• Abbreviation: Afr. J. Bus. Manage.
• Language: English
• ISSN: 1993-8233
• DOI: 10.5897/AJBM
• Start Year: 2007
• Published Articles: 4137

## Information technology governance in Lebanese organizations

##### Hussin J. Hejase
• Hussin J. Hejase
##### Ale J. Hejase
• Ale J. Hejase
• School of Business, The Islamic University of Lebanon, Beirut, Lebanon.
##### Ghinwa Mikdashi
• Ghinwa Mikdashi
• Grenoble Ecole de Management, Grenoble, France.
##### Alaa Al-Halabi
• Alaa Al-Halabi
• Faculty of Business and Economics, American University of Science and Technology, Beirut, Lebanon.
##### Khaled Alloud
• Khaled Alloud
• Faculty of Business and Economics, American University of Science and Technology, Beirut, Lebanon.
##### Rani Aridi
• Rani Aridi
• Faculty of Business and Economics, American University of Science and Technology, Beirut, Lebanon.

•  Accepted: 22 October 2016
•  Published: 14 November 2016

ABSTRACT

Information technology (IT) Governance is relatively a new topic in Lebanon whereby executives and board directors institute the appropriate leadership, organizational structure and processes so that the enterprise’s IT sustains and extends the organisation’s strategies and objectives. It has a well-defined process and specific components that enable organizations to effectively attain competitive advantage. This research aims to assess how Lebanese top management deal with IT Governance by assessing the level of maturity of the implementation of the said concept, and sheds light on the drivers and barriers behind IT Governance implementation. The research adopts a deductive, quantitative and comparative approach where data is gathered from different organizations and then analyzed in order to formulate a general proposition on the said status of IT Governance. The chosen research technique is survey questionnaire and the research statistical tool is statistical package for social sciences (SPSS). Detailed results are depicted using descriptive analysis as well as inferential analysis. Inferential analysis includes crosstabs and regression analysis. All the analyses are used as basis for the findings and to formulate a general proposition regarding the variables upon which implementation of IT Governance depends on. The research is concluded with lessons learned and future research recommendations.

Key words: Governance, IT, implementation, Lebanon.

INTRODUCTION

The National Computing Centre (2005) and Selig (2008) contend that the interest in Corporate Governance has been of greater significance nowadays, especially after the damage caused by a series of global events characterized by fraud, financial crisis, and institutional unethical behavior.  Many   reasons   support   the aforementioned significance including organizational connectivity and networks with customers and suppliers, speed of response to stakeholders, automation of critical business processes, the fact that directors rely on information provided by IT systems for their decision making, and the role of IT in adding value to business strategy. “IT has the potential to deliver, and for those who can use it will continue to deliver, strategic value at all sorts of levels” (Bannister and Remenyi, 2005). Moreover, Ernst and Young Global Limited (2016) supports the aforementioned claims, and through a survey to Chief Information Officers (CIOs), the company asserts that IT through artificial intelligence “is a further source of savings. Real-time supply chain optimization drives highly effective warehouse management and more accurate stock replenishment, while in financial services, dealers can trade complex products faster. Organizations that service customers in their homes or businesses have also used IT to improve efficiency, by planning their routes better, which leads to fewer vehicles, shorter journeys and lower fuel costs” (Para 17). Furthermore, Ernst and Young Global Limited  (2016) strongly believe that “IT has contributed immensely to business success in the past decade but it’s clear that management wants even more innovation, and that IT has to continue offering more than just operational support and help create competitive advantage” (Para, 24-26).

The National Computing Centre (2005), in its endeavor to encourage organizations to develop a successful Governance strategy, recommends the following: “the need to effectively manage IT resources and avoid IT failures and poor performance has never been greater”, and calls the top management’s  attention to the fact that “the current climate of cost reduction and budget restriction has resulted in new norm – there is an expectation that IT resources should always be used as efficiently as possible”.

The last decade has witnessed many ethical crises which translated into chaos affecting organizations and countries worldwide; a fact that significantly intensifies the need for information transparency, consistency and top management literacy about the wellbeing of their corporations; consequently, organizations are encouraging IT Governance.

According to Schwartz (2007), “organizations today are subject to many regulations governing data retention, confidential information, financial accountability and recovery from disasters. While none of these regulations requires an IT governance framework, many have found it to be an excellent way to ensure regulatory compliance. By implementing IT governance, you’ll have the internal controls you need to meet the core guidelines of many of these regulations, such as the Sarbanes-Oxley Act of 2002” (Para 5). A mandatory Act to which Soxlaw (2006) provides the guidelines: “All organizations, large and small, must comply. The legislation came into force in 2002 and introduced major changes to the regulation of financial practice and corporate governance. Named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, it also sets a number of deadlines for compliance” (Para 1-3).

This research aims to explore and assess the status of IT Governance in Lebanon, including the  assessment  of the extent of knowledge and awareness that Lebanese employees and managers demonstrate, taking into consideration that research on the managerial and strategic state applied in the Lebanese organizations is growing, but considered below par compared to the international market due to various reasons, including, institutional challenges, technical issues related to performance and measurement, financial issues related to funding and expenditure, accountability, internal policies, and technology requirements (Salem, 2003). Moreover, the research intends to identify the pros and cons of its implementation, and finally issuing recommendations for owners and top management of organizations to deal with such an important topic in contemporary management.

This research is believed to add value to previous studies about this issue in Lebanon, with more focus on managerial levels, and will shed light on the state of the implementation of the various components of IT Governance, after examining and identifying the frameworks of use and the Lebanese professionals’ knowledge of IT Governance components and the way they are implemented. Furthermore, this research assesses the challenges be it operational, financial, or those resulting from the external environment.

Research objectives

The research objective can be listed as:

- Discover Lebanese professionals’ awareness of IT Governance frameworks
- Examine the status of IT Governance frameworks’ implementations
- Analyze the different variables found during conducting the research, and comparing these variables with the IT Governance status to draw an organized and full spectrum of IT Governance in Lebanon.

LITERATURE REVIEW

Weill and Ross (2004) define IT Governance, stating that “IT governance represents the framework for decision rights and accountabilities to encourage desirable behavior in the use of IT”. Also, Weill (2004) discerns that “good IT Governance draws on corporate governance principles to manage and use IT to achieve corporate performance goals.

Effective IT Governance encourages and leverages the ingenuity of all enterprise personnel in using IT, while ensuring compliance with the enterprise’s overall vision and principles”. While, a best-practice-based definition is given by the IT Governance Institute (ITGI) (2008): “IT Governance is the responsibility of executives and the board   of   directors,   and  consists   of   the   leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives”.

Furthermore, Khther and Othman (2013), referring to  the Information System Audit and Control Association – ISACA’s (2009) definition, contend that “IT Governance is basically concerned with the way IT delivers value and it’s the management of the risks associated with it which can be brought about through the strategic alignment of business and IT, resource management and performance management”. Also, ISACA (2011) reports, as one of its important findings of a worldwide survey, that “considerations for security, shared services, IT resource maximization and governance concerns have contributed to a growing focus on enterprise-based IT management and IT governance. Included are issues surrounding IT strategic alignment with business mission, regulatory compliance, and adherence to generally accepted security and control practices. However, while there is some increase in recognition of the need for IT governance at the C-suite level, progress is still slow”.

Nowadays, the role of IT has evolved to a great extent; it has been transformed from a mere support function in the value chain to a more complex and critical role in the sustainability, development, and growth of the business. “From business improvement to strategic transformation initiatives, executives appreciate that IT can be a powerful tool to help their enterprise achieve its most important objectives” (ITGI, 2008).

Hemmatfar et al. (2010) assert that “IT can be used to support a variety of strategic objectives, including creation of innovative applications, changes in business processes, links with business partners, reduction of costs, acquiring competitive intelligence, and others”. With this development in IT role and the data that IT maintains, the importance of IT Governance has become more significant; especially with what was described by NÄƒstase and UnchiaÅŸu (2012) in that “today’s economy brings a new spectrum of IT related risks, such as disclosure of confidential data, non-availability of services negotiated due to systems downtime, or missed business opportunities caused by a rigid IT infrastructure”. Added to the high and critical dependency on IT created by the pervasive use of IT assets  (manifested  by  infrastructure and information systems) is the emergence of and the need for IT Governance.

IT governance implementation framework

De Haes and Van Grembergen (2005) in their literature review contend that “IT governance can be deployed using a mix of structures, processes and relational mechanisms”. Moreover, the authors, referring to several researchers (Samamurthy and Zmud, 1999; Duffy, 2002; Patel, 2004; Peterson, 2004), recommend that “a holistic approach towards IT governance acknowledges its complex and dynamic nature, consisting of a set of interdependent subsystems that deliver a powerful whole”. They add that “depending on multiple contingencies, the optimal mix will be different in every organization” (ibid). The authors provide some examples of these structures, processes and relational mechanisms as shown in Table 1.

The success of the IT governance process, regardless of the chosen framework to implement, is highly dependable on the best governance practices that organizations should be considered when designing and applying their model of IT Governance. Dragoon (2003) identified four IT governance best practices which are summerized in Table 2.

Moreover, Gheorghe (2006) agrees with Dragoon (2003) points of view, and discerns that IT governance enables the company to take full advantage of its information by integrating and institutionalizing best practices, thus maximizing benefits, gaining competitive advantage and successfully exploiting the opportunities.

Components

IT governance is composed of several domains or components that form the dimensions around which IT governance is applied. According to McLeod (2013), “ISACA organization, a leading global provider of certifications, knowledge, advocacy and education of information systems, assurance and security has developed  some  useful  guidance   which   separates  ITgovernance into five separate domains” (ISACA, 2013), each of which is briefly described in Table 3. Selig (2008) stresses that “the approach to IT Governance must be consistent, but yet scalable, and tailored to each organization’s environment and management style, key issues, opportunities, level of maturity, audit/legal requirements, available resources and cultural readiness”. Moreover, McLeod (2013) contends that what is perhaps most important is that the “recommendations, standards and best practices contained in the domains are considered and applied in accordance with the needs, requirements and capabilities of the business. As such the ISACA model is arguably most useful when it is considered as a basic guideline for injecting IT governance best practices into the business when and where they are specifically needed. It is however advisable that no matter the size and maturity level of the business at least some elements from each domain should be present to ensure effective IT governance” (Para 9).

Source: McLeod (2013).

IT governance frameworks

Selig (2008), McLeod (2013) and Calder (2016) agree that organizations must take into consideration every organization’s needs, requirements, and culture when defining their approach to IT Governance. Calder (2016) contends that “most IT management frameworks and standards offer solutions and tools that can help with IT governance, but they are typically very detailed, and have narrow scopes. No single framework or standard provides a full set of IT governance tools and, collectively, they can provide a confusing picture that actually hinders the core purpose of IT governance” (Para 1). Furthermore, IT Governance Ltd. (2016) asserts Calder’s observations by stressing that “there are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are standalone IT governance frameworks, but they all have a useful role in the efficient management of IT operations” (Para 1). Table 4 is a summary of existing third-party IT Governance frameworks and standards as compiled by Calder (2016).

The current research, being an exploratory to assess awareness issues, followed a focused view by selecting five well-known and widely used frameworks for IT Governance, that is, COBIT 5, ITIL, Balanced Score Card, PMBok, and ISO/IEC 27002:2005 (previously ISO/IEC 17799). Whereby the first four are proprietary frameworks and the fifth is a national/ international standard. ISACA (2012) contends that COBIT 5 is a robust framework that satisfies the benefits that any organization is looking for, including:

(i) Maintain high-quality information to support business decisions,
(ii) Achieve strategic goals and realize business benefits through the effective and innovative use of IT
(iii) Achieve operational excellence through reliable, efficient application of technology
(iv) Maintain IT-related risk at an acceptable level
(v) Optimize the cost of IT services and technology
(vi) Support compliance with relevant laws, regulations, contractual agreements and policies”.

As for ISO/IEC 27002:2005 (previously ISO/IEC 17799), IT Governance (n.d.a) presents ISO 17799 as “a 'code of practice', meaning that it lists a substantial number of specific security controls that may be applicable to an IT environment. Selection from these controls is normally performed via risk assessment, and the methods outlined within ISO 27001” (Para 4). Furthermore, ISO 17799 contains 12 prime content sections, specifically covering: “Security Policy, Organizational Security, Asset Classification, HR, Physical and Environmental, Communications and Operations, Access Control, Systems Development, Business Continuity, Compliance, Risk Assessment, and IS Acquisition” (ibid, Para 5).

Also, according to the Association of Modern Technologies Professionals (2016), ITIL is a “public framework that describes best practice in IT service management .It focuses on the continual measurement and improvement of the quality of IT service delivered, from both a business and a customer perspective. The aforementioned   focus   has   contributed  to  ITIL  prolific usage and to the key benefits obtained by those organizations deploying the techniques and processes throughout their organizations” (Para 4). Furthermore, ITIL’s benefits include:

“increased user and customer satisfaction with IT services; improved service availability, directly leading to increased business profits and revenue; financial savings from reduced rework, lost time, improved resource management and usage; improved time to market for new products and services; and improved decision-making and optimized risk” (Para 5).

The Balanced Scorecard (BSC) (IT Governance, n.d.b), on the other hand, “is a framework for measuring an organization's activities in terms of its vision and strategies. It seeks to measure a business from four perspectives: Financial perspective; Customer perspective; Business process perspective; and Learning and growth perspective. The BSC approach has spawned many derivatives and related methodologies, and certainly, the evolution in this respect continues” (Para 3).

Finally, Ramlaoui and Semma (2014) contend that “The project management body of knowledge (PMBOK) is a collection of processes and knowledge areas accepted as best practice for the project management profession. As an internationally recognized standard (ANSI/PMI 99- 001-2008 and IEEE 1490-2011) it provides project managers with the fundamental practices needed to achieve organizational results and excellence in the practice of project management”.

METHODOLOGY

The research philosophy adopted is positivism where the researchers are independent, and assumed the role of objective analysts. While the research approach is deductive whereby a theory is assessed based on an existing practice developed as a result of collecting and analyzing data. Also, the research is exploratory, comparative, and casual where the researchers seek descriptive statistics first, then try to create relationships among variables in order to explain the problem or answer the questions understudy. The main purpose of the research is to assess whether companies in Lebanon are acquainted with the implementation of IT Governance.

Methodology choice

The quantitative nature of the research is based on a survey questionnaire which was distributed to a sample of fifteen Lebanese organizations, including banks, investment companies, and IT companies. The focus was on IT personnel in order to have as much reliable results as possible since IT personnel are exposed to the different frameworks of IT Governance. 150 questionnaires were distributed between 17/1/2014 and 27/1/2014. Several follow up mechanisms were applied, including face-to-face contact and emails. The questionnaires were designed to be filled by managers and employees. All questionnaires were completely retrieved.

Questionnaire design

The researchers took into consideration the research ethics and did not include any privacy-evading questions or any misleading and uncomfortable  questions. Due to the confidentiality promised in the questionnaire, the research team didn’t state any organizations’ names.

The survey questionnaire was divided into four sections with a total of 28 questions: 27 close-ended questions and 1 open-ended. Some of the close-ended questions gave the individuals the option to state freely their answers. Multiple choice question type is mainly used in addition to five-level Likert Scale type in the attitude section. The four sections were designed to assess certain features as follows:

Knowledge: The section consists of five dyadic and multiple choice questions. Its purpose is to assess respondents’ knowledge of IT Governance;
Attitude: The section consists of five five-level Likert Scale questions. It is designed to assess how the respondents’ organizations deal with IT Governance;
Implementation: The section consists of eleven multiple choice questions. This section is important to assess how the respondents’ organizations implement IT Governance; and,
Demographics: The section includes six multiple choice questions to profile respondents.

Sample size

The research team used non-probabilistic sampling where mainly convenience sampling was used. Respondents’ willingness to participate was the main motivator. Also, the members of the sample shared the same technical background which justifies their adequacy for the research and consequently being homogeneous. The final sample size is 100, which is still a suitable size for an exploratory research. It is worth mentioning that 150 questionnaires were distributed to different employees and managers from 15 different companies. Only 100 questionnaires were valid after removing questionnaires half filled (20), wrongly filled (17), and handed in very late (13). Therefore, the response rate is 67%.

Data analysis

All responses were entered to the statistical package for social sciences package for social sciences (SPSS) version 23 program “Statistical Product and Service Solutions, an IBM product acquired by IBM in 2009 (Hejase and Hejase, 2013). The study was performed using exploratory statistics; data tables including frequency and percentage distributions were used and supported by their respective figures. Moreover, cross tabs and regression analysis were performed to study relationships between variables that may add value to the findings of the research.

RESULTS

Demographic statistics

Respondents were 69% males and 31% females. 39% belong to the 30 to 39 age group; 37% belong to the 20 to 29 age category; 17% belong to the third age category 40 to 49; and, two other age groups have a total percentage of 7%, which is less than 20 and more than 40 years old.  Moreover, the weighted mean average age is 33 years old, which shows that the sample of respondents is young and mature for the topic in question. As for the respondents’ education, results show that 61% of the respondents hold a  BA/BS  degree,  36%  hold  an MBA/MS degree, 2% of the respondents hold PhD degrees. This indicates that the respondents have a high level of education.

Table 5 shows that 44% of the respondents were employees with no managerial position, 40% were IT managers, while 16% were high level IT managers and executives (CEO, CIO, CTO, IT Director). Also, results show that 32% of the respondents have 5 to 9 years of experience, 31% have 10-14 years, and 18% have 15-19 years, while 15% have more than 19 years of experience. The remaining 4% have less than 5 years of experience. The weighted mean average number of years of experience is 13 years. The aforementioned indicate that the majority of the respondents are of managerial level, resulting in the conclusion that the information that is collected pertains to people who have experienced managerial issues.

As for the respondents’ salaries, results show that 33% of the respondents have a monthly income between $1000 and$1999, 24% between $3000 and$3999, and 21% between $2000 and$2999. The other three income groups (<$1000,$4000 to $4999, and >$4999) have a total of 22%. The weighted mean average salary is 2,850 USD per month.

Overall, the demographic results regarding age, years of experience, job position, and monthly income are homogeneous, indicating a mature, experienced, and well compensated group of respondents. Hence, their responses that were acceptable reflect that they are people who have had to take managerial decisions.

Four variables are examined: familiarity with the term IT Governance; knowledge of major IT Governance frameworks; and, benefits, limitations and critical success factors of IT Governance. The grand majority, or 90% of the respondents, shows that they are familiar with the term ‘IT Governance’. Table 6 shows that the respondents are highly knowledgeable (73%) about PMBOK (Project Management Book of Knowledge), and67% about IT Balanced Scorecard (BSc). The respondents are also knowledgeable about Control Objectives for Information and Related Technologies (COBIT) and Information Technology Infrastructure Library (ITIL), but not knowledgeable about ISO 17799 (ISO standard guidelines for Information Security Management). As for the IT governance benefits, 69.7% of the respondents believe that IT governance determines responsibilities and accountabilities; 72.7% believe that IT governance defines and explains IT value; 77.8% believe that IT governance aligns IT projects with strategic business objectives; while 63.4% believe it facilitates decision making. The aforementioned results indicate that the majority of the respondents are convinced that IT Governance has valuable benefits of strategic significance. The afore-mentioned   results   fit   the   top   management  priorities reported by GartnerEXP (2002) including: “strategizing for business-IT alignment; providing leadership and guidance for the Board of Directors and senior executive; and demonstrating business value of IT”. Figure 1 depicts the benefits discussed earlier.

Furthermore, results show that 53.6% of the respondents believe that issues in prioritization and investment decisions lead to limitations of IT governance; 55.7% believe that IT governance results in decision making and authority conflicts; while only 39.2% believe it results in conflicts between departments. The afore-mentioned findings indicate that around half of the respondents (49.5% on the average) believe that IT governance has no major limitations; while the other half of the respondents believes that there are limitations for IT governance. Indeed, Peterson (2004) contends that “IT Governance models are influenced by many factors simultaneously, and determining the right structure is a complex endeavor”.

Finally, in accordance with the dimension of respondents’ knowledge of IT Governance, Figure 2 shows that 61.2% of the respondents believe that the most critical success factor for IT Governance is management commitment and involvement, while 69.4% and 90.8% do not consider key stakeholder participation and transparency to be of critical value, respectively. These results confirm to a certain extent what has been reported by Brooks (2011). Management commitment and involvement matches Brooks’s first critical success factor or “top management accountability and respon-sibility”, while the other two factors, transparency and stakeholder   participation,   labelled    uncritical    by   the
Lebanese respondents are ranked fourth and sixth. However, one must be concerned about the result related to transparency since transparency is a fundamental outcome for IT Governance best practice. According to Gheorghe (2006), IT governance solutions provide total transparency of the IT projects and investments, the control needed for the optimization of the business and assurance for compliance with relevant standards and regulations.

Table 7 depicts the results related to the respondents’ attitude towards IT governance. Table 7 shows that 82% of the respondents agree that implementing IT governance at their organizations will affect their job responsibilities. 79% of the respondents agree that implementing IT governance at their organizations will affect work procedures and norms. 81% of the respondents believe that major IT investments in their organization are taken in consultation with the board, while the others are neutral about this subject. 73% of the respondents believe that the IT structure/strategy is aligned with the corporate structure/strategy, while the others are neutral about this subject. And. 49% of the respondents opinionate that there exists in their organization an IT steering committee  that  controls  and contributes to IT governance. The aforementioned results show that the respondents have good understanding of IT governance requirements as supported by Selig (2015) in his book “Implementing Effective IT Governance and IT Management” which stresses “strategic planning practices” for best outcomes of IT governance.

IT governance implementation issues

68% of the respondents answered that their organizations are of medium size, 27% belong to large organizations, and only 5% belong to small organizations. 55% of the respondents answered that their organizations operate in the Telecommunication/IT industry, 34% in the Retail/ Industrial industry, and 11% in the Finance/Insurance industry. 42% of the respondents answered that their organizations have between 15 and 29 employees in their IT departments, 19% have less than 15, 15% have 30 to 44 employees. The remaining 24% is divided equally between two ranges (45 to 59 and more than 59). The majority of the respondents or 86% believe that IT is highly important in their organizations’ day to day operations, 12% believe it is of average importance, and only 2% see it of low importance. This outcome is agreed upon and classified by Selig (2015) under management control practices, whereby such control practices “focus on  the  tactical  and  operating  plans and programs, with emphasis on the day-to-day operational environment”.

Furthermore, 59% of the respondents confirm that their IT department understands the business needs to a great extent, 37% to a small extent, and only 4% to yet a smaller extent. These results show that the IT department is reasonably involved in the organizational future outlook. However, 81% of the respondents confirm that their organizations have a documented plan that outlines strategic objectives and priorities; 73% of the respondents claim that their organizations have an IT documented plan that outlines strategic IT objectives and priorities.

Effectiveness of IT governance

When respondents are asked if their organizations address IT Governance effectively, results show that 41% of the respondents believe that their organization is addressing and managing IT Governance with extremely high effectiveness, 50% claim their organizations address IT Governance with either low or some effectiveness, and a minority of 9% believe that their organizations are not effective in addressing and managing IT Governance.

Status of IT governance implementation

Results show that 28% of the respondents answered that their organization is planning to implement IT Governance, 26% answered that their organization is currently implementing IT governance, and 34% are divided equally between no plans to implement and have been implemented and are at a mature stage. The remaining 12% answered that they don’t know the  status of IT governance implementation at their organization. These results coincide with the previously presented results about IT governance understanding and their effectiveness. Based on the aforementioned results, the reader must observe that the Lebanese organizations represented in the sample of the current research are lagging behind in terms of the full potential of IT Governance. ITGI (2003; cited in NÄƒstase and UnchiaÅŸu, 2012) asserts that the implementation of IT governance ensures that the IT function adds value to the company while balancing risks versus return.

Drivers behind implementing IT governance

Results depicted in Figure 3 show that the majority of the respondents believe that the primary drivers behind implementing IT governance at their organizations are aligning IT with organizational goals (71.3%), and are applying performance metrics and accountability frameworks to IT (57.4%). Other drivers are less important according to the results shown.

Moreover, results show that according to the respondents, decentralized/informal organizational culture is the primary barrier to implanting IT Governance at their organizations (41.5%), followed by lack of participation of the necessary parties (36.2%), lack of adequate funding (33%), lack of fit with strategic objectives (31.9%), and insufficient coordination of governance structures/ processes (29.8%). It is noticeable that no option attained half of the answers, and that the options have close percentages. This indicates that the respondents feel that the mentioned barriers are almost of the same importance.

NÄƒstase and UnchiaÅŸu (2012) contend that basically, “IT governance is made of two issues: IT delivers value to the business and IT risks are mitigated to an acceptable level,  which  can be translated into strategic alignment of.

Inferential statistics

The second part of analysis of data presents inferential statistics necessary to explore, assess and describe relationships between variables. According to Wyse (2012), when conducting survey analysis, cross tabulations are appropriate for analyzing the relationship between two or more variables. Cross tabulations provide a way of analyzing and comparing the results for one or more variables with the results of another (or others). The purpose of the research is to assess the status of IT governance implementation among different Lebanese organizations. Therefore, results from the survey questionnaire, help identify the primary drivers and barriers of implementing IT governance in these organizations.

Crosstabs analysis

This section represents crosstabs analyses between Respondents’ Job Position/Designation and knowledge of the five IT governance frameworks (COBIT, ITIL, ISO 17799, PMBOK, and IT Balanced Scorecard). Theanalyses include Chi-square tests and correlation (Pearson’s R) analysis.

Results in Table 8 show that middle management authority respondents know more about COBIT as compared to C-level executives (CXOs) and employees. 24% of  the  employees  have  fair  knowledge  of  COBIT versus 9% of the IT directors and managers and 1% of the CXOs; also 7% of the employees and 7% of the CXOs versus 7% of the IT directors and 31% of the IT managers who have good to very good knowledge.

Results show that middle management authority respondents know more about ITIL as compared to CXOs and employees. 23% of the employees have fair knowledge of ITIL versus 7% of the IT directors and managers, and 1% of the CXOs; also 9% of the employees and 7% of the CXOs versus 7% of the IT directors and 33% of the IT managers who have good to very good knowledge. Results show that middle management authority respondents know more about ISO 17799 as compared to CXOs and employees. 25% of the employees have fair knowledge of ISO 17799 versus 14% of the IT directors and managers, and 0% of the CXOs; also 5% of the employees and 8% of the CXOs versus 5% of the IT directors and 29% of the IT managers who have good to very good knowledge.

Results show that middle management authority respondents know more about PMBOK as compared to CXOs and employees. 17% of the employees have fair knowledge of PMBOK versus 1% of the IT directors and managers, and 0% of the CXOs; also 19% of the employees and 8% of the CXOs versus 7% of the IT directors and 39% of the IT managers who have good to very good knowledge. Results show that middle management authority respondents know more about IT balanced scorecard as compared to CXOs and employees. 21% of the employees  have  fair  knowledge of IT Balanced Scorecard versus 0% of the IT directors and managers, and 0% of the CXOs; also 15% of the employees and 8% of the CXOs versus 8% of the IT directors and 39% of the IT managers who have good to very good knowledge.

From the earlier mentioned results and analysis, it can be concluded that knowledge of IT governance frameworks is statistically significantly related to Job Position. However, the aforementioned result reflects a partial compliance to what the National Computing Centre (2005) has recommended. The National Computing Centre (2005) asserts that “a key characteristic of any successful IT Governance initiative is the establishment of an enterprise-wide approach that clearly sets out roles and responsibilities, emphasizing that everyone has a part to play in enabling successful IT outcomes” (p. 31).

Regression analysis

Hejase and Hejase (2013) contend that a multiple regression model is needed when the researcher faces the scenario where more than one independent variable is causing variations in the dependent variable under study. Therefore, the next step is to assess and form possible relationships which may help analyze the status of IT Governance implementation in Lebanon. One regression model results are based on the different crosstabs tested. Results are as follows:

The dependent variable, “Status of IT Governance Implementation” in model one was tested against twelve independent variables; the three iterations using stepwise regression resulted in having three statistically significant independent variables:

1. Number of employees in IT Department
2. IT Governance familiarity
3. IT Department has a documented plan that outlines the strategic IT objectives and priorities

Regression summary results as depicted in Table 9 show that the model (after three iterations) is quantitatively adequate due to the high values of the coefficient of correlation (R = 0.841), the coefficient of determination (R2 =  0.708),  and  Adjusted  R2 = 0.699  which  is  more accurate than R2 and insensitive to the number of independent variables and sample size; however, the model is qualitatively acceptable and statistically significant with F-value = 26.635 with an associated probability of 0.000, which is less than α = 0.05. Furthermore, results of ANOVA testing indicate that the regression equation predicts better than would be expected by chance. The F-value = 77.537 with an associated probability of 0.000 which is less than α = 0.01. Moreover, the Durbin-Watson statistic (1.910) is approximately 2, which indicates that the “linear regression analysis is meaningful since the residuals are independent or uncorrelated” (Hejase and Hejase, 2013).

The aforementioned values indicate that there is statistical significant evidence that the independent variables in all three models are related to the dependent variable (Status of IT Governance Implementation). Table 10 shows the standardized coefficients with their corresponding P. Sig. characterizing the independent variables. Table 10 shows the following comparison of explanatory variables:

Interpretation of the regression model, depicted in Table 10, shows that respondents’ organizations whose IT workforce is large, who are familiar with IT Governance concept, and whose IT Departments have documented plans that outline the strategic IT objectives and priorities, have the potential to improve the current status of IT Governance implementation. This model is supported by the facts explained earlier in Table 7, which support positive organizational behavior towards IT Governance and the strong IT role in preparing the grounds for the organization efforts for better implementation. Furthermore, Figures 4 and 5 support the fact that the resultant regression relationship is valid and suitable to relate the dependent and independent variables.

Reliability test

Hejase and Hejase (2013) contend that reliability testing involves the assessment of the internal consistency of each survey set of items, essentially assessing whether all the items belonging to one set were measuring the same thing by using Cronbach’s alpha technique, where the reliability increases when the alpha value approaches.

1. For the current research, Table 7 shows that Cronbach’s Alpha is 0.824, which is considered a highly acceptable value indicating the homogeneity of the questionnaire items for an exploratory research. According to Burns and Burns (2008), “an alpha value of 0.8 or above is regarded as highly acceptable for assuming homogeneity of items”. Furthermore, according to Burns and Burns (2008), “the Cronbach’s alpha process of assessing internal reliability is in a sense a demonstration of construct validity, when it shows items all loaded together as one coherent scale or group of items clumped together to measure different aspects”. Valid cases are 90, excluded cases are 10 where list wise deletion   is   based   on   all  variables  in  the  procedure.

CONCLUSION AND RECOMMENDATIONS

The level of knowledge of IT governance frameworks is statistically significant and mostly related to Job Position. Results have shown that IT middle management represented by IT directors and IT managers are more knowledgeable about COBIT, ITIL, ISO 17799, PM Book and Balanced Score Card approaches in comparison to employees and CXOs. Moreover, the status of IT Governance implementation depends on the number of employees of the IT department, familiarity of IT Governance between employees, and presence of an IT documented plan for IT strategic objectives and priorities. The aforementioned facts require having a large number of employees in an IT department require setting clear accountability and responsibility rules as well as defining clear work procedures and norms; this will directly influence positively the implementation of IT Governance. In addition, familiarity of IT Governance between employees enables them to identify components, characteristics, and/or presence of IT Governance. If an employee is unfamiliar with IT Governance, he/she may not recognize or identify the aspects of an IT Governance plan even if its existence is effective and efficient. Finally, the presence of an IT documented plan for IT strategic objectives and priorities is one of the aspects of IT Governance, which is an observed fact where 73% of the respondents believe that the IT structure/strategy are aligned with the corporate structure/strategy.

This    research    aims   to   assess   the   status   of IT governance in Lebanese organizations. The research also assesses the level of maturity of the implementation of IT governance as well as sheds light on the drivers and barriers behind IT Governance Implementation. This research shows that Lebanese respondents have shown a strong sense of direction with respect to IT governance, where respondents agree that implementing IT governance at their organizations will affect their job responsibilities (82%); will affect work procedures and norms (79%); that major IT investments in their organization are taken in consultation with the board (81%); that the IT structure/strategy are aligned with the corporate structure/strategy (73%). The aforementioned results show that there is an above the average maturity with respect to IT Governance. Furthermore, 81% of the respondents confirm that their organizations have a documented plan that outlines strategic objectives and priorities and 73% of the respondents claim their organizations have an IT documented plan that outlines strategic IT objectives and priorities. Such an outcome supports the fact that Lebanese respondents have a good knowledge of the strategic outlook of IT governance. And another positive result is that 90% of the respondents have confirmed that they are familiar with the term ‘IT Governance’.

IT governance benefits

As   for   the   IT   governance   benefits,   69.7%   of   the respondents believe that IT governance determines responsibilities and accountabilities, 72.7% believe that IT Governance defines and explains IT value, 77.8% believe that IT Governance aligns IT projects with strategic business objectives, while 63.4% believe it facilitates decision making. The aforementioned results indicate that the majority of respondents are convinced that IT Governance has valuable benefits. Furthermore, the majority of the respondents, or 86%, believe that IT is highly important in their organizations’ day to day operations.

Drivers behind implementing IT governance

Results show that the majority of the respondents believe that the primary drivers behind implementing IT governance at their organizations are aligning IT with organizational goals (71.3%), and applying performance metrics and accountability frameworks to IT (57.4%).

Limitations of IT governance

Research findings show that 53.6% of the respondents believe that issues in prioritization and investment decisions lead to limitations of IT governance; 55.7% believe that IT governance results in decision making and authority conflicts, while only 39.2% believe that IT Governance results in conflicts between departments. The aforementioned facts reflect a miscommunication among authority levels; a fact that may hinder the success of IT governance implementation efforts. Brooks (2011) confirms that the above mentioned limitations represent strategic alignment issues which negatively impact the successful implementation of IT governance on the long term.

Critical success factor

Finally, along the dimension of respondents’ knowledge about IT governance, more results show that 61.2% of the respondents believe that the most critical success factor for IT governance is management commitment and involvement, while 69.4 and 90.8% do not consider key stakeholder participation and transparency to be of critical value, respectively. Ernst and Young (2006) stress the aforementioned fact about management commitment by contending that, “achieving successful alignment of IT with the business starts with getting senior management involved and accountable for IT governance, and able to support the board in setting direction”. However, Ernst and Young (2006) contradict the other finding and contend that not involving stakeholders is a fatal error “a major pitfall is not spending the time getting IT and business stakeholders aligned on the subject of IT value so that investment can  be  articulated  and  measured  in business terms”.

Barriers against IT governance

Results show that according to the respondents, decentralized/informal organizational culture is the primary barrier to implanting IT Governance at their organizations (41.5%), followed by lack of participation from necessary parties (36.2%), lack of adequate funding (33%), lack of guidance from strategic objectives (31.9%), and insufficient coordination of governance structures/processes (29.8%). The aforementioned barriers are serious and impact the IT Governance process’ success. Dahlberg and Kivijärvi (2006) contend that “alignment of business and IT is impacted by an organization’s competitive strategy and business objectives, beliefs concerning IT (for example, IT knowledge, attitudes and past experiences), corporate governance and organizational culture (e.g. corporate governance practices and structures, performance measurement culture, corporate history), and by the perceived status of IT governance (perceived value and business opportunities delivered by IT)”. Based on the conclusions mentioned earlier, the following recom-mendations regarding IT governance in the Lebanese organizations can be stated:

- Top management leadership of the Lebanese organi-zations should understand the benefits and primary drivers behind implementing IT Governance.
- Lebanese organizations should put more effort into applying IT Governance frameworks, especially integrated frameworks.
- Top management should empower IT employees by sharing with them strategic issues in order to enhance their knowledge of IT Governance, IT Governance should be viewed as a means of standardizing work and not as a generic law that states rules and procedures.

The aforementioned recommendations abide by the recommendation provided by Ribbers et al. (2002) and Patel (2004); both cited in De Haes and Van Grembergen (2005), and who contend that “optimal mix of structures, processes and relational mechanisms is of course different in every organization and depends on multiple contingencies” (p. 16). Furthermore, the aforementioned recommendations are sustained by the recent Lebanese organizations’ intention to deal with the subject of IT values and IT Governance with the newly formed CIO Lebanon Association (Nicolian et al., 2014).

IMPLICATIONS

This research provides guidance for academicians, practitioners and researchers on how IT Governance is deployed in practice. Furthermore, this paper adds to the very little  recorded  research  in  Lebanon  and  the  Arab region. Although more and rich research is conducted on Governance per-se in the Arab region (World Bank, 2009; Stel, 2013; Moubayed-Bissat, 2015), little is done about IT governance. For example, the World Bank (2009) reports that “Arab Countries in Transition (ACT) governments fare poorly on global governance rankings. According to the World Bank’s Worldwide Governance Indicators, the perception of government effectiveness—the reach and quality of public services, the professionalism and independence of the civil service, the quality of policy formulation and implementation, and the credibility of the government’s commitment to such policies—has declined in several ACTs between 2010 and 2012”.

However, the aforementioned does not reflect direct IT governance. On the other hand, Baaklini (2009), an MBA student at the American University of Beirut, researched the gap analysis between awareness and implementation of IT Governance in the Lebanese banking sector by assessing the five dimensions of IT Governance. Al-Qirim and Ajami (2013) conducted their research on IT governance in higher education in Abu Dhabi, UAE. They assert that “an efficient IT governance ITG is required to assure that all kinds of expensive and complex information technology is appropriately governed. They proposed a theoretical framework derived from COBIT and Six Sigma to help in governing IT in higher education institutions”.

While, Ramlaoui and Semma (2014) from Hassan 1 University, Morocco, conducted a comparative analysis between different IT governance frameworks, namely, COBIT and PMBOK. In addition Nicolian et al. (2014) found that there is a “lack of formal IT Governance” in their sample of Lebanese organizations, especially the ones in the banking sector, which have instituted structural forms of governance.  Also, the Lebanese Internet Society (2015) conducted a forum within the context “The Internet Multi-stakeholder Governance Model” to discuss and assess “if the partnership between the Internet stakeholders in Lebanon is healthy and effective and to identify policies and procedure that might
improve that partnership and make it more effective” (Para 3).

This research also contributes to the already existing cases in higher education and banking, by adding an insight into how new companies can reveal how other organizations are using IT governance practices and what the determining contingencies are. In congruence with De Haes and Van Grembergen (2005), “the ultimate goal is to measure the relationship between the established IT governance framework and the degree of achieved strategic alignment”.

LIMITATIONS

This research is exploratory and is based on a relatively small sample of one hundred questionnaires; a fact that is a limitation as the researchers cannot generalize the results and findings. Furthermore, results represent three specific service institutions, namely, banking, investment institutions and IT firms. Another limitation is in terms of scope. However, this research is still considered an eye opener on the topic where no formal research is published in Lebanon.

Based on all what has been mentioned previously, future researches on IT governance in Lebanon must focus more on the drivers of implementing IT governance, and most importantly on the barriers that prevent this implementation. Future research should focus on ways to mitigate and/or eliminate these barriers in order to facilitate the implementation of IT Governance. The researchers feel that those barriers are essentially the basis for future IT Governance research in Lebanon. Future research should also highlight the importance of the benefits of IT Governance on the IT department and on the organization as a whole. As a methodology choice, it is recommended to focus more on face-to-face interviews, specifically with medium and high level IT managers including the C-level executives in order to guarantee the completeness of data provided.

ACKNOWLEDGEMENTS

The authors would like to acknowledge the valuable constructive criticism and editing performed by Mrs. Henriette Skaff, senior editor at American University of Science and Technology’s Publications Department.

REFERENCES