An IT Governance Framework for Universities in Spain
Antonio Fernández1 and Faraón Llorens2
1

Dpto. Lenguajes y Computación, Universidad de Almería, Crta. Sacramento s/n La Cañada de San Urbano, 04120 Almería Spain, afm@ual.es - 2 Dpto. Ciencia de la Computación e Inteligencia Artificial, Universidad de Alicante, Apartado de correos 99, 03080 Alicante Spain, Faraon.Llorrens@ua.es Keywords IT Governance, framework, principles, objectives, ISO 38500, ITG4U, Higher Education, universities.

1.

EXECUTIVE SUMMARY

1.1. Background
This paper starts with a general introduction to the concept of IT Governance, including some of the most important references to previous works in this relatively new field. Among these references, the one proposed by ITGI (2005) regarding the COBIT framework is particularly noteworthy. This proposal also describes the IT Governance framework designed by JISC (2007) for Universities in the United Kingdom, which is particularly interesting for us as it is geared towards universities. Finally, the main characteristics of the ISO/IEC 38500:2008 international standard regarding “Corporate Governance of Information Technology” are presented.

1.2. Alternatives
Using these previous experiences as a starting point, Fernandez (2008) developed a Universityoriented IT Governance Framework (ITG4U) for the Spanish Association of University Rectors (CRUE in Spanish), published in December 2008, which is based on the JISC model and describes the principles and characteristics of the new international standard ISO 38500 (2008). The ITG4U is divided into three levels: the upper level contains the 6 ISO 38500 principles; the middle level includes seventeen IT objectives and their relationship with each of the ISO principles; the lower level consists of three types of metrics (maturity indicators, qualitative evidence indicators and quantitative evidence indicators) that will be used to measure whether IT objectives have been fulfilled. The paper also presents the features of CRUE’s framework and the results from its validation process. In order to simplify the implementation of the ITG4U framework in each university, several tools are to be developed: a web application with the questionnaire that supports the auto-evaluation process about IT Governance maturity and a system for automatic result analysis, a maturity model definition (similar to COBIT´s), the creation of a good practices guide to support the design of improvement initiatives, and the publication of an annual study interpreting the status of IT Governance within the global context of the Spanish Higher Education System (SUE).

1.3. Conclusions
The ITG4U Framework proposed by CRUE will be very useful in designing improvement actions that may be implemented in each university in order to reach a higher IT governance maturity level. The Spanish Higher Education System will have common tools to provide information in order to compare universities and to help design global improvement actions. On the other hand, as long as the model is reasonably general, other European universities will be able to use it without having to make significant changes. At least, it will provide a good reference and the experience gained through its implementation may be taken into account in the design of their own IT governance frameworks.

2.

IT GOVERNANCE IN HIGHER EDUCATION (HE)

2.1. Definition of IT Governance
According to ISO/IEC 38500 (2008) “Corporate Governance of IT is the system by which the current and future use of IT is directed and controlled. Corporate governance of IT involves evaluating and directing the use of IT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using IT within an organisation”. Other interesting definitions: IT Governance Institute (2003), “IT governance is the responsibility of the board of directors and executive management. It is an integral part of