor them for each student. Student requests, such as visa renewals, were listed on an Excel spreadsheet. The new federal mandate led the International Center’s senior manager to ask Central IT whether it could meet her requirements with its existing systems. They informed her that, while the ERP system had a checklist feature, customizing it would take some time. The center’s manager and Central IT then agreed that the center would build an Access database for this purpose, but would move the database to the ERP 248 system once the checklist feature became a viable option in future versions of the software. Example 2: course checking application The various colleges in EduExcel required an application for students to determine which courses they needed for graduation, and for student advisors to check the students’ programs of study. The university contracted with a Canadian software vendor to develop this application. However, it was inaccurate because the Canadian educational system was very different from the US system. This frustrated many advisors, even leading one college to develop its own application. This was not acceptable to EduExcel’s Central Student Services unit and it attempted to stop it. The vehement feedback from users led to Central IT developing its own application for the same purpose. This new system meets the colleges’ needs and is currently being rolled out. It is also linked to the original Canadian application, as the university wants to use that as an additional check. Example 3: financial accounting systems Although EduSucceed’s ERP system has been used for a decade, many units are still using various shadow systems in addition to the ERP system, such as QuickBooks or Access- or Excel-based tools. The reasons for this include: a) a lack of data fields- units need to record more information than what the central system captures; b) different data periodicity- the units are unable to get up-to-date information; and c) the inability to split up faculty appointments across different departments. After surveying the local units to find out their needs, Central IT made some changes to the ERP system. For example, it changed the periodicity of the data from 249 monthly to weekly, and re-created some of the reports they were using in the central reporting application. However, local users are reluctant to give up their own applications because they act as a check of the amounts in the central ledger. This issue is part of the current IT rationalization exercise. Co-creating the Portfolio-in-Use This type of drift results from local units developing their own applications to resolve issues in their work processes. Such activities are not planned by either the management of the local or central units. The IT that emerges here is the result of user- driven, unplanned activities to make work less onerous. These technologies are usually fairly innovative and are, unlike the applications in the prior category, introduced with minimal interaction or negotiation with Central IT. This reflects the difference in the dispositions (habitus) between the local functional units and Central IT. The former were keen to adopt new technologies, if they reduced their workload and if their functions were fairly resilient to technology failures. In contrast, Central IT was focused on avoiding any disruption to the organizational IT portfolio and keeping it stable. This reflected the classic tension between short-terrn reliability and long-term effectiveness. In addition to being motivated by the goal of lowering the burden of their work, individual users also engage in these activities when the material properties of the IT systems they are creating allow them to do so. Since they were building new systems, there were no pre-existing systems embedded in the work processes. However, this does not imply low switching costs, because they often act as a bridge between existing systems. These new systems are often built using flexible platforms, such as Microsoft 250 Access or Excel. This made them much more controllable and adaptable to the needs of local units. Finally, as these innovations appear over time, they gain credibility and respectability when other units begin using them, in addition to the unit where they were first developed. This process makes them more salient in the IT portfolios of the local units, bringing them to the attention of Central IT. Over time, the local units which introduced these innovations ask Central IT to take over their maintenance, because it becomes too burdensome for them. This process was referred to as “offloading” by one of the interviewees, which reflected a common strand across many interviews. While this type of drift is praiseworthy, because it benefits the broader organization, formal mechanisms are required to ensure that, as the innovations became more commonly-used, local units would be able to use them without being concerned about having to run them too. Three examples of this type of drift are presented below, and this category is summarized by the figure below (Figure 17). Central Central Central Central function function function function My Local Local + function function NIT" 1'1 T2 T4 'nme Figure 1 7: Drift Category 2- C o-creating the Portfolio-in- Use T3 251 Example 1: scholarship matching system The College of Engineering at EduSucceed awards scholarships to students if they meet certain criteria. These criteria cover a range of attributes, such as academic achievement, income, community work, hometown, and degree major. Since the individuals who endowed the scholarships wanted to see the funds used to support the causes they had identified, matching students with scholarships was a very time- consuming process that used to take multiple weeks. A financial manager in the college developed an Access database that was linked to the Central Student Services database, and reduced the process to a single day. As other colleges began asking to use this application, Central IT took it over and maintains it. Example 2: learning management system (CLearn) CLearn was developed by a faculty member of EduSucceed. As the software became more popular, more colleges began using it, and its user base increased tremendously. However, it was not supported by Central IT- there was no governance structure to decide how new developments would be agreed upon, and there was no distinction between the production and testing servers. Next, it became the basis of a collaborative project with other universities. More recently, it is supported by Central IT but is still not part of the common IT management structure. Example 3: document collaboration application (SharePoint) The largest college in EduSucceed began offering this application to its users two years ago. Since then, ten other units have started using it, and are accessing the college’s server. The IT manager of the college is not keen on operating in this manner, and would 252 like Central IT to replace his department in supporting SharePoint. He would like his team to focus on supporting applications that are unique to their college. Going it Alone The third type of drift refers to a situation where local units attempt to involve central units in developing applications, but central units do not reciprocate. This occurs even though the applications may be of use to other units. Here, a central challenge is uncovering the rationality underlying the actions of the different agents. Their reasoning may not be limited to economic logic, but instead may encompass a wide range of other functions and ends (Bourdieu & Wacquant, 1984). Even though both the central and local units are part of a field, their struggle for dominance should not be viewed in the context of this interaction alone, but should instead be seen from the entire sequence of interactions. From that perspective, examples of drift from this category may be strategic moves made in response to or to prompt actions in other domains of interaction. For example, Central IT’s refusal to cooperate with the Facilities Management unit in the second example below could be traced to prior interactions where Facilities Management did not accede to Central IT’s requests. Agents have a sense of what the appropriate response should be when they make a particular move. When the response does not fit their understanding, they recognize that the other party has made a misstep of some sort. For example, local units expect Central IT to prefer the re-use of existing applications, not the development of duplicate ones. This understanding defers to Central IT the right to manage changes in an IT portfolio. When Central IT does not meet that expectation, local units adjust their perception of the 253 structures that guide Central IT’s actions. To achieve their goals, local units could then accept that they can operate under fewer constraints, or they can examine other moments of interaction to assess whether such a response is warranted or typical. Two examples of this type of drift are presented below, along with a diagram summarizing them (Figure 18). The costs of going it alone include the long-term costs of maintaining an application, and the difficulties of moving to a shared application in the future. Moreover, there may be a more vehement response later by Central IT to a “going it alone” strategy. What sources of capital would the local unit need to deploy then to maintain their position in the social space? Central Central function function No response Local Local Local + function function function ”I?” T1 T2 T3 fime Figure 18: Drift Category 3- Going it Alone Example 1: course checking application Previously, this procedure used to be carried out in EduSucceed’s College of Engineering by an employee who downloaded the data from Central IT and ran a report. However, the report was very long and confusing. In addition, the college was informed by Central IT that it could not make a local copy of the data. This information triggered a discussion with Central IT as to why this procedure was being carried out in this manner. Following that, the college’s IT department developed an application which accessed the 254 data remotely and produced a report that was easier to understand. However, this is still not a complete solution because the data from Central IT is a complex mixture of binary and XML formats, making it difficult to parse. The college’s IT department has asked Central IT to remedy this. The complex format of the data means that colleges need staff with advanced IT skills to develop the course checking report. Thus, colleges who do not have such employees will find it difficult to create the reports. The reports cannot be shared across colleges because of the differing degree requirements. Example 2: electronic time-clock EduSucceed’s Facilities Management (FM) department was interested in migrating from a paper timecard system to an electronic one. This would reduce data errors and increase accountability. Since Central IT had an electronic time-clock, the IT manager approached Central IT about using it, even though it lacked some of the features he wanted. He asked Central IT to provide him with a dump of the data so that he could insert it into F M’s payroll system. Even though the software vendor agreed that this could be easily done and that other organizations had done so before, Central IT refused to set up the FTP server so that F M’s IT manager could obtain the data. This pushed him to develop and deploy his own electronic time-clock. He was very fi'ustrated and disappointed by the experience- for one thing, one could now go across campus and find many locations where both electronic time-clocks were placed beside each other. Comparison of Drift Categories As befitting the definition of drift, all the three categories were initiated by local units. However, each category had a different trajectory, a result of the interaction 255 between different forms of capital, the distinct dispositions of the various agents, and the availability of opportunities for these dispositions to be actualized. The diversity of the different agents influenced the resources they could draw upon to affect their own and others’ actions in the field, the results of which enable and constrain future actions. Understanding this interaction will help develop a process theory of drift, which is undergirded by temporal interconnectedness, embeddedness and a search for holistic instead of linear explanations (Pettigrew, 1997) Table 11 depicts the differences between the three categories of drift in terms of the concepts from the practice perspective. All episodes of drift begin with a request for a new functionality, such as the ability to adjust time periods easily or show greater detail in financial reports, or the ability to communicate efficiently with employees who are not familiar with e-mail. IT departments in the local units see their role as meeting the needs of their users. Sometimes, they want to stay ahead of their users, so that they do not have a chance to complain. Thus, they are, or at least try to be, well-connected to their users. This is important to them because meeting their users’ needs enhances their credibility and reputation within their units. In addition, providing their users with what they want also makes it easier for the IT department to manage its IT portfolio, since it knows exactly what systems are being used. Failing to satisfy users runs the risk of users purchasing their own applications, which often leads to paying more for systems that are difficult to maintain and integrate with the rest of the portfolio. 256 Patterns Appropriation Material Balance of Power . Properties of (Valuable Examples of Drift of Structures . Technologies Resources) Making a Habitus: e Legacy e Economic EduSucceed: Truce a) Central IT: systems capital: - Request increase use (central IT a) developing tracking of portfolio portfolio) IT- local and log b) Local IT: easily central units; - Accounting enable users circumvented b) budgets- application to provide e Flexible and autonomous S accurate adaptable e Cultural EduExcel: information . Data capital: - Course to external portability declaring checking clients- to . Shadow information to application be . systems can b6 ‘ Payroll legitlmate be swapped authoritative- - Accounting 0) Local with central local units applications functions: systems distrust of easily- low Central data switching costs C0- Habitus: Innovative IT 0 Social capital : EduSucceed: creating a) Central IT: Flexible and a) lntemal - Scholarship Portfolio- maintain a adaptable reputation- matching in-Use stable, . No legacy local IT system relatively systems, but department - Leaming unchanging shadow keeping up with manageme portfolio systems IT demands of nt system b) Local IT: integrate employees and - Document improve central and students collaborati users’ local b) External on pI'OdUCtIVIty applications- reputati Ol'l- ' HR become local units dashboard embedded- a suPport other necessary units on their bridge- own servers high without switching charging them costs Table 11: Categories of Drift 257 Table 11 (cont’d) Going it Habitus: 0 Legacy 0 Economic EduSucceed: Alone at) Central IT: systems capital: - Electronic demonstrate (central IT a) developing time clock authority portfolio) IT- local and - Course b) Local IT: easily central units; checking meet circumvented b) financial- application requests 0f 0 Highly- autonomous - E-mail and local users customized budgets calendaring 0 Relatively 0 Cultural expensive and capital: logic difficult to underlying the move to IT systems central 0 Social capital: systems- high local IT’s switching reputation costs within its unit Since their budgets are independent of the Central IT unit, local IT units may or may not approach it when faced with the need to implement a new functionality. If they are aware that Central IT has a system with a similar feature, they may request it. However, if it is a new product or innovative functionality, they will go ahead by themselves. This is because they are aware of Central IT’s reluctance to introduce new technology, as well as the slow speed at which it does so. The latter is understandable, given that it has to work with all of the units on campus to implement something. Moreover, if the central systems that are currently being used can be easily circumvented, it is more likely that local IT departments will acquire their own systems. Central IT’s response to a request from a local IT department depends on a few factors. For example: has the local department been cooperative in the past? how likely is it that the local department will install a shadow system, given its budget and IT skills? 258 ll will this shadow system duplicate the existing functionalities of a system being managed by Central IT? what is the possibility of this system being used by more than one unit in the future? is the information provided by this new system required for internal consumption or for external parties? Besides these questions, Central IT also needs to assert its authority as the low—cost provider of essential, common systems for the organization. Thus, it has to ensure that its IT systems are being used by the local units to avoid inquiries over its budget and IT management skills. Central IT’s replies to these and other questions leads to different trajectories being followed when a request for a new feature/system appears. Figure 19 summarizes these trajectories, and how the habitus of the different agents, the type of capital they possess, and the material features of the technology under consideration lead to different types of drift taking place. For example, the “Making a Truce” trajectory occurs when the local IT department possesses more of a different type of capital (cultural capital) than Central IT. This provides the local IT department with the ability to authoritatively decide which system should be used to meet its users’ needs. However, since similar functionalities are available in the central systems, Central IT negotiates with the local IT department to come to an agreement on what system will be used. This decision can be reversed in the future, because the shadow systems that are implemented are flexible and their data is easily portable. Different concepts influence which trajectory transpires in each context. In the second trajectory, “Co-creating the Portfolio-in-Use”, the material attributes of the technology are more influential. Here, this trajectory comes into play when the technology in question is innovative, as that attribute determines Central IT’s level of 259 involvement and the efficiency impacts of the technology on users. lmportantly, the innovativeness of the technology also has an effect on the local IT department’s reputation. The third trajectory, “Going it Alone”, also highlights the importance of taking into account a technology’s material attributes when looking at its potential for drift. Although it is similar to the first trajectory in that the central systems can be easily circumvented, the difference between the two trajectories is in the level of customization involved in implementing it. The “going it alone” trajectory usually ends up with systems that are costly and difficult to move to the central portfolio because they are very customized. This outcome further strengthens the divide between the local and Central IT units that influenced the choice of this trajectory. Compared to the second trajectory, the shadow systems are strongly embedded in that case because they act as a bridge between existing systems, and are thus a valuable supplement. When a local unit “goes it alone”, the system it creates usually duplicates or is very similar to a pre-existing system. Thus, it is not adding much value to the overall portfolio. However, since it is heavily customized, removing it becomes a challenge, and the system itself becomes an object over which the different agents struggle to impose their authority. Process Theory of Portfolio Drift The preceding section has shown that portfolio drift is not simply a linear causal process, but must be understood holistically. Process theories are useful for examining such phenomena. They are relevant here because portfolio drift is not a sequence of events or states that can be produced by manipulating certain causes; instead, the 260 outcomes depend on a number of conditions that are necessary but not sufficient for the outcome to occur (Markus & Robey, 1988). In other words, even if the conditions are present, the theorized outcome may not occur. The different outcomes are also viewed as being qualitatively different, not just different degrees of one particular dimension. Finally, process theories are useful because they retain empirical fidelity, while allowing some measure of generalizability. This enables the creation of predictive, testable theories, without having to decontextualize social phenomena. Figure 20 illustrates a model of a process theory of portfolio drift. It is depicted as a decision tree, and the end-points consist of the three different types of portfolio drift and a decision not to drift (i.e. to use the centrally-provided, official system). The theory starts with the tension between the local and central IT units, based on the differences in their dispositions over the IS portfolio. While central IT wants to preserve its authority as the agent with the ability to define the IS portfolio, the local IT unit is focused on meeting the needs of its users, which may involve changing the portfolio. The first condition that affects the resolution of this tension is the level of switching costs: how painful is it for the local unit to stop using the centrally-provided system and switch to a new one it acquires or develops itself? The subsequent decisions depend on the types of resources the agents possess, and the relative amount of each type of resource. If switching costs are low, but central IT possesses more economic capital than local IT, the theorized outcome is for the local unit to keep using the official systems. The same result is predicted if switching costs are high and social capital is irrelevant in that context. If both economic and cultural capital are relevant when switching costs are low, local IT should negotiate a truce with central IT. 261 This is because, while the local unit may possess the necessary cultural capital to decide whether the data or the logic of the system are appropriate, the central unit may be able to develop a better system because of its economic capital, in terms of its development experience. When switching costs are high, the local unit can deploy its cultural and social capital to overcome this barrier. For example, it may draw on its social network to share the development costs, so that the switching costs are less of a burden. Alternatively, developing a costly system may be worth it if the local unit enhances its reputation with its clients and/or its peers. The drift of an IS portfolio lead to a variety of consequences for the different parties who have a stake in it. Users, for whom drift of any of the three kinds is equivalent to their requests being answered, are more satisfied with the systems they use for their work. For example, the staff of the student services department of EduSucceed were overjoyed when the course checking report was modified to fit their requirements, because this meant they did not have to carry out any more manual workarounds. In EduExcel, the managers of the Facilities Management department were very pleased with the electronic time clock application, because it meant they could communicate better with their employees as well as increase their accountability. While drift may be beneficial for users and managers from the various functions, it often turns out to be an additional burden for IT managers. They will have to maintain systems that may not be well-integrated with the rest of their portfolio, or may not be well-understood within their organization because they are new in the market. If other units want to “piggy-back” on the new applications, IT managers will face even higher maintenance costs. For example, EduExcel’s IT manager was not pleased about maintaining the faculty research expertise 262 database or the student course checking application, because they were difficult to set up and maintain, especially the latter because of the data issues. However, he had no choice but to do so, because they were very important for his department in its dealings with its corporate clientele. Drift can affect the quality of decision-making if the data in the different systems cannot be integrated. So, for example, the International Students and Programs unit at EduExcel had to mandate the use of QuickBooks as the standard financial application because its Finance Manager was unable to consolidate his unit’s budgets without falling back on manually computing them in Excel. Finally, when drift results in software being developed to fill gaps in an organization’s portfolio, such as two databases not being linked when a report requires data from both of them, the “gap-filling” application will, by its presence, accentuate the gap and make it even more permanent. In other words, the shadow system’s raison d’étre as a workaround becomes obscured as it merges with the other legacy systems in an IT portfolio. Such developments make adaptability even more difficult, as the growth of legacy systems makes it harder to dislodge them to make way for new applications that handle multiple functions, such as ERP systems. Apart from these immediate consequences, the type of portfolio drift that occurs, or does not occur, can reinforce or weaken the volume of resources possessed by the different agents. It also affects their disposition towards the IS portfolio: will they be more inclined in the future to support changes to it or to keep it as it is? The creation of new systems has an impact on the relative switching costs of the central systems. If the new local systems can exchange data easily with the central systems, and have similar interfaces and fimctionalities, then moving to central systems will be easier in the future. 263 On the other hand, if the new systems do not have counterparts in the central portfolio, then users will find it difficult to leave them if they are asked to during rationalization projects. In turn, these changes in resources and dispositions influence future occurrences of portfolio drift. To conclude, the mechanisms that explain the different patterns observed in the data are the material features of the technologies, the different forms of capital that are drawn upon, and the dispositions of the various agents. The structures that influence the relationships between the different agents in the field are constantly created and re- created. As drift takes place, the material attributes of the artifacts that are created influence future trajectories. Moreover, the success or failure of each episode of drift in meeting the needs of a local unit’s users affects the resources the unit’s IT department can deploy in the future, as it competes with Central IT to determine which IT artifacts are legitimate. Since “practice is inseparable from temporality” (Bourdieu, 1990), it is important to keep in mind the trajectories through which drift takes place. Although the agents may operate in seemingly-static structures, these structures are patterned, emergent phenomena, existing in the midst of many sources of constraints, both social and material (Dyke, 1999; Zammuto et al, 2007). 264 Skae 239 :9 52.53% 3:3 3:36 .bactfieéxc 835$ ..Q N 33qu 38:59. .93: .80. goes. .5 3:50 ho .mgamo o_Eocoom . ‘ .5 Eco. Co .938 _m_oow . r... .80. Co 3:98 2:558. . Q e:o_< _ 9.5 a. . 0 E28383 moo 0 name as a . ._.__ Z Z. _ = 0 Q 0>9QE_ ._._ .m004 _ 9:9»? .mzcoo 2 5:25 2 £80 9:26 .9:on 8 838.8%: 3838 0255 3:053 cambmcoEoo h uoN_EBm:o->EmE m_ E233. 3oz 0:0an 22% £95.22 _ o>=m>oc5 >29: m_ E393 3oz 26:8 E .6 mm: OmGwCOE _ 8296388 >=wmo mEBw>m fiasco 3% 3:50 .6 sans .: .9550 :5. _e004 265 II II II II II II Ii III II 'i II II II Noggin N9. Encoded. firmed» c\mcc\m\e-.o USS. hrs—:5: CECE: /l—.C_r.<:.._ xii mafia A .25.... Can 8:5— 15.231 r5725: is. ..C—Cf::—.._. ,. I\ 00 x no- £85 888 Gasman—858m Onmwismaona >a§8§=q mast—360 mmmmmmomos L_J 3. 33:83:00 088 99Z 025.»— E.” Ummuoamos- awn manwonmmafiw nonwomo Do :0” orgmo 90 commomo r08. 5.“ Ummcomaos- Boo” 50%. 500% Ormsmo 30 603.28 93.08508 o 6559 C C C C C C C C C oaaozbwmcE C C C C . . . . o o 0 0:0qu C C C .2530 3:301:60 mmm "Em C O O O o o o o o o o o o o o o 0 :83 O O O O O . 2%QO mcmfigaam “Emacs 85:88 226230.,» $5-8: 2.0an - __m_oEo van t 2635 .nEm uwcozocmm->__m_oEo cam dam umEmEmmE ,/ < K ,/ K < ESQEE boooozmabm 268 At this point in time, EduExcel has a fragmented portfolio across the entire range of IT systems. It is moving towards reducing this fragmentation by introducing an ERP system which will consolidate many of the functions of the existing disparate applications. As shown by the small black circles outside the ERP box at T2, some applications will not be incorporated into the ERP system because it does not offer their functionalities. EduSucceed, on the other hand, carried out this shift about a decade ago. However, since then, it has found that a number of new applications have sprung up outside the ERP system. This is indicated by the greater number of small black circles at both the specific and infrastructure ends of the scale at time T3. Some of these are sanctioned by the Central IT department, while others are not. Over and above these new shadow systems, what is difficult to detect and may not be easily discovered is the extent to which users are working around the systems. Can the preponderance of shadow systems in a department or unit be a proxy for the extensiveness of workarounds? Or are other factors, such as the IT skill levels of employees, a better approximation? EduSucceed is currently carrying out an IT rationalization project to examine why its portfolio changed in this way, and whether and how these changes should be remedied. Though both organizations are similar in size and in the level of operational decentralization, their IS portfolios have been governed very differently. However, a constant aspect has been the persistence of drift. Comparing their governance practices will help uncover why this outcome occurred in both organizations, despite the effects of path dependency and the situational nature of IT use. 269 Governance Practices Formal governance structures Both universities have put in place a variety of formal mechanisms (Figures 22 and 23). They include: a) quarterly training and information-sharing meetings between IT personnel from across campus and Central IT; b) user liaison groups for different functional areas, such as finance and HR, which consist of individual employees who are appointed as stewards for their units; c) user interest groups on topics such as cluster computing, web administration, Apple computers, and wireless networking, for staff of the local IT units; d) town hall meetings to communicate news of major changes in IT policies and investments; and e) cross-campus IT Steering Committees. Within the local units, the formal governance practices included monthly project review meetings, regular strategic review sessions with senior management, and the hiring of faculty liaisons as intermediaries between the IT and academic departments. The sophistication of the mechanisms used in the local units depends on the unit’s size and the complexity of its operations. Compared to EduSucceed, EduExcel has fewer formal governance mechanisms that link the local and Central IT departments. This can be attributed to the lack of an enterprise system and the limited development that has taken place across these levels in the past two decades. This means that most IT 270 management activities in EduExcel, such as IT acquisition, maintenance, and performance evaluation, take place within local units. IT Commons IT St , Usually deal with (Weekly mformafi eermg middle management .--. meeting) .............. Committee- ---_-—----------------------.: E Central IT 5 : Peers 1n : a- T3 s :- ------------------------------ — - Faculty -------------------------------- 1 Meetings, liaison email surveys Moderator 7 . Local Central geers “.1 Functions Functions 0 er umts § Stewards in Prior informal user groups . . Pnor relationshlps informal Central relationships . Functional IT Figure 22: Governance Mechanisms in EduSucceed 271 IT Steering Committee (set up recently) Central IT Peers in . other units Informal Meeting of IT Managers (set up recently) Peers in , other units I I I I I I I I I I I I P I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I A ————————— Local Functions Central Functions Figure 23: Governance Mechanisms in EduExceI Informal governance structures The cases provided examples of governance as being both formally-established, with specific controls and structures, as well as informally-developed, with emergent norms and mechanisms. These informal mechanisms were ofien based on personal relationships at various levels, as shown in Figures 22 and 23. These personal relationships existed for at least two reasons: a) some users had worked in the Central functions before moving to the local units, or b) users built bonds with their peers in other units and in the Central functions while interacting during the formal meetings. Some of these informal mechanisms became more structured and formalized over time. One example is EduSucceed’s IT Commons, a weekly meeting of IT managers from the various units. These meetings, which sometimes include a liaison from Central IT, discuss topics common across units, such as new collaboration applications and email 272 management, which are not under the purview of Central IT. Their goal is to focus their investments on the parts of the IS portfolio which add value or are unique to their units, thereby reducing unnecessary costs. Some of their achievements include consolidating the number of Exchange servers, moving to a centrally-managed help-desk system, converging on a single instance of Microsoft Active Directory, and creating an email listserv of open IT positions on campus. The Commons also tries to get its members to think outside their units’ interests and consider the wider consequences of their actions. That way, for example, units would not try to save money by buying cheap PCs or network switches, because there are long-term costs that are borne by their unit and others. Another example of a mechanism that emerged over time is the Business Objects Expert User Group at EduSucceed. This off-shoot of the original, Centrally-organized Business Objects User Group caters to the needs of expert users, who found that the original group was not very useful because of the wide range of user skills. This expert user group has now created “Business Objects TV”, an online video guide to help users with simpler issues, such as opening queries and logging on to the system. Comparing IS Governance in EduSucceed and EduExceI Table 12 consolidates the findings from the ten cases. The governance practices employed in both institutions are categorized on two dimensions: i) were they formal or informal? and ii) were they directed internally (i.e. governance within the local unit) or externally (i.e. governance mechanisms that connected the local unit with Central IT, other local units, and external peers)? 273 The formal internal governance practices used in both institutions were largely similar. The major difference between the two was that the budgets and operations of the local IT units in EduExcel were more centralized compared to the IT units in EduSucceed. Despite that, the IT units in both institutions did not use any formal frameworks for managing their IT operations and assets, such as ITIL or CoBIT. While some IT managers were skeptical of their usefulness, others claimed that their departments were too small to need them. However, some of the larger units expressed interest in implementing some version of them soon. IT assets were inventoried in both institutions, with asset registers being created for software licenses and hardware. Some units used specific systems for this purpose, while others used generic spreadsheets or databases. IT projects were initiated either on the basis of requests from users or the local IT department itself. Some units in EduExcel augmented their departments by borrowing staff from Central IT, while this was not practiced in EduSucceed. This hints at a possible source of the informal relationships within EduExcel. Some of EduSucceed’s units had a more structured manner of managing their projects, with monthly review meetings and faculty liaisons. There were substantial differences between the two institutions in terms of their formal external governance practices. EduSucceed had regular town hall meetings, liaison groups for functional users, interest groups on IT operations, and joint training and information sharing between the Central and local IT departments. The institutions were similar in terms of the periodic meetings their IT managers held with their peers from across campus and from other universities. From the viewpoint of the overall university, both institutions had steering committees, although EduExcel’s was newer. 274 Finally, while EduSucceed had some measure of central IT planning, that was not observed in EduExcel. Both institutions had a substantial number of internally— and extemally-oriented informal relationships. For example, there were informal user groups and meetings of IT managers. Users willingly and frequently shared knowledge with their colleagues, and power-users sometimes initiated projects. Requests for IT development projects were made both in an ad hoc and a formal structured manner. There were also significant personal contacts between the Central and local IT departments, based on prior collaboration or shared work experience. Explaining governance from the agency theory perspective IT governance covers a variety of responsibilities. A useful categorization is provided by the COBIT framework (ITGI, 2007), which divides IT governance into four main areas: plan and organize, acquire and implement, deliver and support, and monitor and evaluate. CoBIT is widely used by IT practitioners and auditors to assess how well an organization is governing its IS portfolio. Frameworks such as CoBIT have an underlying agency theoretic perspective. They prescribe controls and mechanisms to align the incentives of users, managers and the IT function, so as to reduce information asymmetry and risky behavior by agents. CoBIT advocates that formal procedures and policies be established to: 1. Determine the organization’s technological direction and information architecture, 2. Acquire and maintain IT resources, 3. Manage service levels, and 275 4. Monitor compliance, internal controls and performance. The formal governance structures observed in the organizations are based on a certain set of assumptions. First, they share CoBIT’s agency theory worldview, which implies a divide between principals and agents. The formal mechanisms rely on the capacity of the Central IT unit to create and enforce guidelines and standards, and invest in IT infrastructure, including common applications, such as the ERP system. The role of the local units is to offer information and implement these decisions. Central IT’s organization of the structured meetings in EduSucceed reminds the local units that Central IT possesses a substantial amount of economic capital (such as funding for IT investments, IT human resources, and bargaining power with vendors) and is willing to use these resources as an incentive for the local units to align themselves with its plans. In addition, these mechanisms purportedly help Central IT reduce its information asymmetry, as it finds out what the local units are planning when it interacts with them. However, this depends on the local units being willing to disclose this information. The situation is similar in the local units. The local IT departments use their resources to enforce compliance with their policies. For example, when the departments within their unit make their annual budget requests, the dean’s office asks the IT managers to approve the IT portions. When a department is unwilling to cooperate on some policy and the IT department needs them to do so, it brings in the “Dean’s office muscle”. Second, according to this worldview, responsibility for the IT portfolio and various IT management roles can be clearly defined and segregated. A corollary . assumption is that change in the portfolio can be planned and managed by the central or 276 local IT units. In the two organizations studied, there is, formally, fairly clear agreement on which parts of the organizational IT portfolio are handled by Central IT (e-mail, ERP, reporting tools, instructional IT, networks) and local IT (personal computing support, research computing, security, classroom IT, local servers, and local applications). Changes in the portfolio are managed by channeling them through mechanisms such as user groups. An extension of the clear segregation of responsibilities is that the four goals of CoBIT are understood to be achieved in a particular sequence. Specifically, Central IT selects the appropriate architecture and IT strategy, and then asks users what their requirements are. It then acquires the IT resources (hardware, applications, or human resources) needed to meet those requirements. Over time, it assesses how well these resources are performing by regularly meeting users, and addresses shortcomings as they come up. These processes are carried out regularly and repeatedly. Fundamentally, therefore, the agency view of governance is of a two-player game with a single currency that defines the rules and is used to maintain order. This “currency” is the economic capital, which is seen as the key differentiator between those who are governed (agents, such as the local units here) and those who govern (principals, such as Central IT). These economic resources are used to attain known aims, such as business-IT alignment, via visible mechanisms, such as the committees and groups mentioned above. These mechanisms and aims are determined by the principals, who interact with the agents in pre-defined formats, such as user groups and steering committees. The users have a limited impact on any decisions made on the object of interest, i.e. the IT portfolio, which is understood to be mainly determined externally and managed by the IT department. 277 This is at odds with what the analysis of drift uncovered in the previous chapter. Each of the pathways through which drift took place was one possible result of the interaction of organizational preferences and resources, and the material attributes of the technology of concern. If drift is the unavoidable consequence of these factors, and is an emergent outcome, then agency theory has limited utility for describing and explaining IS governance as it occurs in organizations. While an organization that governs its IT assets on the basis of agency theory may be an ideal state to aim for, the lack of detail on the process through which it can be attained makes agency theory less useful as a guide for managing IT assets. Although agency theory claims that control mechanisms, such as monitoring, are necessary for becoming well-governed, it does not describe how their efficacy depends on the context in which they are used. Thus, it is difficult to ascertain if weakly-govemed organizations are in that state because controls have not been well- implemented, or because of other overriding factors, such as institutional norms. The next section describes some of the governance mechanisms that were found to exist outside the formal structure. Explaining governance from the practice perspective The informal mechanisms that emerged were as pervasive as the formal governance structures. These mechanisms could be found at various levels of the organizations. Thus, business-IT alignment did not take place in a totalizing manner at the upper levels of the organizational hierarchy. Instead, the agents at the various levels utilized their competence as participants to steer the portfolio-in-use (i.e. align it with their interests). 278 Uncovering the informal mechanisms highlights the challenges faced when the agency-based view is applied to organizations: it does not account for a) the embeddedness of economic activity in social networks (Granovetter, 1985); and b) changes in relationships, goals and power across time. Considering these issues in the context of governance requires a practice perspective, since practices are historically situated, emergent, and recurrent. From the practice viewpoint, governance is less a framework for allocating decision rights, and more like a competition between players, who seek to differentiate themselves by deploying different types of capital, while being constrained by their dispositions or preferences. Thus, the governance structure we observe in an organization is not a fixed artifact, but one instantiation of the different trajectories that are possible, given the distribution of power across agents and their preferences. Differences in Dispositions and Types of Capital The field of IT management in EduSucceed comprises various participants: local and Central IT, and local and Central functional departments. These participants have different dispositions towards information technology. Central IT is focused on reducing redundancy so that it is more efficient with its IT investments. The local IT units report to the management of their units, and thus emphasize the needs of their local functions. These local functions essentially want to carry out their tasks, whether they are preparing financial reports, registering students, or hiring faculty, as accurately and as effectively as possible. In addition, the local IT units are also keen on introducing innovations to achieve these goals. Finally, the Central functions need Central IT to provide systems that 279 meet their needs, which are often different from the needs of the local functions. For example, local functions usually require data at a greater level of detail than Central functions, which means that they need more fields in the systems they use and the ability to “roll up” or aggregate fields easily. The differences in the dispositions of the participants are matched by differences in the types and volume of capital they possess. While Central IT may have substantial economic resources, it lacks the credibility that the local IT departments have with their senior management. This is because the local IT departments respond quickly to help achieve local goals, and they accomplish this with resources provided by the management of their local units, not Central IT. This is replicated in the large local units- the IT departments in these units struggle to obtain support from the IT staff of the various sub- units. These informal relationships and the networks formed through them are a source of social capital for the local fimctional and IT departments. The information they receive from their peers in other units, departments and universities is used to obtain guidance on IT investments. These relationships are also used to develop coalitions to pressure Central IT to meet shared requirements. Finally, local units use their informal relationships with Central IT employees to accelerate the fulfillment of their software development requests, by offering “quid pro quo” arrangements. Large local units, which have substantial economic resources of their own, such as budgets and IT staff, can avoid joining these groupings because they can either make their own demands on Central IT, or develop or purchase their own applications. Central IT attempts to gain some of this social capital and the information that accrues from it by establishing the user interest and 280 liaison groups. Thus, the IT governance structure that is observed in this organization is a “historically contingent necessity, not transcendental order” (p. 198: Dyke, 1999). However, this strategy does not offset the economic capital possessed by the large local units, whose IT departments continue to develop their own applications. Thus, the source of much of the drift in EduSucceed’s portfolio is not addressed by the current governance mechanisms. These mechanisms are more useful for controlling the actions of the smaller units, who are already close followers of the organization’s IT portfolio, since their budgets do not allow them much leeway for developing their own applications. The local IT departments possess cultural capital, in terms of the knowledge of the objectives of their units, and social capital, in terms of their links with their functional departments. This encourages the alignment of the local IT portfolio with the local units’ goals. This alignment is carried out by the local IT departments acting as intermediaries between the local fimctional departments and Central IT. First, they aggregate the requirements of their users and submit a consolidated report to Central IT. In this way, they mediate the information flow between the two parties. Second, when their users are frustrated in their dealings with Central functions, they intervene to moderate the intensity of the interaction or to prevent the situation from worsening. For example, when Central IT could not deliver the student course checking application the College of Engineering wanted, the college’s IT director developed a solution that satisfied both parties. However, alignment at this level may not indicate alignment at a higher level. For example, the College of Engineering’s student course checking application is not 281 replicable in other units, because of differences in the underlying logic. This again leads to fragmentation, as represented by the small black circles at T3 in Figure 17. The lack of higher-level alignment is indicated by EduSucceed’s current IT rationalization exercise. This exercise is an attempt by Central IT to overcome its lack of cultural capital by communicating its own goals to local units, in the hope that they will accept them, thus usurping local objectives. Egctices in the Field EduSucceed’s Central IT unit has developed a set of practices to reduce the number of shadow systems. These include: 1) Standardizing the data elements in central databases: once they are in a consistent format, users can: a.) develop applications based on their unique business logic b.) adopt the standard data and, based on the fields provided, define more fields as required. In this way, local units do not need to create shadow databases. 2) Using compliance “carrots”: units that use Central IT’s services (e. g. file storage) will be in compliance with various federal policies, such as HIPAA and FERPA. There is no mandate, and units can run their own services if they want to, but they would then have to handle compliance issues by themselves, which are burdensome. 3) “Canning”: customizing objects, such as reports or complex queries, developed by one unit, so that they can be used by other units. 282 These practices by Central IT involve instances where its economic capital is recognized as legitimate by the local units, since these practices resolve some of the constraints they face. Thus, here, Central IT uses its resources to reproduce its norms, and construct the world according to its vision. The same intent can be seen in the actions of the IT managers in the large local units. For example, one college enforced the use of a standard image on all PCs to enforce the rules that users should store data in shared folders, not on personal desktops, and that hard disks should be encrypted to reduce the risks fi'om lost laptops. In other instances, Central IT’s resources do not have symbolic value, and other forms of capital held by the local units are recognized as being more important. Many interviewees mentioned that, while there should be fewer shadow systems, reducing them should not be equated with preventing the local units from introducing innovations. They felt that Central was less in touch with new developments, and that instead of preventing local IT departments from implementing new technologies, it should develop a mechanism for taking over innovations that were widely used across campus but managed by a local unit, such as Microsoft SharePoint and Microsoft Live Meeting. One reason a local IT department would allow its resources to be used to serve users from outside its unit is that this practice focuses attention on the symbolic benefits that accrue to it. These include extra clout in its negotiations with Central IT about replacing local applications with centrally-offered software, which may translate into getting more of its requests fulfilled. Second, supporting other units may encourage reciprocal behavior from other local IT units. This allows more innovations to be tried out without the risks of trialing multiple innovations falling on any one particular unit. 283 Many of the informal practices listed in Table 12 pertain to the development of new systems. Local units and sub-units are willing in both EduSucceed and EduExcel to develop their own systems, if and when their needs are not met by the centrally-provided IT portfolio. This is shown by the various instances of drifi. In EduExcel, Central IT attempts to manage this to some extent by suggesting to its units new applications they might be interested in. The combination of “power users”, personal contacts with developers in the IT department, and a tolerance of ad hoc development requests leads to a context that is quite distinct with the COBIT-like scenario presented by the formal governance structures. In contrast to the agency theoretic perspective which assumed that changes to IT portfolios were managed by the central or local IT units, the practice perspective, as represented by these informal practices, endorses attempts by agents to subvert the logic represented by organizational rules. This raises to the forefront a core argument of Bourdieu’s that “social agents are not ‘particles ’ that are mechanically pushed and pulled about by external forces. They are, rather, bearers of capital, and... orient themselves either toward the preservation of the distribution of capital or toward the subversion of the distribution” (p. 108-9: Bourdieu & Wacquant, 1992, emphasis in original). Hence, users share knowledge with their peers within and without their units, and create informal user groups to learn about alternatives to centrally-offered systems, or to develop coalitions to pressure Central IT. 284 Explaining governance from the materiality perspective From a materiality perspective, the formal structures in EduSucceed were created when the ERP system was implemented. They mirror the modules of the ERP system that are in use- business and finance, human resources, and student services. In one sense, therefore, these structures are an example of the salience of the material aspects of the ERP system. The structure of the ERP system manifests itself in the IT governance structure of EduExcel. Since the ERP system is the largest system being managed by EduSucceed’s Central IT department, the governance structure for the ERP system has become the natural way of organizing its IT governance for other parts of its portfolio. This can be a problem when technologies that do not share the same material attributes of ERP, such as collaborative applications, become widely used. For example, ERP systems require a stable environment so that transactions can be carried out smoothly. Governance structures supporting ERP systems stress the need to minimize changes, implying that employees’ agency is constrained by such structures. In contrast, systems designed for collaboration require less constraints, so that users can manipulate and modify objects easily. A second example is the centralizing tendency of ERP applications. The databases for ERP applications, since they perform transaction handling and data management for organizations, are usually centrally controlled. In addition, their structures are often determined such that they meet the needs of the Central functional departments. This may be in conflict with other applications that are local units want to modify, such as the electronic time clock application. 285 Another governance mechanism that can be traced to a materiality issue is the predilection of the local units in both institutions for developing their own shadow systems. This tendency can be traced to the inability of the central systems to provide the functionalities the local units required. A major cause of this shortcoming was the structure of the databases. Many of the key central databases had fewer fields than were required by the local units. This constrained their ability to use the central systems for their work, and drove them to create shadow systems, with some even hiring their own IT staff to do so. For example, the Central Finance unit in EduExcel was not aware of how crucial the request by local HR units for more fields in the database was. This was because of two reasons: a) Central Finance was able to obtain the information it needed from the systems, and b) when it asked for data from the local units, they provided it. The latter act meant that the workarounds and shadow systems at the local level were hidden and not apparent to the Central units. Since Central Finance was oblivious to the needs of the local units, it did not seriously consider the case for a new finance system. EduSucceed’s local units faced a similar issue. They needed more fields in the ERP system so that they could track additional attributes of their sub-units, such as codes for projects and grants. The Central Finance unit had deemed it administratively costly to maintain these codes. So, to overcome the deficiency, the local units created various spreadsheets and databases to reconcile the codes they used in their accounting books with those used in the central system. Thus, in these examples, the material features of the database interacted with the agents’ interpretation of their roles (i.e. providing the data to the Central units was of paramount importance) to influence how the software they used was provided. 286 Trends in IT hardware influenced some governance policies. For example, increased data portability in the form of USB thumb drives and laptops meant that the local units had to put in place data encryption rules. Decreases in data storage costs helped convince the Central IT unit in EduExcel to add more fields to the database. EduSucceed’s informal grouping of IT managers was initially set up to prevent the tragedy of the commons from occurring in the context of networking hardware. By coming up with common standards and a shared cost structure, they avoided a situation where each unit bought the cheapest equipment without any concern for quality. The reporting applications used in each university present an interesting comparison. EduExcel’s reporting software was fairly basic- easy to use but with limited functionality. This encouraged users to create reports in their own spreadsheets and databases. EduSucceed, on the other hand, had a fairly sophisticated application. However, when coupled with the wide range of IT skills among its users, this meant that the business reporting user group was not very effective in helping its members. Some frustrated expert members broke off and formed their own group, and they are now helping to create training programs for the less savvy users. In this case, the material attributes of the application interacted with the characteristics of the users to create a new governance mechanism. Comparing Perspectives The major difference between the two organizations is that EduExcel is in the midst of implementing an ERP package now, while EduSucceed did that a decade ago. Figure 21 at the beginning of this chapter is an abstract depiction of the differences in the 287 IS portfolios of the two organizations. These differences led to an expectation that there would be differences in how their IS portfolios were governed. This expectation was borne out in the formal structures that were observed: EduSucceed had more of such mechanisms compared to EduExcel (Table 12). Thus, from an agency theoretic point of view, EduExcel appeared to be less centrally controlled than EduSucceed. However, the persistence of drift in both organizations indicated that there were some underlying similarities in the processes used to manage IT, even though it seemed like they should be different. The interviews revealed that a rich set of relationships and mechanisms lay under the surface in each organization. These were mostly initiated by local users or the local IT department. Some of these were based on personal relationships that began during the various formal governance meetings. Thus, even in a context where stronger centralized control might be expected, the data revealed a multi-lateral game. Instead of a central principal dominating subordinate agents with its economic resources, many agents were using a variety of resources (different “currencies”) to negotiate the type of IT systems they could use. Moreover, rather than the IT portfolio being an external, fairly static object which agents accessed for their daily work, it was a domain being contested by users and managers from different functions and at different levels. The analysis presented here indicates that the practice view of IS governance is more adequate descriptively than the predominant agency theoretic view. Beyond that, would adopting the former viewpoint lead to improved outcomes, in some circumstances at least? In other words, if organizations governed their IT portfolios by using the agency theoretic view, would they be losing out somehow? 288 Adopting the practice perspective means accepting that formal structures, organizational mandates, and auditable checklists have limited benefit in understanding how well an organization is managing its IT assets. A necessary corollary of this decision is that it makes managers more sensitive to detecting the underlying mechanisms in their organizations, and to investigate their impact on the organization, as well as how they interact with the formal structures. Assuming that these underlying mechanisms are more effective at some purpose, since they would not have existed if they were not, uncovering them allows an organization to assess who is involved in them and what their rationales are for doing so. In this manner, IT managers will be able to detect possible flaws in their formal structures and unearth better explanations for problems they have faced during IT projects. This exercise will be critical in designing more effective mechanisms in the future. Thus, the practice perspective is beneficial to an organization because it forces a self-reflexive posture. Instead of seeking new ways of imposing increasing numbers of external structures on its employees when faced with IT-related problems, such as fragmented portfolios or never-ending projects, an organization that views circumstances with a practice lens will, hopefully, be able to discover the dispositions of the various parties it deals with, the histories of their interactions, and the impact the IT they are using has had on their IT governance practices. 289 numuuaviurfl ac -ex%=u% 5 Efl=e¥82 853.88% 5%.? temaeuteuaeb ..N~ 28> couoflmuam 380$ 08% 808»: m 8 >323on >282 . oZ 8 V 8 mcswfiaméflwwfiwwfi 888 802 o mmcnooa 806.0 8 . . a 1.5 R A .2 3580 >632 88m 80on m: b 53 . has: . .u o 8> 88888 50m 50m .5 _82 8 808 >n M Z r: :o 858w 5235 “83 83.6 ”388635 ,5 w: m oz 8 > 828:3 .85on :08»: numb 8 V 8 w b08252 .5 W n n B u oz 8 > amazon”: :8 :38. 02 02 8103088 n W m d 855828 850 98 89:8 98: :8 8 3892 W 8 > 8 > . . . 28m 28m 1. 808m 80¢ 88m 802 88% 80888 .E m 882888 888888 02 oEow 882m .5 3380 Snow “on >382 .wfim .5 882888 8835808 985 8 > 8 > 82588 manoflm .3 >382 >382 38 ~82 E 883 r: Nmux%§% he8§h§% ~8x%§% humousm:u% 35352 72:85 8938.:— mo 88..— 290 $35 8 .5 3o: 38me 33380 02 $8.85 8838 8 .38: >23 98338 Hmowwsm £08 -838 o 8: 3m >23 28 :5 68.833 .5 383cm; -8: 08 033 883 o Fm Ewe—HOD 333 303:8 £230 8% Ecofiom 8:80 8% 8m: 38:85 3838.3 8 83-31% 8230 $35 382 8% 33323 832305— 253 $83 $888 32385 a. 83-2% 3888389 8% 8388 8% .mbwfiafi .5 8% 3.303 3.350 b 8% 883m>m :30 @2260 38x33 3883M:3% 393.33% 32283— 388:.w8% 32:8:— [3111mm] saoyoud oounmaAofi Jo adfil 8938.:— 8 881— %:Eau» NN 83:5 291 CHAPTER 8: DISCUSSION AND CONCLUSION In the past, the C10 ’s role has been deciding what services and what software he is going to make available to the users of his network As users source more of what they use from the Internet, they will use applications more on an as-needed basis. The CIO’s role must be to find what they need on the Internet and create security systems to be sure the corporation is not compromised. E-mail is increasingly done on BlackBerrys... and in airports.... That ’s just the first manifestation to individuals choosing to use one platform versus another and it’s very hard to stop. (Clayton Christensen, interviewed in Nash, 2009) In a report released by IDC in September 2009, some 20 percent of business users said Google Docs is in widespread use at their companies-- up fiom less than 6 percent 18 months earlier. IDC expects this figure to reach 27 percent this year... IDC found that (Microsoft) Office is widely used in 97 percent of companies surveyed most companies use Google Docs to complement Office. (Fitzgerald, 2010) 292 This chapter begins with a discussion of the theoretical contributions of the study, where I elaborate on the study’s initial conceptual framework and the findings from the case studies to propose a conceptualization of IS portfolio drift as a dynamic process of interaction between practices, resources, and materiality. The chapter then continues by listing some of the study’s limitations. This is followed with some managerial implications of the study, further research opportunities in this domain, and some concluding points. Theoretical Contributions Portfolio Change as a Continuous Process This study’s first research question was: why and how does portfolio drift occur? The data showed that IS portfolios drified even when they contained applications that have a strong centralizing tendency, such as ERP systems. Therefore, the first contribution of this study is that portfolio drift is likely to be a common occurrence. IS portfolios are dynamic and constantly in flux because they are contested spaces for legitimacy and other resources. There are many deep and long-running interactions between the material attributes of the IT assets in a portfolio and the resources and preferences of users and managers from the IT and functional departments. The various agents have distinct preferences for the functionalities and interfaces they desire and need, and use different forms of capital to influence which applications are allowed to enter the portfolio. 293 The trajectory of these interactions is affected by the type of resource that is considered to be symbolically powerful in a certain context, as well as the particular inclinations of the agents involved in that context. Sometimes, these interactions can result in productive collaboration, while at other times, they are better understood as a lack of interaction. Over time, as the portfolio expands and contracts as a result of these practices, the preferences of the agents and the resources they can deploy also change. According to this view, organizational adoption of IT should not be seen as a one- off occurrence, but as a link in a long chain of continuous interactions between individuals in the IT and functional departments, and the central and local units. Decisions are made with a view to the future, as well as the past. Power is distributed, and what counts as powerful and how it is distributed changes over time. For example, when a experienced EduExcel manager participates in the planning for an ERP system, she has more credibility within her organization when she argues that the legacy systems should not be dropped when the ERP system starts operating. EduSucceed managers offering their departments as sites for trialing new systems gain by being first in line when they need to change some feature of their systems. Thus, IS portfolios follow a logic more akin to dialectics than the teleology assumed in standard IT management descriptions (Van de Ven and Poole, 1995), where organizations move fi'om a collection of disparate systems, to some form of enterprise application integration with middleware, and then the use of an integrated ERP system. Unlike this steady progress in one direction, portfolios may be moving in either direction — toward more or less control —- and may also be changing direction over time. This was exemplified in this study by the example of EduSucceed, which moved from a diverse set 294 of applications to an ERP system and is now working on reducing the diversity which has re-appeared. It is worth noting that the pace and direction of change depends on one’s vantage point: from certain points in the organization, the applications used to carry out one’s tasks may seem to stay constant, while employees elsewhere may be facing more frequent changes in the applications they use. This could be due to many factors, such as a higher level of IT skills enabling more self-directed IT development, or a culture of subversion in some departments encouraging tacit disobedience of organizational policies. These factors are examples of possible individual and organizational dispositions and resources. The view of portfolio drift mentioned in Chapter 2 as the gap between the expected and observed portfolios is problematic. While it is a useful abstract metaphor, the frequent modifications in organizational IS portfolios, even just those which are publicly acknowledged and recognized as being outside the officially-mandated portfolio, makes it difficult to imagine if it is possible to describe what an expected IS portfolio would be. With the growth in Web 2.0 applications, it is possible that “invisible drift” will become more important in the future. This issue is further elaborated in the “Limitations” Section. The Sociomaterial Practice of IS Governance The second research question asked: what are the implications of portfolio drift for IS governance? The answer builds on the conception of IS portfolios discussed above. The data showed that IS portfolios are governed as much by informal practices as they are by formal practices. These practices were initiated by users and managers from 295 different levels in the organizations, and relied upon personal relationships, some of which were established during formal, organizationally-sanctioned interactions. This situation implies that governance should not be considered to consist only of the allocation of decision rights and the development of mechanisms to align the functional and IT departments. Thus, the second contribution of this study is that IS governance is a reflexive and creative activity, and that an organization’s members see it as such. Governance practices are influenced by the material attributes of the information technologies being governed. How governance is carried out and to what extent depends in some part on what is allowed or enabled by the artifacts being governed. Artifacts provide affordances to let people do efficiently and effectively what they want to do (Leonardi & Barley, 2008). However, their features also change the attributes of the task they are used for (Orlikowski, 2010). Keeping an existing governance structure when a new technology is introduced can lead to ambiguity if the technology’s and the governance structure’s affordances are different. For example, an organization may mandate that requests for new fields in a database be centrally approved. This is to make it easier to maintain the database and to save storage space. If a new reporting tool is introduced that allows users to extract the data, users will do so and import it into a spreadsheet, so that they can create a shadow system with the new fields they require. Reporting is now easier and faster, and there are fewer instances of data errors and no more requests for new fields in the central database. While there has been no formal breach of policy, a new system, legitimate in the eyes of one party but not in the other, has been created. Moreover, the flexibility of the spreadsheet means that the new shadow system may not even be identified as a separate 296 “system” requiring access and change controls. The interconnectedness of the IS portfolio, linking the reporting tool with the central database and the spreadsheet application, mean that changes in one component can potentially cascade into other changes. These subsequent changes can be difficult to detect when they originate, and only materialize when, for example, a major event, such as a database breach, takes place. This example provides an instance why applying the sociomateriality lens in governance research will be useful for understanding how IS portfolios, which are inherently dynamic, affect the viability of an organization’s governance framework. Integrating IS governance with centrally-unintended IS adoption (i.e. drift in an IS portfolio) brings with it the advantage of examining the interaction between users, decision-makers, and designers. Prior research on materiality, IS governance or adoption seldom considers all three parties simultaneously. This carries the risk of not identifying important influences or sources of power on the creation of an organization’s IS portfolio. Following Churchman’s logic (Churchman, 1971), studies of the interaction of agents with IT should broaden to consider how managers respond to changes in practices and how designers’ decisions influence the interaction patterns. Managers are tasked with getting work done, so there is a need to understand how they govern IT use to overcome resistance or unfaithful use, while tolerating or encouraging reinvention (Boudreau & Robey, 2005). This involves negotiating which party can decide on the legitimacy or illegitimacy of an IT asset, which means that alignment is on-going and fragile. The consequences of the dynamism of an IS portfolio can be beneficially viewed from two different metaphors: should the portfolio be managed as a Roman galley or as a collection of floating river-tubes? Roman galleys were streamlined, efficient vehicles that 297 were hierarchically organized. Changes in their operations (i.e. who rowed it when and for how long) were strictly controlled, especially since most of the rowers were slaves. River-tubes, on the other hand, are devices that float freely down a river, without any organization or structure. While floating, the occupants may enjoyably bump into other tubers, or they may float alone down to the river’s mouth. IS portfolios governed like Roman galleys may gain in terms of efficient operations and less uncertainty, but may lose in terms of the serendipitous interactions possible with a river-tubes management style. Conversely, a portfolio managed as a collection of river-tubes may be innovative and the users may enjoy the journey of experimentation, but may end up being costlier and more difficult to maintain, since the lack of control leaves open the possibility of unwanted accidents. The choice between the two approaches depends largely on the organization’s context, strategy, and its members’ aversion to uncertainty. Returning to the well-known exploration/exploitation perspective (March, 1991), the galley approach emphasizes short-term stability and static efficiency (since galleys performed very well in their role as fast fighting vehicles), and the river-tube management style is closer to exploration, as its redundancy helps achieve long-term reliability in the face of environmental perturbation (F arjoun, 2010). Managerial Implications ls Drift Good or Bad for Organizations? One of the key consequences of portfolio drift is portfolio fragmentation. This refers to an IS portfolio that is populated with a variety of applications that are not 298 coherently integrated or harmonized to remove redundant capabilities. A fragmented portfolio leads to higher maintenance costs, as additional resources have to be allocated to support the various different applications. Streamlining a portfolio by removing redundant or duplicate applications would lead to savings in license fees, as well as the skilled manpower that was devoted to supporting those applications. Fragmentation also promotes a limited “view” of business activities (McAfee, 2004). Since different processes are supported by distinctly separate applications, managers will not be observing the same set of events or flows. This constriction of information reduces the quality of decision-making and creates the risk of disjointed responses to environmental changes. The second major consequence of portfolio drift is the loss of the resources spent during the search process. In terms of shadow systems, users or managers spend substantial time and money searching for the alternative systems, linking them to other organizational systems or databases, preventing secm'ity breaches, and so on. If workarounds are relied on, significant time is spent on learning how to carry them out, training others in the same task, and keeping “cheat-sheets” updated. Associated with this loss of resources is the “wasted” IT expenditure implied by these workarounds and shadow systems. The unused investment represented by the systems in the official portfolio that are not used or under-used may add up to a significant amount. Finally, portfolio drift may lead to a misalignment between the business and IS strategies. While business-IS alignment is a key driver of an organization’s IT investment decisions, the presence of IT investments driven by local or individual requirements may dampen organizational-level performance. This is because these alternative investments 299 may prevent the organization from maximizing on the organization-level dimensions it has selected. When drift occurs, attaining business-IT alignment becomes more difficult for at least three reasons: a) IT managers may not be aware of the IT assets users have adopted to carry out their tasks; b) existing IT assets may not be performing their assigned roles, because of political machinations or changes in requirements during implementation; or c) business managers may be making decisions based on their IT systems’ past performance, without realizing that this may have either declined or improved. However, at the same time, portfolio drift can have some positive outcomes. Shadow systems can act as checks on central/official systems, and as back-ups if the central/official systems do not work as expected. This is especially useful early on in an application’s tenure in an organization. Once it is established for some time, then hopefully any problems should have been addressed. However, the challenge here is knowing when is the “tipping point”- in other words, when is a system safe enough to be relied upon fully? This is especially difficult to answer when IT systems are becoming even more important for an organization’s day-to-day operations. Shadow systems can help overcome the perennial business-IT communication gap (Basselier, Benbasat & Reich, 2003; Reich & Benbasat, 2000). They are useful because they can be used as signposts for the IT department to indicate the shortcomings of the current systems and employees’ preferences for future systems. It is often difficult for users to specify their requirements in advance, or be aware of different ways of doing their job because they may not be familiar with newer technologies (Browne & Ramesh, 2002). Shadow systems address this problem because they may act as prototypes of 300 future officially-mandated systems. Instead of the organization having to take a risk by purchasing and installing an expensive new system, the sub-units could implement smaller applications within the boundaries of their sub-units to see how users react and what the performance changes are. In a sense, operating a shadow system will be similar to running a controlled experiment. For example, if a shadow system cuts through bureaucratic red-tape and users find that performance has improved, then the organization can work towards reducing the red-tape. From an IT manager’s perspective, since users are closer to the ground, the applications they develop are more likely to match changes in the operational environment. Thus, shadow systems are “vessels” of valuable information for IT managers, not just unwanted aberrations. Shadow systems can help spread the costs of IT development across multiple organizational units, especially for innovations, whose value may not be obvious when they are first introduced. In that way, shadow systems become an avenue for encouraging experimentation, while minimizing the costs and risks associated with it. If these systems are successful, the local units that produce them gain in terms of a higher profile in the organization, and other units benefit from their effort. In some cases, the overall organization’s reputation could be enhanced. Given this range of possible outcomes, managers have to weigh the advantages and disadvantages of limiting or encouraging drift. It may be worthwhile at some organizational levels or in some business units, but not in others, for the reasons discussed above. 301 Changes in IT Governance Various formal frameworks for IS governance have been developed in the recent past, with the most prominent being CoBIT, and their use has significantly increased. This has occurred for at least two reasons. First, the business press frequently features large IT project failures. Recent examples include the Federal Bureau of Investigation, the lntemal Revenue Service, J .Crew and Netflix (Krigsman, 2008). Although these examples are a biased measure of a phenomenon’s occurrence, as we are selecting on the dependent variable, they provide a touchstone for managers when they make IT-related decisions. This heightened public awareness has spurred interest in the use of formal checklists of best practices for IT management. Second, this trend was given a further push by the legislative requirement, contained in Section 404 of the Sarbanes-Oxley Act, that auditors have to test for the existence of material weaknesses in their clients’ internal controls. IT auditors do so by using guidelines based on COBIT and other frameworks. However, the use of such formal frameworks prevents managers from evaluating the presence of any informal relationships through which the IS portfolio is being managed. This study has shown that IS portfolios are managed with various mechanisms, both formal and informal. If the informal mechanisms are not made visible, then there may be challenges if the formal mechanisms do not lead to the expected outcomes. IT managers would be well-advised to attempt to uncover how their users and managers are organizing themselves, what sort of relationships exist, and what each agent’s interests and goals are. In addition, it is important to find out the history of these relationships and to keep track of them in the future. Such informal groupings can be powerful channels for IT managers to influence the evolution of the IT portfolio, because they can reveal the 302 invisible power structure within the organization. Such structures may end up being more effective for managers to gather information on users’ requirements or interests. Managers should also not assume that top-down frameworks are being complied with. Finally, before instituting any new governance framework, IT managers should search internally for any pre-existing processes that they can leverage on. Naturally- occurring mechanisms may be a better fit for an organization than extemally-imposed ones, since they draw on existing power structures. If IT managers are interested in upsetting these mechanisms because they have been deemed to be “inefficient”, then putting in place extemally-imposed mechanisms would require a different set of symbolic resources to be deployed to overcome existing arrangements. Limitations The study’s unit of analysis was an IS portfolio. As mentioned in Chapter 2, Ciborra (2000) has argued that “portfolio” is an inappropriate term for describing a collection of IT assets. In short, he argued that “portfolio” connotes easily separable components and low transaction costs, two characteristics that do not fit IT assets, which are often deeply-embedded in work processes and resisted by users to some extent. This study surfaced other issues with this term. First, unlike static financial portfolios, IS portfolios are generative. Users use the applications provided to them, such as spreadsheet and database applications, to develop new “tools”, either by themselves or with IT professionals. These tools are often used as replacements for or supplements to officially-mandated applications. IT enables the creation of many different types of 303 technologies-in-use because it is used in various contexts and for many different purposes (Orlikowski, 2000). Second, it is difficult to find out whether an organization’s IS portfolio is meeting its users’ needs because: a) there is a learning curve with software, so the benefits obtained change over time; and b) users sometimes find it difficult to articulate their requirements. For example, when some of EduExcel’s users were asked what features they wanted in their new ERP system, they replied: “not what we have” or “more than what we have”. Thus, the value of acquiring a particular asset is difficult to ascertain ex ante, unlike a financial asset, whose value can be assessed in terms of the net present value of the expected firture cash-flow accruing from it, or by its market price if there is a market for it. A related issue is the organizational level at which an IS portfolio is defined. A frrrn’s collection of IT assets may meet the needs of the employees at one level, but may not do so for those at a lower level, because, for example, they may need more detailed reports or more fields in the database. Thus, the portfolio may be seen to be stable at the higher level of an organization’s hierarchy, because no changes are required, while it may be more volatile at lower levels, as the employees come up with workarounds to meet their needs. This is a limitation of this study, as it was originally assumed that an IS portfolio would be fairly easy to identify, as would shadow systems and workarounds. These challenges in defining a portfolio affect how the level of drift in an organization’s IS portfolio is assessed. The use of the term “portfolio” implies that there is a fixed set of applications in an organization. However, the issues detailed above indicate that portfolios are constantly in a state of drift, and that the level of flux depends 304 on the viewpoint one starts from. This viewpoint also affects whether drift is seen as a positive or negative development; from higher up in an organization, shadow systems may be unnecessary portfolio fragmentation, leading to higher maintenance costs, while from the operational level, shadow systems are essential for getting work done. Since drift is occurring constantly, another challenge is that any assessment of the level of drift is dependent on the time at which the assessment was made. Taking a snapshot of a portfolio, or a retrospective overview, may not be indicative of the actual extent of drift, since different systems drift at different speeds. This implies that the three categories of drift described in this study are not all-encompassing. Other forms of drift are present and should be able to be perceived over different time-spans. The extent of drift that was detected could also be affected by the interviewees. Most of the employees in the organizations studied were middle-aged, and had a long tenure in the organization. It is possible that, since younger employees are more familiar with new technologies (e. g. Web 2.0), they would be more comfortable with using and creating shadow systems, and that if more of them had been interviewed, additional instances of drift could have been located. The sites for this study- two large universities- were chosen because of their expected propensity for drift. This meant that they could provide a sufficient number of examples which could be analyzed for the study. The converse of this choice is that the characteristics of large universities, namely their decentralized organizational structure, independent sub-units, and knowledge-intensive work, are fairly unique, in contrast to most other commercial organizations. They are more akin to adhocracies (Mintzberg and McHugh, 1985; Mintzberg, 1993) than bureaucracies. This structure makes members of 305 universities more inclined to develop informal procedures and relationships that cut across organizational hierarchies to get their work done. While EduSucceed was more centralized than EduExcel in terms of its IT management structure to some extent, both organizations were fairly similar in the overall level of organizational decentralization. Future research should thus consider examining the extent of drift in organizations that are differentiated both in terms of their IT management and overall structure. Thus, it would be interesting to compare the existence of portfolio drift between more and less centralized organizations. The decentralized nature of universities makes it likely that their IT governance structure is more similar to a feudal structure, following Weill’s (2004) framework. In such structures, local unit leaders and process owners have a higher level of authority than central management. This points out a concern with using the practice lens: at what level do we bound the influences of other agents? This study examined how the habitus and capital endowments of the central and local IT units interacted to impact the organization’s IT portfolio. Should future research also investigate how the habitus and capital endowments of central and local management and functions? Perhaps the level of portfolio drift is also affected by the state or country an organization operates in— should their habitus and capital endowments also be accounted for? These issues are worth exploring, as it is probable that some differences between organizations could be attributed to their existence in broader fields. Thus, future research could explore how the intersecting fields that organizations and units exist in influence the level of portfolio drift observed. While the sites for the study are both universities, the theoretical insights presented here are not limited to these specific institutions or others like them. 306 Workarounds and shadow systems have been described in research on IT adoption and resistance to new IT in various contexts (e. g. Boudreau & Robey, 2005; F emeley & Sobreprez, 2006; Soh, Sia & Tay-Yap, 2000). The influence of materiality and power on IT management and use is also well-known in the literature (Markus, 1983; J asperson et al., 2005; Leonardi & Barley, 2008). Researchers have also argued that changes in the characteristics of technology and users may lead to shifts in practices and relationships (e. g. Osterlund & Carlile, 2005; Schultze & Orlikowski, 2004; Vaast & Walsham, 2005). Future research in other organizations will help to extend the arguments developed in this paper. Although the concept of drift in IS research originated from Ciborra’s work on IS projects, it was adapted here because it encompassed many of the important elements in governance research- multiple agents, conflicting intentions, improvisation, a focus on control, and a historical perspective. Bourdieu’s version of the practice perspective was the main overarching framework for this study, and hence the results are conditioned by this particular theoretical lens. Other analytical lenses that could be reasonably applied here include organizational routines, discursive practices, and impression management. Further research is required to examine the complex interplay between the use of particular words and tactics to influence the display of multiple forms of power. This study has been agnostic about the severity of the changes. This was done to include as many possible examples of unintended changes in IS portfolios to learn more about the nature of portfolio drift. It is possible that there are differences between gradual changes and radical changes, such as severe environmental disruptions, drastic reorganizations, or technological shifts (Lyytinen & Rose, 2003), in terms of their impact 307 on IS governance. The conceptual lens used in this study proposes that agents engage in a particular form of drift based on their perceptions of the dispositions of the agents involved in a context, the resources available to these agents, and the material attributes of the technology of concern. Hence, agents will modify their practices to the extent that the severity of a change modifies these features or their salience. The time frame selected for this study is, as discussed above, a snapshot. At the point at which the research is conducted, changes that were gradual in an earlier time period may have cascaded across the IS portfolio or the organization so that they appear severe now. Conversely, radical changes occurring some time ago may be less apparent now, even though they have left their imprint on the portfolio, the network of relationships, and the resources and dispositions of the agents. Further Research The limitations listed above make it difficult to create a boundary around an organization’s IS portfolio. This has implications for research in IS governance. First, if it is difficult to describe an IS portfolio, how can we theorize about IS governance, which is predicated on knowing what is being controlled? How can we know whether specific management techniques have an effect on a portfolio if we are not sure what is in the portfolio? The ambiguous description of an IS portfolio makes it difficult to do so. Thus, researchers should carefiilly specify what they are including in their studies of IS portfolios, and how they made those decisions. Second, this quandary is beneficial in that it points out the difficulties of expecting certain management techniques to improve the value an organization can 308 obtain from its IS portfolio. This way of thinking extends from the uncertainty created by the use of the word “portfolio”. While financial assets can be easily identified and manipulated so that the entire portfolio becomes more or less valuable, the same cannot be said of IS assets. Thus, researchers should carefully describe the process or mechanisms by which they expect technique X or Y to affect IS asset Z, and not assume a vague relationship. The third and final implication is that, because of these challenges, research on IT management should incorporate broader organizational issues that affect the underlying motivations for using and managing IT. These include the existence of clan control within organizations (Ouchi, 1979; 1980), and organizational citizenship behavior (OCB) among individuals (Organ, 1988; Van Dyne, Graham & Dienesch, 1994). OCB refers to extra-role employee behavior that is above and beyond what is required. It contributes to organizational effectiveness because it increases the resources available to a frrm and reduces the need for more formal control mechanisms. This viewpoint is becoming more essential because of fimdamental changes in the corporate IT environment. Traditionally, organizations have been considered by researchers to consist of individual users or teams of users, who had little impact on choice of IT they used at work, either by their own discretionary volition or their backgrounds. These users were seen to be only software users, with only developers being able to create software. Thus, the features of each IT were given, and were appropriated by users as required. Business processes that used IT were seen as being amenable to be formally structured into computer-managed workflows. 309 The current corporate IT environment is different. After nearly three decades of IT use in organizations, employees are more IT-savvy and more experienced. There has also been a blurring of the roles of users and designers- IT is designed to be customizable by users and they thus participate in its construction (Pollock, 2005). For example, users use flexible platforms, such as spreadsheets and databases, to create applications if there is no existing application for some specific purpose. They also co-opt freely-available online tools (e.g. instant messaging and Google Docs) into their communication and collaboration practices. The greater use of web-based applications means that it is easier to circumvent controls on what applications should be used for work activities. This shift is complemented by the increasing digitization and distribution of business processes (Luckham, 2002). Finally, “artful work”, heavily reliant on knowledge and creativity, is becoming more important for organizations, and is more effective when workers are provided the freedom to choose their own tools rather than being constrained in their choice (Hill, et al., 2006). This change in the corporate IT environment has not been reflected in research on IS governance, which emphasizes contingency studies to develop frameworks and guidelines and the efficacy of internal controls. Future research should consider how governance is practiced. In addition to testing the usefulness of control checklists, researchers should study how these controls and frameworks came about and how they are used, adopted, adapted, and discarded. Recently, researchers have begun developing individual-level measures to measure the level to which an information system is adopted (Table 13). It would be worthwhile to integrate the domains of IS adoption and resistance with research on 310 workarounds and shadow systems to create a more holistic scale. This scale could then be used periodically before, during and after the installation of a new IT system to evaluate how users’ reactions to the old as well as the new systems. This data could be part of a larger project that also assessed changes in relationships, status, and culture as the project is carried out and is completed. Such a study would integrate research on IT investment decision-making, projects, adoption, acceptance, assimilation, and governance. It would be a rich source of data for surfacing patterns of drift, and for testing out the process theory presented earlier in the study. Lapointe & Rivard, 2005 Femeley & Sobreperez, Standing, Sims & Love, 2006 2009 0 Full adoption - Essential workaround ° Acquiescence 0 Neutral - Harmless workaround - Compromise ° Apathy ° Hindrance workaround - Manipulate 0 Passive resistance 0 Avoid 0 Active resistance 0 Aggressive resistance Table 13: Examples of Terms used to Describe Resistance Conclusion This dissertation contributes to the literature on IS governance by offering an alternative understanding of its core object of study: the IS portfolio. Instead of viewing it as a static, well-managed collection of assets, the IS portfolio’s dynamic nature has been placed at the center. This draws attention to the portfolio as being situated in a field of practice, and its role in structuring, as well as being structured by, agents’ actions. By adopting a practice-based perspective, this study challenges conventional notions of the roles of the various agents in determining the legitimacy of an IS portfolio’s components. It offers an explanation for the constant flux found in IS portfolios, and, given this dynamism, 311 suggests different ways of governing it. In speaking to practitioners, this research questions IT governance policies that emphasize the need for implementing detailed mechanisms without being aware of underlying social relationships and their histories, and the affordances of IT assets. 312 REFERENCES Agarwal, R. and Sarnbamurthy, V. 2002. “Principles and Models for Organizing the IT Function”, MIS Quarterly Executive, (1:1), pp. 1-16. Ahuja, MK. and Thatcher, 1B. 2005. “Moving Beyond Intentions and Toward the Theory of Trying: Effects of Work Environment and Gender on Post-adoption Information Technology Use”, MIS Quarterly, (29:3), pp. 427-459. Avgerou, C. 2001 “The Significance Of Context In Information Systems And Organizational Change”, Information Systems Journal (11:1), pp.43—63. Avison, D.E., Wood-Harper, A.T., Vidgen, R. and Wood, R. 1998. “A Further Exploration In Information Systems Development: The Evolution Of Multiview'”, Information Technology and People, (1 1:2), pp. 124-39. Azad, B. and King, N. 2008. “Enacting Computer Workaround Practices Within A Medication Dispensing System”, European Journal of Information Systems, (17), pp. 264—278. Azad, B. and King, N. 2009. “Institutional Analysis of Persistent Computer Workarounds,” Presented at the Academy of Management Annual Meeting, August 7-11, 2009, Chicago, IL. Bajaj, A., Bradley, W., Cravens, K. 2008. “SAAS: Integrating Systems Analysis with Accounting and Strategy for Ex Ante Evaluation of IS Investments”, Journal of Information Systems, (22:1), pp. 97-124 Barki, H. and Hartwick, J. 1989. “Rethinking the Concept of User Involvement”, MIS Quarterly, (13:1), pp. 53-63. Barki, H., and Hartwick, J. 1994. “Measuring User Participation, User Involvement, and User Attitude,” MIS Quarterly, (18:1), pp. 59-82. Barley, S. 1986. “ Technology as an occasion for structuring: evidence from observations of CT scanners and the social order of radiology departments”, Administrative Science Quarterly, (31), pp. 78 — 108. 313 Bassellier, G., Benbasat, I., and Reich, EH. 2003. “The Influence of Business Managers' IT Competence on Championing IT,” Information Systems Research (14:4), pp 3 17-336. Berg, M. 1997. “Of Forms, Containers, And The Electronic Medical Record: Some Tools For A Sociology Of The Formal,” Science, Technology, & Human Values, (22:4), pp. 403—33. Berg, M. 2001. “Implementing Information Systems In Health Care Organizations: Myths And Challenges,” International Journal of Medical Informatics, (64), pp. 143—56. Beaudry, A. and Pinsonneault, A. 2005. “Understanding User Responses To Information Technology: A Coping Model Of User Adaptation”, MIS Quarterly, (29:3), pp. 493-524. Behrens, S. 2009. “Shadow Systems: The Good, The Bad and The Ugly”, Communications of the ACM, (52:2), pp. 124 — 129. Bendoly, E. and Cotteleer, M. J. 2008. “Understanding Behavioral Sources Of Process Variation Following Enterprise System Deployment”, Journal of Operations Management, (26), pp. 23-44. Bharadwaj, A. S., Bharadwaj, S. G., and Konsynski, B. R., 1999. “Information Technology Effects on Firm Performance as Measured by Tobin's Q”, Management Science, (45:7), pp. 1008-1024. Boh, W. F. and Yellin, D. 2006-7. “Using Enterprise Architecture Standards in Managing Information Technology”, Journal of Management Information Systems, (23:3), pp. 163-207. Boonstra, A. 2003. “Structure And Analysis Of IS Decision-Making Processes”, European Journal of Information Systems, (12), pp. 195—209. Boudreau, M. and Robey, D. 2005. “Enacting Integrated Information Technology: A Human Agency Perspective”, Organization Science, (16:1), pp. 3-19. Bourdieu, P. 1977. Outline of a Theory of Practice, New York: Cambridge University Press. Bourdieu, P. 1990. The Logic of Practice. Stanford: Stanford University Press. Bourdieu, P. 1998. Practical Reason. R. Johnson trans. Oxford: Polity Press.. Bourdieu, P., and Wacquant, L. J. D. 1992. An Invitation to Reflexive Sociology, Chicago: University of Chicago Press. 314 Boyce, T., 2001. “Sometimes We Must Break The Rules To Maintain Behavior Change: A Response To Baer, Fleming, Malott, And Mcsween And Matthews,” Journal of Organizational Behavior Management, (21:1), pp. 103—112. Braganza, A. and Franken, A. 2007. “SOX, Compliance and Power Relationships”, Communications of the ACM, (50:9), pp. 97-102. Braverman, H. 1974. Labor and Monopoly Capital: The Degradation of Work in the Twentieth Century. New York: Monthly Review Press Bresnahan, T. F. and Trajtenberg, M. 1995. “General Purpose Technologies: 'Engines of Growth'?”, Journal of Econometrics, (65), pp. 83-108. Broadbent, M., and Weill, P. 1999. “The Implications of Information Technology Infrastructure for Business Process Redesign”, MIS Quarterly (23:2), pp. 159-182. Brown, A.E. and Grant, G.G. 2005, “Framing the Frameworks: A Review of IT Governance Research,” Communications of the Association for Information Systems, (15), pp. 696-712. Brown, C. V. 1999. “Horizontal Mechanisms under Differing IS Organization Contexts,” MIS Quarterly (23:3), pp. 421-454. Brown, C. V., and Magill, S. L. 1994. “Alignment of the IS Functions with the Enterprise - Toward a Model of Antecedents,” MIS Quarterly (18:4), pp. 371-403. Brown, C. V. and SarnbamurthyN. 1999. Re-Positioning the IT Organization to Facilitate Business Transformations, Pinnaflex Press. Callon, M. 1986. “Some Elements Of A Sociology Of Translation: Domestication Of The Scallops And The Fishermen Of Saint Brieuc Bay,” pp. 196-233 in Law, J. (ed.), Power, Action and Belief: A New Sociology of Knowledge ?, London, Routledge. Carlile, P. 2004. “Transferring, Translating and Transforming: An Integrative and Relational Approach to Sharing and Assessing Knowledge across Boundaries”, Organization Science, (15:5), pp. 555-568. Chan, Y. E. 2002. “Why Haven’t We Mastered Alignment? The Importance of the Informal Organization Structure”, MIS Quarterly Executive, (1:2), pp. 97-1122. Chatterjee, D., Richardson, V. J ., and Zmud, R. W. 2001. “Examining the Shareholder Wealth Effects of New CIO Position Announcements”, MIS Quarterly (25:1), pp. 43-70. Churchman, C. W. 1971 . The Design of Inquiring Systems, Basic Books, New York. 315 Ciborra, C. 2002. The Labyrinths of Information: Challenging the Wisdom of Systems, Oxford: Oxford University Press. Ciborra, C. and Associates. 2000. From Control to Drift: The Dynamics of Corporate Information Infiastructures, Oxford: Oxford University Press. Ciborra, C. and Hanseth, O. 2000. “Introduction” in Ciborra, C. and Associates (ed): From Control to Drift: The Dynamics of Corporate Information Infrastructures, Oxford: Oxford University Press. de Certeau, M. 1984. The Practice of Everyday Life, Berkeley, CA: University of California Press. de Haes, S. and van Grembergen, W. 2008. “Analyzing the Relationship between IT Governance and Business/IT Alignment Maturity”, Proceedings of the 41‘" Annual Hawaii International Conference on System Sciences (HICSS'08), pp. 1-10. Debreceny, R. S. 2006. “Re-Engineering IT lntemal Controls: Applying Capability Maturity Models to the Evaluation of IT Controls”, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 8, pp.l96c. Dechowa, N. and Mouritsen, J. 2005. “Enterprise Resource Planning Systems, Management Control and the Quest for Integration,” Accounting, Organizations and Society (30:7-8), pp. 691 — 733. Denison, DR. and Mishra, AK. 1995. “Toward A Theory Of Organizational Culture And Effectiveness”, Organization Science, (6:2), pp. 204-223. Dery, K., Hall, R., and Wailes, N. 2006. “ERPs as ‘Technologies-in-practice’: Social Construction, Materiality and the Role of Organisational Factors”, New T echnologr, Work and Employment, (21 :3), pp. 229-241 DeSanctis, G. and Jackson, BM. 1994. “Coordination Of Information Technology Management: Team-Based Structures And Computer-Based Communication Systems, Journal of Management Information Systems, (10:4), pp. 85-1 10. DeSanctis, G. and Poole, MS 1994. “Capturing The Complexity In Advanced Technology Use: Adaptive Structuration Theory”, Organization Science, (5:2), pp. 121- 147. Devaraj, S., and Kohli, R. 2003. “Performance Impacts Of Information Technology: Is Actual Usage The Missing Link?,” Management Science, (49), pp. 273- 289 316 Dewan, S., Michael, S. C., and Min, C. (1998). “Firm Characteristics and Investments in Information Technology: Scale and Scope Effects,” Information Systems Research (9:3), pp. 219-232. Dijksterhuis, M.S., van den Bosch, F .A.J ., and Volberda, H.W. (1999), “Where Do New Organizational Forms Come From? Management Logics as a Source of Coevolution”, Organization Science, (10:5), pp. 569-582. Dougherty, D. 1992. “Interpretive Barriers to Successful Product Innovation in Large Firms,” Organization Science, (3) pp. 179-202. Dyke, C. 1999. “Bourdieuan Dynamics: The America Middle-Class Self- Constructs,” in R Shusterman (ed.) Bourdieu: a Critical Reader, Wiley-Blackwell, pp. 192-213. Eisenhardt, K. M. 1985. “Control: Organizational and Economic Approaches,” Management Science, (31:2), pp. 134-149. Eisenhardt, K. M. 1989. “Building Theories from Case Study Research,” Academy of Management Review (14:4), pp. 532-550. El Sawy, O. 2003. “The Three Faces of IS Identity: Connection, Immersion, and Fusion”, Communications of the Association of Information Systems, (12), pp. 588—598. Elbanna, AR. 2006. “The Validity Of The Improvisation Argument In The Implementation Of Rigid Technology: The Case Of ERP Systems,” Journal of Information Technology (21), pp. 165-175. Elbanna, A.R. 2007a. “The Inertia Of ERP Projects: Diffusion Or Drift?”, in T. McMaster, D. Wastell, E. F emeley and J. DeGross (eds.), IFIP International Federation for Information Processing, Vol. 235, Organizational Dynamics of T echnology-Based Innovation: Diversijjzing the Research Agenda, Boston: Springer, pp. 253-266. Elbanna, A.R. 2007b. “Implementing An Integrated System In A Socially Dis- Integrated Enterprise: A Critical View Of ERP Enabled Integration,” Information Technology & People, (20:2), pp. 121-139. Ellingsen, G. and Monteiro, E. 2001. “Big is Beautiful: Electronic Patient Records in Large Hospitals in Norway 19803—2001,” in Proceedings of the 24’” Information Systems Research Seminar in Scandinavia (IRIS). Ellingsen, G. and Monteiro, E. 2003. “A Patchwork Planet — Integration and Cooperation in Hospitals,” Computer Supported C00perative Work (12:1), pp.71-95. Emirbayer, M., and Mische, A. 1998. “What is Agency?” American Journal of Sociology, (103), pp. 962-1023. 317 Eriksson-Zetterquist, U. Lindberg, K., and Styhre, A. 2009. “When The Good Times Are Over: Professionals Encountering New Technology”, Human Relations, (62:8), pp. 1145-1170. Farjoun, M. 2010. “Beyond Dualism: Stability and Change as a Duality”, Academy of Management Review, (35:2), pp. 202-225 Femeley, E.H. and Sobreperez, P. 2006. “Resist, Comply or Workaround? An Examination of Different Facets of User Engagement with Information Systems”, European Journal of Information Systems, (15:4), pp. 345—356. F ichman, R. 2004, “Real Options and IT Platform Adoption: Implications for Theory and Practice”, Information Systems Research (15:2), pp. 132—154. Fitzgerald, M. 2010. “Microsoft's New Office Faces the Web,” MIT Technology Review, April 12, http://www.technologvreview.com/web/25029/ (Last accessed on April 13,2010) F onstad, N. and Robertson, D. 2006. “Transforming a Company, Project by Project: The IT Engagement Model”, MIS Quarterly Executive, (5:1), pp. 1-14. Foucault, M. 1970. The order of things: An archaeology of the human sciences. London: Tavistock. Foucault, M. 1973. The Birth of the Clinic: An Archeology of Medical Perception. (A. M. Sheridan-Smith trans). London: Tavistock, 1970. Foucault, M. 1980. Power/knowledge. New York: Pantheon Books. Gallagher, K.P. and Worrell, J .L. 2008. “Organizing IT to Promote Agility”, Information Technology and Management, (9:1), pp. 71-88. Gasser, L. 1986. “The Integration of Computing and Routine Work,” ACM Transactions on Oflice Information Systems, (4:3), pp. 205—225. Gattiker, T. and Goodhue, D. 2005. “What Happens After ERP Implementation: Understanding the Impact of Interdependence and Differentiation on Plant-Level Outcomes”, MIS Quarterly, (29:3), pp. 559-585. Georgiadou, Y., Puri, SK. and Sahay, S, 2005. “Towards a potential research agenda to guide the implementation of Spatial Data Infrastructures - A case study from India”, International Journal of Geographical Information Science, (19:10), pp. 1113-30. Gerson,. E and Star, S.L. 1986. “Analyzing Due Process in the Workplace,” ACM Transactions on Oflice Information Systems, (4), pp. 25 7—270. 318 Giddens, A. 1984. The Constitution of Society: Outline of the Theory of Structuration, Berkeley, CA: University of California Press. Glaser, BG. and Strauss, A. L. 1967. The Discovery of Grounded Theory: Strategies for Qualitative Research, Transaction Publishers. Granovetter, M. S. 1985. “Economic Action and Social Structure,” American Journal of Sociology, (91 ), pp. 481-510. Gu, B., Xue, L. and Ray, G. 2008. “IT Governance and IT Investment Performance: An Empirical Analysis,” Downloaded from the Social Science Research Network, http://ssm.com/abstract=l145102. (Last accessed on October 6, 2008) Guldentops, E., Grembergen, W. V. and de Haes, S. 2002. “Control and Governance Maturity Survey: Establishing a Reference Benchmark and a Self- assessment Tool”, Information Systems Control Journal, (6), pp. 32—35. Hanseth, O. Ciborra, C. U. and Braa, K. 2001. “The Control Devolution: ERP And The Side Effects Of Globalization”, ACM SIGMIS Database, (32:4), Fall, pp: 34 - 46. Hayes, N. 2008. “Institutionalizing Change In A High-Technology Optronics Company: The Role Of Information And Communication Technologies,” Human Relations, (61:2), 243-269 Hill, C., Yates, R., Jones, C. and Kogan, S. L. 2006. “Beyond Predictable Workflows: Enhancing Productivity In Artful Business Processes, IBM Systems Journal 45(4), pp. 663. Holmstrom, J ., and Stalder, F. 2001. “Drifting Technologies And Multi-Purpose Network: The Case Of The Swedish Cashcard,” Information and Organization, (11), pp. 187-206. Howcroft, D. and Wilson, M. 2003. “Paradoxes Of Participatory Practices: The Janus Role Of The Systems Developer,” Information and Organization (13:1), pp. 1-24. Hyvonena, T., Jarvinen, J. and Pellinen, J. 2008. “A Virtual Integration-The Management Control System In A Multinational Enterprise,” Management Accounting Research (19:1), pp. 45-61 Ignatiadis, I. and Nandhakumar, J. 2007a. “The Impact Of Enterprise Systems On Organizational Resilience,” Journal of Information Technology, (22), pp. 36—43 Ignatiadis, I. and Nandhakumar, J. 2007b. “The Impact Of Enterprise Systems On Organizational Control And Drift: A Human-Machine Agency Perspective,” International Journal of Enterprise Information Systems, (3:3), pp. 36 -51. 319 Isaac, H., Leclercq, A. and Besseyre Des Horts, C.-H. 2006. “Adoption And Appropriation: Towards A New Theoretical Framework. An Exploratory Research On Mobile Technologies In French Companies,” Systémes D ’information et Management, (11:2), pp. 9-50 ISACA. 2003. “Further Material On IT Governance Maturity”, Available at http://www.isaca.org/Content/ContentGroups/InfoBytes/20032/art26.pdf. (Retrieved on 12 October, 2008.) IT Governance Institute. 2003. Board Briefing on IT Governance (2nd Edition), Available at: http://www.itgi.org/AMTemplate.cfm?Section=Board_Briefingron_IT_Governance&Te mp1ate=/ContentManagement/ContentDisplay.cfm&ContentID=3964. (Retrieved on 26 November 2008) IT Governance Institute. 2007. COBIT 4.1 Framework, Rolling Meadows, IL: IT Governance Institute. Jasperson, 'J., Carter, P. E. and Zmud, R. W. 2005. “A Comprehensive Conceptualization of the Post-Adoptive Behaviors Associated with IT-Enabled Work Systems,” MIS Quarterly, (29: 3), pp. 525-557. Jiang, J .J ., Klein, G., Hwang, H.G., Huang, J. and Hung, S.Y. 2004. “An Exploration Of The Relationship Between Software Development Process Maturity And Project Performance,” Information and Management, (41), pp. 279—288. J eyaraj, A. and Sabherwal, R. (2008). Adoption of Information Systems Irmovations by Individuals: A Study of Processes involving Contextual, Adopter, and Influencer Actions, Information and Organization, 18(3), pp. 205-234. Kallinikos, J. 2002. “Reopening The Black Box Of Technology Artifacts And Human Agency,” Proceedings of the 23'“ International Conference on Information Systems, pp. 287-294. Kearns, G. S. and Sabherwal, R. 2006-7. “Strategic Alignment Between Business and Information Technology: A Knowledge-Based View of Behaviors, Outcome, and Consequences,” Journal of Management Information Systems, (23:3), pp. 129-162. Kim, H.-W. and Kankanhalli, A. 2009. “Investigating User Resistance To Information Systems Implementation: A Status Quo Bias Perspective”, MIS Quarterly, (33:3), pp. 567-582. Kobelsky, K., Richardson, V.J., and Zmud, R.W. 2002. ”Determinants Of Budgeted Information Technology Expenditures”, Proceedings of the 23'“ International Conference on Information Systems, pp. 459-468. 320 Kohli, R. and Devaraj, S. 2004. Realizing the Business Value of Information Technology Investments: An Organizational Process, MIS Quarterly Executive (3:1), pp. 53-68. Kohli, R. and Kettinger, W.J. 2004. “Infonnating the Clan: Controlling Physicians’ Costs and Outcomes,” MIS Quarterly, (28:3), pp. 363-394. Koopman, P., and Hoffman, R. R. 2003. “Work-arounds, Make-work, and Kludges”, IEEE Intelligent Systems, (18:6), pp. 70—75. Krigsman, M. 2008. “IT Project Failures,” Available at: http://blogs.zdnet.com/projectfaiIures/?cat=4. (Retrieved on November 18, 2008.) Kraut, R., Dumais, S., and Koch, S. 1989. ,,Computerization, Productivity, and Quality of Work-Life,” Communications of the ACM (32:2), pp. 220-238. Lamb, R., and Kling, R. 2003. “Reconceptualizing Users as Social Actors in Information Systems Research,” MIS Quarterly (27:2), pp 197-235. Lapointe, L. and Rivard, S. 2005. “A Multilevel Model of Resistance to Information Technology Implementation,” MIS Quarterly, (29:3), pp. 461-491. Latour, B. 1987. Science in Action, Cambridge, MA, Harvard University Press. Latour, B. 1996. Aramis or the Love of Technology. Harvard University Press, Cambridge, MA. Law, J. 1992. “Notes on the Theory of the Actor-Network: Ordering, Strategy and Heterogeneity,” Systems Practice, (5:4), pp. 379-3 93. Lee, J ., Siau, K., and Hong, S., 2003. “Enterprise Integration with ERP and EAI”, Communications of the ACM, (46:2), pp. 54-60. Leonardi, P. 2007, “Activating the Informational Capabilities of Information Technology for Organizational Change”, Organization Science, (18:5), pp. 813-831. Leonardi, P. and Barley, S. 2008. “Materiality and Change”, Information and Organization, (18), pp. 159-176. Levina, N. and Vaast, E. 2005. “The Emergence of Boundary Spanning Competence in Practice: Implications for Implementation and Use of Information Systems,” MIS Quarterly, (29:2), pp. 335-363. Levina, N. and Vaast, E. 2008. “Innovating or Doing As Told? Status Differences and Overlapping Boundaries in Offshore Collaboration,” MIS Quarterly, (32:2), pp. 307- 332. 321 Liang, H., Saraf, N., Hu, Q., and Xue, Y. 2007. “Assimilation Of Enterprise Systems: The Effect Of Institutional Pressures And The Mediating Role Of Top Management,” MIS Quarterly, (31:1), pp 59-87. Liu, C., Sia, CL, and Wei, K.K. 2008. “Adopting Organizational Virtualization In BZB Firms: An Empirical Study In Singapore,” Information and Management, (45:7), Pages 429-437. Liu, Q and Ridley, G. 2005. “IT Control In The Australian Public Sector: An International Comparison,” Proceedings of the 13’” Eur0pean Conference on Information Systems, 26-28 May 2005, Regensburg, Germany. Luckharn, D. (2002). The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems. Boston: Addison-Wesley. Lyytinen, K., and Rose, GM. 2003. “The Disruptive Nature of Information Technology Innovations: The Case of Internet Computing in Systems Development Organizations,” MIS Quarterly (27:4), pp 557-595. Lyytinen, K., and Y00, Y. 2002. “The Next Wave of Nomadic Computing”, Information Systems Research, (13:4), pp. 377—388. Majchrzak, A., Rice, R., Malhotra, A., King, N., and Ba, S. 2000. “Technology Adaptation: The Case of a Computer-supported Inter-organizational Virtual Team,” MIS Quarterly, (24:4), pp. 569--600. Mao, E. and Palvia, P. 2008. “Exploring The Effects Of Direct Experience On IT Use: An Organizational Field Study,” Information and Management, (45:4), pp. 249-256 March, J .G. 1991. “Exploration and Exploitation in Organizational Learning,” Organization Science, (2), pp. 71 -87. Markus, M. L. 1983. “Power, Politics and MIS Implementation,” Communications of the ACM, (26:6), pp. 430-444. Markus, M. L. 2000. “Conceptual Challenges in Contemporary Information Systems Research,” Communications of the AIS, (3:1), Article No. 4. Markus, ML. and Robey, D. 1988. “Information Technology and Organizational Change: Causal Structure in Theory and Research,” Management Science (34:5), pp.583- 598. McAfee, A. P., McFarlan, F. W., and Wagonfeld, A. B. 2004. “Enterprise IT at Cisco,” Harvard Business School Case 605-015. McAfee, A. P. 2006. “Teaching Note- Cisco Systems, Inc.: Implementing ERP,” Harvard Business School Teaching Note 607-039. 322 Melville, N., Gurbaxani, V., and Kraemer, K. 2007. “The Productivity Impact of Information Technology across Competitive Regimes: The Role of Industry Concentration and Dynamism,” Decision Support Systems (43), pp 229-242. Miles, M. B. and Huberrnan, A. M. 1994. Qualitative Data Analysis, Sage. Mintzberg H. 1993. Structure in Fives: Designing Effective Organizations. Englewood Cliffs, NJ, Prentice-Hall. Mintzberg, H. and McHugh, A. 1985. “Strategy Formation in an Adhocracy,” Administrative Science Quarterly, (30:2), p.160—197. Nandhakumar, J ., Rossi, M., and Talvinen, J. 2003. “Planning for ‘drift’?: Implementation process of enterprise resource planning systems, ” Proceedings of the 3 6’ Annual Hawaii International Conference on System Sciences (HICSS'03), pp. 1-10. Nash, KS. 2009. “What CIOs Get Wrong About Emerging Technology”, CIO, December 15, http://www.cio.com/article/510968/What CIOs Get Wrong About Emerging Technol ggy, (Last accessed April 19, 2010) Nelson, K. M. and Cooprider, J. G. 1996. “The Contribution of Shared Knowledge to IS Group Performance,” MIS Quarterly, (20), pp. 409-432. Nicho, M. and Cusack, B. 2007. “A Metrics Generation Model for Measuring the Control Objectives of Information Systems Audit,” Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS'06), pp.2350. Nolan, R. and McFarlan, W. 2005. “Information Technology and the Board of Directors,” Harvard Business Review, (83:10), pp. 96-106. Organ, D.W. 1988. Organizational Citizenship Behavior: The Good Soldier Syndrome. Lexington, MA: Lexington Books. Orlikowski, W. J. 1992. “The Duality Of Technology: Rethinking The Concept Of Technology In Organizations”, Organization Science, (3:3) pp. 398—427. Orlikowski, W. J. 2000. “Using Technology and Constituting Structures: A Practice Lens for Studying Technology in Organizations,” Organization Science, (11:4), pp.404—428. Orlikowski, W. J. 2002. “Knowing In Practice: Enacting a Collective Capability In Distributed Organizing,” Organization Science, (13:3), pp. 249—273. Orlikowski, W. J. 2010. “The Sociomateriality of Organisational Life: Considering Technology In Management Research”, Cambridge Journal of Economics, (34), pp. 125-141. 323 Orlikowski, W. J ., and Iacono, C. S. 2001. “Desperately Seeking The “IT” In IT Research: A Call To Theorizing The IT Artifact”, Information Systems Research, (12:2), pp. 121-134. Orlikowski, W.J. and Scott, S.V. 2008. “Sociomateriality: Challenging the Separation of Technology, Work and Organization”, Academy of Management Annals, (2:1), pp. 433—474 Orlikowski, W.J. and Yates, J. 2006. “ICT and Organizational Change: A Commentary”, Journal of Applied Behavioral Science, (42:1), pp. 127-134 Osterlund, C. and Carlile, P. 2005. “Relations in Practice: Sorting Through Practice Theories on Knowledge Sharing in Complex Organizations,” The Information Society, (21), pp. 91—107. Ouchi, W.G. 1979. “A Conceptual Framework for the Design of Organizational Control Mechanisms,” Management Science, (25:9), pp. 833-848. Ouchi, W.G. 1980. “Markets, Bureaucracies, and Clans,” Administrative Science Quarterly, (25:1), pp. 129-141. Overby, E. 2008. “Process Virtualization Theory and the Impact of Information Technology,” Organization Science, (19:2), pp. 277-291. Ozbiglin, M. and Tatli, A. 2005. “Review Of Bourdieu’s Contribution To Organization And Management Studies,” Academy of Management Review, (30:4), pp. 855-877. Peterson, R. 2004. “Crafting Information Technology Governance,” Information Systems Management, (Fall), pp. 7-22. Pettigrew, A. M. 1997. “What Is a Processual Analysis?” Scandinavian Journal of Management, (13:4), pp. 337-48. Pollock, N. 2005. “When Is A Work-Around? Conflict & Negotiation In Computer Systems Development,” Science, Technology, and Human Values, (30), pp. 1- 19. Reich, B.H. and Benbasat, I. 2000. “Factors That Influence The Social Dimension Of Alignment Between Business And Information Technology Objectives,” MIS Quarterly, (24:1), pp. 81-111. Rittel, H. and Webber, M. 1973. “Dilemmas in a General Theory of Planning,” Policy Sciences, (4), pp. 155-159. 324 Robey, D. and Boudreau, M-C. 1999. “Accounting for the Contradictory Organizational Consequences of Information Technology: Theoretical Directions and Methodological Implication,” Information Systems Research, (10:2), pp. 167-185. Sabherwal, R., Hirschheim, R. and Goles, T. 2001. “The Dynamics of Alignment: a Punctuated Equilibrium Model,” Organization Science, (12:2), pp. 179—197. Saga, V. and Zmud, R.W. 1994. “The Nature and Determinants of IT Acceptance, Routinization and Infusion,” in Diflusion, Transfer and Implementation of Information Technology, L. Levine (ed.), New York, North Holland, pp. 67-86. Sarnbamurthy, V. and Zmud, R. W. 1999. “Arrangements for Information Technology Governance: A Theory of Multiple Contingencies,” MIS Quarterly, (23:2), pp. 261-290. Sarnbamurthy, V. and Zmud, R. W. 2000. “Research Commentary: The Organizing Logic For An Enterprise's IT Activities In The Digital Era—A Prognosis Of Practice And A Call For Research,” Information Systems Research, (11:2) pp. 105-114. Schultze, U. and Orlikowski, W. J. 2004. “A Practice Perspective on Technology- Mediated Network Relations: The Use of Internet-Based Self-Serve Technologies,” Information Systems Research, (15:1), pp. 87-106. Schwarz, A. and Hirschheim, R. 2003. “An Extended Platform Logic Perspective Of IT Governance: Managing Perceptions And Activities Of IT,” Journal of Strategic Information Systems, (12:2), pp. 129-166. Shapiro, C. and Varian, H. R. 1999. Information Rules: A Strategic Guide to the Network Economy, Boston: Harvard Business School Press. Sia, S. K., and Soh, C. 2007. “An Assessment Of Package—Organization Misalignment: Institutional And Ontological Structures”, European Journal of Information Systems, (16), pp. 568—5 83. Sia, S.K., Tang, M., Soh, C., and Bob, W.F. 2002. “Enterprise Resource Planning (ERP) Systems as a Technology of Power: Empowerment or Panoptic Control?,” ACM SIGMIS Database, (33:1), pp. 23-37. Simon, H. 1969. The Sciences of the Artificial, Third Edition. Cambridge, MA: MIT Press. Snook, SA. 2000. Friendly Fire: The Accidental Shootdown of US. Black Hawks over Northern Iraq Princeton University Press, Princeton, NJ. Soh, C., Sia, SK, and Tay-Yap, 2000. “Cultural Fits and Misfits: Is ERP A Universal Solution,” Communications of the ACM (43:4), p. 47-51. 325 Speier, C. and Venkatesh, V. 2002. “The Hidden Minefields in the Adoption of Sales Force Automation Technologies,” Journal of Marketing, (66:3), pp. 98-111 Srinivasan, K., Kekre, S., and Mukhopadhyay, T. 1994. “Impact of Electronic Data Interchange Technology on J IT Shipments,” Management Science, (40:10), pp. 1291—1304. Standing, C., Sims, 1. and Love, P. 2009. “IT Non-Conformity In Institutional Environments: E-Marketplace Adoption In The Government Sector,” Information and Management, (46), pp. 138—149. Star, S.L. and Ruhleder, K. 1996. “Steps toward an Ecology of Infrastructure: Design and Access for Large Information Spaces,” Information Systems Research (7:1), pp 111-134. Star, S. L. and Strauss, A. (1999). “Layers of Silence, Arenas of Voice: The Ecology of Visible and Invisible Work,” Computer Supported Cooperative Work, (821-2), pp. 9-30 Sundaramurthy, C. and Lewis, M. 2003. “Control and Collaboration: Paradoxes Of Governance,” Academy of Management Review, (28:3), pp 397-415. Swan, J. A. and Newell, S. 1995. “The Role Of Professional Associations In Technology Diffusion,” Organization Studies, (16:5), pp. 847-74. Tesch, R. 1990. Qualitative Research: Analysis Types and Software Tools. Bristol, PA: Falmer Press. Tjomehoj, G. and Mathiassen, L. 2008. “Between Control and Drift: Negotiating Improvement in a Small Software Firm,” Information Technology and People, (21), pp. 69-90. Truex, D., Baskerville, R., and Klein, H. 1999. “Growing Systems in Emergent Organizations,” Communications of T he ACM (42:8), pp. 117-123. Vaast, E. and Walsham, G. 2005. “Representations And Actions: The Transformation Of Work Practices With IT Use,” Information and Organization, (15), pp. 65—89. van de Ven, A. and Poole, MS. 1995. “Explaining Development And Change In Organizations,” Academy of Management Review, (20:3), pp. 510-540. van Dyne, L., Graham, J .W., & Dienesch, RM. 1994. “Organizational citizenship behavior: Construct redefinition, measurement, and validation,” Academy of Management Journal, (37), pp. 765-802. 326 van F enema, P. C. and van Baalen, P. J. 2005. “Strategies For Dealing With Drift During lrnplementation Of ERP Systems,” Erasmus Research Institute of Management. Report Series: Research in Management, pp. 1-31. Available at http://hdl.h_andle.net/1765/6769, Retrieved October 4 2008. van Grembergen, W., de Haes, S. and Guldentops, E. 2004. “Structures, Processes and Relational Mechanisms for IT Governance,” in Van Grembergen, W. (Ed.), Strategies for Information Technology Governance, Idea Group Publishing. Wajcman, J. 2002. “Addressing Technological Change: The Challenge To Social Theory,” Current Sociology, (50), pp. 347—63 Wagner, E. L. and Newell, S. 2006. “Repairing ERP: Producing Social Order to Create a Working Information System”, Journal of Applied Behavioral Science, (42:1), pp. 40-57. Walsham, G. 1993. Interpreting Information Systems in Organizations, Wiley, Chichester. Walsham, G. 1995. “Interpretive Case Studies In IS Research: Nature And Method,” European Journal of Information Systems, 4(2), 74-82. Walter, Z. and Lopez, M. S. 2008. “Physician Acceptance Of Information Technologies: Role Of Perceived Threat To Professional Autonomy,” Decision Support Systems, (46:1), Pages 206-215. Warkentin, M and Johnston, A. 2006. “IT Security Governance and Centralized Security Controls,” Chapter II, pp. 16-24 in Warkentin, Merrill and Rayford Vaughn (Eds), Enterprise Information Assurance and System Security: Managerial and Technical Issues, Hershey, PA: Idea Group Publishing. Weill, P. 2004. “Don’t Just Lead, Govern: How Top-Performing Firms Govern IT”, MIS Quarterly Executive, (3:1), pp. 1-17. Weill, P. and Broadbent, M. 1998. Leveraging the New Infiastructure: How Market Leaders Capitalize On Information Technology, Harvard Business School Press, Boston, MA. Weill, P. and Broadbent, M. 2002. “Describing and Assessing IT Govemance- The Governance Arrangements Matrix,” CISR-MIT Research Briefing, (2:3E). Weill, P. and Ross, J. 2004. IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press. Weill, P., Soh, C. and Sia, SK. 2007. “Governance of Global Shared Solutions at Proctor & Gamble,” CISR-MIT Research Briefing, (723A). 327 Whittington, R. 2006. “Completing the Practice Turn in Strategy Research,” Organization Studies, (27:5), pp. 613—634. Whitworth, B., F jermestad, J. and Mahinda, E. 2006. “The Web of System Performance,” Communications of the ACM, (49:5), pp. 92 — 99. Wu, Y. 2008. “We Govern, Therefore We are Secure: Effect of IT Governance on Information Security Services,” Presented at the Academy of Management Meeting, Anaheim, CA, Aug 8-13. Yin, R. K. (2003) Case Study Research, Design and Methods. Sage Publications, Beverly Hills, CA. Zammuto, R.F., Griffith, T.L., Majchrzak, A., Dougherty, D.J., and F araj, S. 2007. “Information Technology and the Changing Fabric of Organization”, Organization Science, (1 8:5), pp. 749-762. 328 4 llllllHlllllllllllllllllllllllH 3 03063 48