Information Technology Governance in the Malaysian Electronics Manufacturing Industry

Research indicates that information technology (IT) governance is attracting enormous attention from practitioners and academics. This is fueled by the growing importance of IT governance in the delivery of IT compliance and in its ability to create value for businesses. IT compliance minimizes risk while IT governance manages risks. This paper is a preliminary report on an electronic survey of 33 firms operating in Malaysian electronics industry. Three key frameworks underpinned the conceptual development in this paper. The findings indicate that IT governance is important to profitand growthoriented organisations in terms of cost efficiency, growth, asset utilisation and business flexibility. Organisations realise the benefits of IT governance but unfamiliar with the IT frameworks. Additional implications of these findings to the electronics manufacturing industry and policy makers in Malaysia are presented. Background of Study Information technology [IT] governance is relatively new in Malaysia. In fact, there are limited studies about IT governance in Malaysia. While organisations are getting bigger in terms of annual revenue or number of employees, the IT infrastructure in organisations becomes more complex. In this regard, proper management of IT is imperative to ensure that IT risks are mitigated and also that IT brings positive values to organisations. The electrical and electronics industry is Malaysia's leading industrial sector, contributing significantly to the country's manufacturing output, exports and employment. In 2006, gross output of the industry totalled RM214.9 billion (US$63.2 billion), while the industry's exports of electrical and electronics products amounted to RM282.2 billion (US$83 billion) or 61.7% of total manufactured exports. The industry created 397,553 jobs opportunities, accounting for 36.6% of total employment in the manufacturing sector (www.mida.gov.my). This research, therefore, is an effort to determine the perceptions of organizations’ IT governance practice in this industry. Thus, this research is tries to answer the research question: How aware are these firms about the impact of IT governance on Malaysian electronics manufacturing industry? The following section reviews the literature relevant to the research topic. The methodology used is detailed before the results are presented. Finally, the findings are discussed and implications of the results are presented before the paper is concluded. Literature Review The popularity of information technology (IT) usage among companies has called for a specific focus on IT governance [3]. IT governance is important because it ensures sustainable system operations and reduces the organisation’s vulnerability to crises resulting from system failures. IT is often the weakest link in an organisation’s overall governance structure [1][8] and therefore deserves greater attention. IT governance and IT compliance are two different concepts. Kennan [4] described IT compliance as a cost which, does not deliver any benefit to the business. On the other hand, IT governance delivers compliance and creates value for the business. Moreover, the objective of compliance is to minimise risk, whereas governance is to manage risk. Therefore, IT governance is more than mere compliance with regulatory requirements. IT governance is about optimum returns from investment in IT and how to ensure that measurable and transparent long-term, sustainable stakeholder value is achieved [11]. Hence extracting maximum value from existing investment is imperative for IT governance [6]. IT Governance Institute [3] defines IT governance as the leadership and organisational structures and processes that ensure the organisation’s IT sustains and extends the organisation’s strategies and objectives. Weill and Ross [10] offered a simpler yet encompassing definition of IT governance as specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT. Common Coordination of Decision-Making Mechanisms There are various common coordination of decisionmaking mechanisms, including: Khong Sin Tan, Uchenna Cyril Eze and Wil Ly Teo Communications of the IBIMA Volume 3, 2008 139 • A steering committee which comprises of either representatives from business, IT or a mixture of both. • An IT relationship or account manager dedicated to specific business units or functions. • An architecture committee to ensure business and technical standardisation and integration. • A budgeting, investment or project decision committee to reconcile conflicting business needs requiring limited IT resources. Monitoring Execution Once decisions are made, monitoring and periodic reviews are necessary to ensure the execution is on the right path. The mechanisms for monitoring execution include: • Architecture review or exception process • Standard operation management processes for IT service support and delivery • Service level agreements • Organisation-wide project management methodology • Cost forecasting and controlling processes • Key performance indicators or balanced scorecard Communication with Stakeholders Communication encompasses announcements, advocates, channels, and education efforts that disseminate IT governance principles and policies and outcomes of IT decision-making processes [10]. These include: • Communication sessions by senior business and IT management • Electronic communication (e.g. announcements, newsletters, intranets) • Personal involvement of senior IT management to ensure buy-in and compliance by renegades (managers who do not follow the rules, either due to ignorance or disagreement) Industry Frameworks Related to IT Governance There are three frameworks related to IT governance. The three frameworks are Control Objectives for Information and related Technology (CobiT), IT Infrastructure Library (ITIL) and Capability Maturity Model Integration (CMMI). CobiT was developed in the early 1990s by Information Systems Audit and Control Association (ISACA) with the goal of providing a set of best practices that are meaningful and useful to IT staff, auditors, and customers. CobiT is organised into four domains: planning and organisation, acquisition and implementation, deployment and support, and monitoring with a total of 34 high-level control objectives. Each of the high-level control objectives is divided into detailed control objectives. CobiT identifies a broad set of 318 control points designed to provide reasonable assurance that certain objectives will be achieved [3]. ITIL was developed in the late 1980s by the UK’s Office of Government Commerce (OGC) [5]. The OGC started the project in recognition of the fact that government organisations were becoming increasingly dependent on Information Technology. The objectives of the OGC in developing ITIL were to promote IT business effectiveness and to reduce costs while maintaining or improving IT services. The library includes scope of implementing ITIL processes through applying life cycle management and the core of ITIL IT operations processes. It has become the global benchmark by which organisations measure the quality of IT service management [5]. CMMI for software development was established in 1986 at Carnegie Mellon University by the Software Engineering Institute (SEI) [7]. It was originally developed for the U.S. Defence Department to manage large and complex development projects, but has gradually gained recognition in both the public and private sectors as a useful framework for improving software development processes and application quality. CMMI defines five stages of organisational maturity with respect to software development. Predictability, effectiveness, and control of an organisation's software processes are believed to improve as the organisation moves up these five levels [7]. Research Methodology Questionnaire This study is carried out using a set of questionnaire. Items in questionnaire are prepared based on literature as described in Section 2. Respondents can choose to complete the survey either online or through e-mail. Demographic items are evaluated using dichotomous scaling. All other variables are interval-scaled. There are three categories; coordination, monitoring and communication mechanisms (Section 2.1), monitor execution of IT decisions (Section 2.2), and communicate IT issues (Section 2.3). We measure the questions in these categories using 5-point Likert scale, ranging from 1=Never, 2=Rarely, 3=Sometimes, 4=Often and 5=Always. The IT governance frameworks (Section 2.4) are rated by 1=Currently Used, 2=Intend to Use, 3=No Intention to Use, and 4=Never Heard of. Information Technology Governance in the Malaysian Electronics Manufacturing Industry Communications of the IBIMA Volume 3, 2008 140 IT governance performance are categorised into two parts. One part is about the importance of IT governance outcomes which is scaled as 1=Totally Not Important, 2=Not Important, 3=Quite Important, 4=Important and 5=Very Important. The second part concerns the influence of IT governance in business. The scales we used are 1=Totally Not Successful, 2=Not Successful, 3=Quite Successful, 4=Successful and 5=Very Successful. Selection of Study Area and Sampling We used simple random sampling method to select participants in this study. Respondents are randomly selected from the member directory of the Federation of Malaysian Manufacturers, which contains around 1000 members, as well as through industry contacts. The organisations included in this research are involved in the manufacture of one or more of the following products: diode, electronic, integrated circuit, memory product, resistor, semiconductor, sipmos, transistor, and wafer. Care was taken in selecting participants from the population frame by removing obvious mismatches (e.g. “wafer” as a product of the food industry, as opposed to “wafer” fabrication in the semiconductor industry). The finalised population frame consists of 33 organisations. All selected organisations in the list are invited to participate in the survey which ran for approximately one month. Analyses and Results Out of 84 e-mails sent to respondents, 33 respondents answered the questionnaires online, while 2 declined to participate citing confidentiality as a reason. Therefore, 33 usable survey responses (N=33) were collected which represented 39.3% response rate. Table 1 indicates the distribution of annual revenue. The table shows that the figures are skewed towards large corporations with over RM 50 million of annual revenue. Over half of the respondents (63.6 per cent) are from organisations with over RM100 million of annual revenue. Table 1: Annual revenue of company (N=33)