1844 E-Business Process Management and IT Governance specify business activities as business processes, and without realizing these tend to be e-business processes. However, given the current business conditions and a clear understanding by organiza- tions about the complexities of their e-business processes, management of e-business processes is taking center stage (Smith et al., 2002). In the current business scenario where e-business processes, along with information are considered key organizational assets and management of business processes a strategic capability (Kalakota & Robinson, 2003), it is imperative that organiza- tions clearly delineate the need for relevant and pertinent information as it provides visibility and transparency. Additionally, IT being the single most important predictor of the business value of IT (Weill & Ross, 2004) drives the need to analyze and understand the implications of e-BPM on IT governance. The key objective of this article is to investi- gate the implications of e-BPM on IT governance through the analysis of available literature. In SDUWLFXODUWKHDUWLFOHDUJXHVWKDWDGLUHFWLQÀX- ence of e-BPM on IT governance performance is inevitable. While the importance of both effective e-BPM and IT governance is intuitively clear, there is currently little research on elements of IT governance that get enabled by e-BPM. More importantly, there is the lack of a theoretical framework that could be used to analyze. To ad- dress this shortcoming, the article also presents an analysis framework. The analysis framework is particularly useful as it incorporates elements from prevalent IT governance frameworks. Using the analysis framework, the article then examines the implications of e-BPM on IT governance and develops research propositions. The aim of developing the propositions is to enable further investigation and research thereby contributing to IT management theory. BACKGROUND E-BPM and Its Current State of Adoption E-BPM views business processes from an end- to-end perspective (Smith & Fingar, 2003). Successful e-BPM adoption views end-to-end processes as a crucial element as these possess characteristics that make their management imperative and technology has not been able to cope with the reality to such processes (Smith et al., 2002). According a survey conducted by the BPM Institute, the three most critical factors that enable organizations to gain the highest return on BPM initiatives are (BPM Institute, 2004): • Identification of high value e-business processes in areas such as compliance and regulatory requirements, risk management, customer-facing services and supply chain operations. • Developing metrics to achieve measurable, TXDQWL¿DEOHUHVXOWVWKURXJKLPSURYHPHQWV LQRSHUDWLRQDOHI¿FLHQF\SURFHVVYLVLELOLW\ and control and business agility (Weill, Subramani, & Broadbent, 2002). • Establishment of long-term goals to evolve from process improvement to process excel- lence. It is obvious that organizations to be effective in addressing all the three critical factors men- tioned above must have a high level of e-process management capability. In order to enhance their e-process management capability organizations must address it from dimensions that include the levers that have the ability to make the capabil- ity change happen and the capability levels itself (Fisher, 2004). 1845 E-Business Process Management and IT Governance IT Governance Firms manage their key assets that typically in- FOXGH²KXPDQDVVHWVSK\VLFDODVVHWV¿QDQFLDO assets, intellectual property assets, relationship assets, and information/information technology assets. Maturity across the governance of the NH\ DVVHWV YDULHV VLJQL¿FDQWO\ ZLWK ¿QDQFLDO and physical assets typically best governed and information assets among the worst (Weill & Ross, 2004). IT implementations to make these happen require both large upfront and ongoing investments. Changing business needs and to some extent changing technologies necessitates this (Weill & Ross, 2004). Organizations must get acceptable value from their investments in IT. Top performing organizations generate returns on their IT investments up to 40% more than their competitors (Weill & Broadbent, 1998). Effec- tive IT governance is the single most important predictor of the value (Weill, 2004; Weill & Ross, 2004). Developing an Analytical Framework Two IT governance frameworks (i.e., the CO- BIT Framework of the IT Governance Institute (ITGI) and the IT Governance Design Framework VSHFL¿HGE\WKH0,76ORDQ¶V&HQWHUIRU,QIRUPD- tion Systems Research (CISR)) are considered for analyzing the implications of e-BPM on IT governance. The CISR IT Governance Design Framework (Weill & Ross, 2004) takes a two-dimensional stakeholder approach to IT governance. It consid- ers IT as one the six key assets needing governance as part of overall corporate governance. The IT Governance Design Framework addresses criti- cal issues along two dimensions presented as the Governance Arrangement Matrix (Weill 2004; Weill & Ross, 2004): • Decision categories: Major categories of decisions that organizations must make in order to ensure effective management and use of IT. These are: (1) IT principles, (2) IT architecture, (3) IT infrastructure, (4) Busi- ness application needs and 5) IT investment and prioritization. • Governance archetypes: Structures and stakeholders for specifying decision rights; WKHIUDPHZRUNLGHQWL¿HVVL[DUFKHW\SHVIRU various decisions. These are: (1) business monarchy, (2) IT monarchy, (3) feudal, (4) federal, (5) duopoly, and (6) anarchy. ITGI’s COBIT Framework (IT Governance Institute, 2000a) takes a one-dimensional control oriented approach to IT governance (IT gover- nance Institute, 2000a). COBIT is a business process oriented and therefore addresses itself in WKH¿UVWSODFHWRWKHRZQHUVRIWKHVHSURFHVVHV This approach stems from the fact that the process owners are responsible for the performance of their processes, where IT is an integral part (IT Gover- nance Institute, 2000b). The COBIT framework provides a set of 34 high-level control objectives, one for each of the IT processes, categorized into four domains: (1) planning and organization, (2) acquisition and implementation, (3) delivery and support, and (4) monitoring. Additionally, the COBIT Framework provides management guidelines that are action oriented and generic management directions for control- ling the enterprise’s information processes, for tracking organizational goals, for IT process performance monitoring and for benchmarking organizational achievements (IT Governance Institute, 2000b) through the (1) IT governance maturity model to assess and benchmark IT governance capabilities and maturity, (2) criti- cal success factors that specify the most critical implementation guidelines to achieve control over IT processes, (3) key goal indicators that determine whether an IT process has achieved its business requirements, and (4) key performance indicators that indicate how well an IT process is performing and whether it is on target to achieve 1846 E-Business Process Management and IT Governance its business goals. Deeper analyses of both frame- works reveal similar underlying issues. Presented below is a proposed mapping between the two frameworks and the underlying commonalities are amply evident. • IT Principles: Focuses on high-level state- ments on how IT is used and maps to PO1, PO3, PO4, PO6, and PO7 of the COBIT Framework. • IT Architecture: Focuses on the orga- nization logic for data, applications and infrastructure captured in a set of poli- cies, relationships and technical choices to achieve desired business and technical standardization and integration and broadly maps to PO2, PO3, PO4, PO10, PO11, DS5, and DS11 of the COBIT Framework. • IT Infrastructure: Focuses on coordination between shared IT services that provide the foundation for the enterprise IT capabil- ity and maps to AI1, AI2, AI3, AI4, AI5, AI6, DS1, DS2, DS3, DS4, DS5, DS7, DS8, DS9, DS10, DS12, and DS13 of the COBIT Framework. • Business Applications Needs:6 S H F L ¿H V W K H  business need for purchased or internally developed IT applications and maps to PO6 and PO8 of the COBIT Framework. • IT Investment: Focuses on decisions about the how much and where to invest and maps to PO5, PO9, PO10, PO11, and DS6 of the COBIT Framework. This article analyzes the implications of BPM on IT governance by anchoring it around the above discussed governance frameworks. This approach provides three advantages. 1. The governance frameworks, though dif - ferent in approaches, provide a fairly clear, stable and solid specification covering what, how, and why of IT governance. This enhances the probability of the analysis to have the necessary rigor. 2. The governance frameworks are based on corporate best practices (IT Governance Institute, 2000a; Weill & Ross, 2004), thereby making the analysis practical and pragmatic. 3. To some extent the differences between the governance frameworks can be bridged WKURXJKLGHQWL¿FDWLRQRIXQGHUO\LQJFRP- monalities during the analysis. Emerging Research Propositions The COBIT Framework clearly mentions that the 34 high-level IT processes and control objectives are primarily meant for business process owners to get relevant and pertinent information about their core e-business processes (IT Governance Institute, 2000a). Hence, the business process owners are the key stakeholders in governing IT, and that information about core e-business processes is key to managing IT (IT Governance Institute, 2000b). On the other hand, the CISR )UDPHZRUNLGHQWL¿HVPXOWLSOHVWDNHKROGHUVDQG groups them into six archetypes (Weill & Ross, 2004). Among the archetypes, Federal and Duopoly forms mention business process own- HUV(%30E\GH¿QLWLRQLVIRUEXVLQHVVSURFHVV owners managing their core business processes (Fingar & Smith, 2003; Smith et al., 2002). Hence the research proposition is: Proposition 1: Organizations adopting e-BPM are more likely to favor either federal or duopoly governance structures. Empirical evidence has revealed that most common archetype is either Federal or Duopoly (Weill & Ross, 2004). While the positive linkage between e-BPM and federal archetype has been discussed above, it is to be noted the successful e-BPM adoption and implementation depends a great deal on deploying BPM Systems (Delphi BPM Market Milestone Report, 2003; Smith et al., 2002; Smith & Fingar, 2004). This drives the 1847 E-Business Process Management and IT Governance need for considerable involvement of the IT group within the organization to assess, select, deploy and maintain complex BPM Systems. Hence the research proposition is: Proposition 2: Adopting e-BPM is likely to encour- age desirable governing structures thereby posi- WLYHO\LQÀXHQFLQJ,7JRYHUQDQFHSHUIRUPDQFH In the wake of Enron, WorldCom, and Tyco episodes, there has been a renewed interest in cor- porate governance. This has given rise to increased compliance and regulatory requirements like the Sarbanes-Oxley Act (Moeller, 2004) and BASEL II (Chorfas, 2004). A McKinsey study found that investors are willing to pay large premiums IRULQYHVWPHQWVLQ¿UPVZLWKJRRGJRYHUQDQFH standards. The Organization for Economic Coop- eration and Development (OECD) has published LQ  WKH ³2(&' 3ULQFLSOHV IRU &RUSRUDWH Governance” to help organizations adopt best practices (OECD, 2004). Corporate governance is primarily about governance of key organizational assets, e-BPM on the other hand is about the need to govern an organization’s core end-to-end busi- ness processes, a key asset (Hammer & Champy, 1993; Smith & Fingar, 2003). However, typical business processes are most likely to have ele- ments from all other key assets. Thus governing and managing business processes, a core element in corporate governance, forces organizations to:  GH¿QH FULWLFDO DQG RSWLPL]HG EXVLQHVV SUR- cesses that provide maximum customer value, (2) specify business rules that govern the processes, GHULYHEXVLQHVVUXOHVIURPFOHDUO\GH¿QHGDQG documented organizational policies and maintain complete traceability between them, (4) build clear accountabilities/decision rights through enhanced SURFHVVYLVLELOLW\GH¿QHSURFHVVSHUIRUPDQFH measures (business measures) needed to monitor, control and improve business processes, (6) de- ¿QHLQIRUPDWLRQQHHGVRIEXVLQHVVSURFHVVHV Quickly compose and execute newer processes to meet customer requirements, and (8) benchmark processes against accepted/derived standards. Hence the research proposition is: Proposition 3: Organizations adopting e-BPM are more likely to have effective corporate gov- ernance practices. Organizations expect good process manage- ment systems to have the capability to quickly compose e-business processes that deliver cus- tomer value by allowing them to take advantage of emerging business opportunities through agile practices (Kalakota & Robinson, 2003; Sadiq & Racca, 2003). However, in most occasions, frag- ments of such end-to-end (composite) business processes reside in multiple disparate IT applica- tions and systems (Sadiq & Racca, 2003). Creating composite e-processes requires BPM systems the ability to integrate disparate IT applications in a seamless manner (Sandoe, Corbitt, & Boykin, 2001). Process owners in specifying such com- posite e-business processes must be fully aware of the business intent and IT capabilities required WRIXO¿OOWKHLQWHQW.DODNRWD5RELQVRQ This results in closer business-IT alignment (Henderson & Venkatraman, 1993). Hence the research propositions are: Proposition 4a: Using BPM systems to enable process driven integration of disparate IT systems and applications is more likely to result in clearer IT principles. Proposition 4b: Specifying composite e-business processes through BPM systems is likely to result in sound expression of business application needs. Proposition 4c: Organizations with effective pro- cess management capabilities are likely to make better decisions regarding IT infrastructure. The Open Group Architecture Framework Version 8.1 Enterprise Edition (TOGAF) groups different aspects of Enterprise Architecture into 1848 E-Business Process Management and IT Governance four categories. These are business process ar- chitecture, applications architecture, data archi- tecture and technology architecture (The Open Group, 2003). As a guideline in its Architecture Development Methodology, TOGAF recommends organizations to develop their business process architecture prior to specifying the remaining three architectures (The Open Group, 2003; Zach- man 1999). This is because of the fact that data, applications and technology architectures are all driven by an organization’s process architecture (Bernus, Nemes, & Schmidt, 2003; Perks & Be- veridge, 2003). E-BPM fundamentally involves GH¿QLQJ WKH %XVLQHVV 3URFHVV $UFKLWHFWXUH SUHIHUDEO\WDNLQJDGYDQWDJHRILQGXVWU\VSHFL¿F and publicly available process frameworks like the supply chain operations reference (SCOR) model and the Enhanced Telecom Operations Map (eTOM) to enhance process visibility and transparency and managing those processes in a continuous manner (Poirier, Ferrara, Hayden, & Neal, 2004; Smith & Fingar, 2003). Hence the research proposition is: Proposition 5: Organizations adopting e-BPM are likely to make better decisions regarding their IT architectures resulting in overall robust enterprise architecture. 2UJDQL]DWLRQV VWUXJJOH LQ ¿QGLQJ VXLWDEOH PHFKDQLVPVWKDWZRXOG¿WWKHLUUHTXLUHPHQWV and culture (Grembergen, De Haes, & Gulden- tops, 2004; Weill & Broadbent, 2004). Generally, organizations use a multitude of governance mechanisms. Research has evidenced that certain governance mechanisms work better with certain governance structures. Hence, decisions to choose a certain set of governance mechanisms also depends on the structures organizations prefer (Weill & Ross, 2004). Besides, one of the key leadership principles for effective IT governance is implementing common governance mechanisms across the six key assets (Weill & Ross, 2004). E-BPM demands clear policies, unambiguous rules, exception handling, optimized processes, focus on customer value, clear accountabilities, visibility and transparency, measurement orienta- tion, and agility (Smith & Fingar, 2003). Hence the research proposition is: Proposition 6a: Organizations adopting e-BPM DUHOLNHO\WR¿QGWKHLU,7JRYHUQDQFHPHFKDQLVPV more effective and impacting. Proposition 6b: Adoption of e-BPM in organiza- tions is likely to facilitate and encourage imple- mentation of common governance mechanisms. While several organizations are now start- ing to adopt e-BPM, there are several areas of differences in adoption (Delphi BPM Market Milestone Report, 2003; BPM Institute, 2004). Some of these include: (1) the fundamental reasons for adopting e-BPM, (2) the extent of adoption (i.e., the kinds of business processes impacted, (3) process governance practices, (4) the extent to which BPM Systems are part of the overall adoption, (5) groups within the organization that are driving adoption, (6) the complexity of the e- business processes, (7) role of BPM deployments, (8) extent and complexity of systems integration desired, (9) extraction and abstraction of business UXOHV DQGEHQH¿WVDQWLFLSDWHGDQGVRXJKW With BPM organizations aim to move from their ³DVLVSURFHVVPDQDJHPHQWFDSDELOLW\´WR³WREH process management capability” (Smith & Fingar, 2004). Hence organizations adopting BPM assess WKHLU ³DVLV´ DQG ³WREH´ %30 0DWXULW\ EDVHG RQDVSHFL¿HG%300DWXULW\0RGHO)LVKHU 2004; Smith & Fingar, 2004). Through the earlier research propositions the paper argued that, in general good process management capabilities S R V LW L YH O\ L Q À X H Q F H V , 7 J RYH U Q D Q F H S H U I R U P D Q F H   Further, effective IT governance is the single most important predictor of business value of IT (Weill & Ross, 2004). Hence the overall research propositions are: 1849 E-Business Process Management and IT Governance Proposition 7a: Organizations with higher process management maturity levels are likely to exhibit higher IT governance maturity levels. Proposition 7b: Organizations adopting process management are likely to have more effective IT governance practices, thereby leading to higher business value of IT. FUTURE RESEARCH It is suggested that research propositions in this DUWLFOHEDVHGRQWKHRU\DQGH[SORUDWLRQEHYHUL¿HG ZLWKHPSLULFDOVWXGLHV6SHFL¿FDOO\WKHUHDUHDW least three areas of theoretical and empirical stud- ies that seem particularly plausible. These are: 1. Investigating the propositions in a larger ¿HO G V W X G \ W R Y D O L G D W H ZKH W K H U W K H V H S U R S R V L- tions are applicable and whether they can be generalized for theory advancement and development. 2. Investigating the differences in process management maturity and its impact on IT governance issues like decision categories, archetypes, governance mechanisms and their impact of IT governance performance, including disadvantages and associated ULVNVDVSURSRVLWLRQVUHÀHFWJHQHUDOVWDWH- ments. Such studies should preferably be longitudinal in nature in order to capture the long-term impacts in differing business, market and technology scenarios. 3. Development of a generic IT governance design framework along with an implemen- tation toolkit that harmonizes e-BPM with IT governance. CONCLUSION The impact of e-BPM on various aspects of IT gov- ernance was examined and presented as research propositions for further exploratory research. Increasingly being faced with the phenomenon RI³SURGXFWLYLW\SDUDGR[´%U\QMROIVVRQ and organizations struggling to justify IT invest- ments, governance of IT assumes a critical role in WKLVVFHQDULR+RZHYHUWKH¿UVWVWHSLQKDYLQJD formal IT governance program and freely using it to improve the IT function and overall business performance is the recognition that information and IT are key organizational assets that need to be closely governed and skillfully managed DORQJZLW K¿YHRW KHUNH\DV VHW V%X VL QHVVSU RFH VV orientation provides one of the approaches to elevate the status and criticality of information and IT to an organization. The harmonization of business processes and IT is natural and logical in most enterprises because cross functional and cross enterprise composite business processes are e-business processes and depend on information ÀRZVWKDWWUDQVFHQGRUJDQL]DWLRQDOERXQGDULHV and need to be supported by the IT infrastruc- ture. The paper discussed the implications of e-BPM on IT governance in detail and generally DUJXHGWKDWLWSRVLWLYHO\LQÀXHQFHV,7JRYHUQDQFH performance and helps organizations to extract more business value from their IT investments. 7KHDQDO\VLVDOVRSURYHGWREHXVHIXOLQEULHÀ\ comparing and contrasting two prevalent IT governance frameworks. The underlying theories in these frameworks allowed deriving several research propositions. :KLOHWKHRYHUDOOSRVLWLYHLQÀXHQFHRIH%30 on IT governance were presented and argued, it is also important to discuss and elaborate the consequences of taking this approach. Firstly, as discussed in propositions 2a and 2b, BPM is likely to favor certain archetypes and decision mechanisms for IT governance. An organization on the other hand may not be prepared for such a shift given its current culture, political environ- ment and business needs. Hence managers need t o a s s e ss t h i s a s p e c t v e r y c lo s el y. S e c on d l y, of l a t e many organizations are using outsourcing of IT capability as a management strategy, sometimes 1850 E-Business Process Management and IT Governance successfully. Organizations typically outsource commodity IT services and perhaps co-source RWKHU VHUYLFHV2XWVRXUFLQJDVDTXLFN¿[ PR- tivated by frustrations with IT is a symptom of problems in IT governance. Managers in such organization (which seem to be increasing) need to carefully evaluate the role IT plays in an or- ganizational context and then seek to address IT governance issues. REFERENCES Bernus, P., Nemes, L., & Schmidt, G. (Eds.). (2003). Handbook on enterprise architecture. Berlin: Springer. BPM Institute. (2004). Assessing the Current State of BPM Usage-A BPM Institute Executive White Paper. Northboro, MA. Brynjolfsson, E. (1993). The productivity paradox of information technology. Communication of the ACM, 36(12), 67-77. Chorfas, D. N. (2004). Operational risk control with BASEL II-basic principles and capital requirements. Burlington, MA: Elsevier But- terworth-Heinemann. Davenport, T. (1993). Process innovation-reen- gineering work through information technology. Boston: Harvard Business School Press. Delphi Group. (2003). BPM 2003 Market Mile- stone Report. Boston. Fisher, D. M. (2004, September). The business process maturity model-A practical approach for identifying opportunities for optimization. BP Trends. Retrieved from http://www.bptrends. com Grembergen, W.V. (Ed.). (2004). Strategies for information technology governance. Hershey, PA: Idea Group Publishing. Grembergen, W.V., De Haes, S., & Guldentops, E. (2003). Structures, processes and relational mechanisms for IT governance. In W. V. Grem- bergen (Ed.), Strategies for information tech- nology governance. Hershey, PA: Idea Group Publishing. Hammer, M., & Champy, J., (1993). Reengineering the corporation-A manifesto for business revolu- tion. London: Nicholas Brearley. Henderson, J. C., & Venkataraman, N. (1993). Strategic alignment-leveraging information technology for transforming organizations. IBM Systems Journal, 32(1), 4-16. IT Governance Institute. (2000a). COBIT 3 rd Edi- tion framework. Meadows, IL: IT Governance Institute. IT Governance Institute. (2000b). COBIT 3 rd Edi- tion Management Guidelines. Meadows, IL: IT Governance Institute. Kalakota, R., & Robinson, M. (2003). Services blueprint-roadmap for execution. Boston: Ad- dison-Wesley. Kim, H. M., & Ramkaran, R. (2004). Best practices in e-business process management-Extending a re-engineering framework. BPM Journal, 10(1), 27-43. Moeller, R. (2004). Sarbanes-Oxley and the new internal auditing rules. New York: John Wiley & Sons. The Open Group. (2003). TOGAF (Version 8.1) Enterprise Edition. San Francisco. Retrieved from http://www.theopengroup.org Organization for Economic Cooperation and Development (OECD) (2004). Principles of Cor- porate Governance SG/CG (99) 5. Directorate for Financial, Fiscal and Enterprise Affairs. Perks, C., & Beveridge, T. (2003). Guide to enterprise IT architecture. New York: Springer- Verlag. 1851 E-Business Process Management and IT Governance Poirier, C., Ferrara, L., Hayden, F., & Neal, D. (2004). The networked supply chain-applying breakthrough BPM technology to meet relent- less customer demands. Boca Raton, FL: J. Ross Publishing. Porter, M. (1985). Competitive advantage. Lon- don: Collier Macmillan Publishing. Sadiq, W., & Racca, F. (2003). Business services Orchestration-The Hypertier of information tech- nology. Cambridge, UK: Cambridge University Press. Sambamurthy, V., & Zmud, R.W. (2000). Research commentary—The organizing logic for an enter- prise’s IT activities in the digital era-A prognosis of practice and a call for research. Information Systems Research, 11(2), 105-114. Sandoe, K., Corbitt, G., & Boykin, R. (2001). Enterprise integration. New York: John Wiley & Sons. Smith, H., & Fingar, P. (2003). Business process management—The third wave. Tampa, FL: Meghan-Kiffer Press. Smith, H., & Fingar, P. (2004, July). Process Man- agement Maturity Models. BP Trends. Retrieved IURPKWWSZZZESWUHQGVFRPSXEOLFDWLRQ¿OHV 07%2D04%20COL %20Maturity%20Models% 2D%20Smith%2DFingar %2Epdf Smith, H., Neal, D., Ferrara, L., & Hayden, F. (2002). The emergence of business process man- agement. CSC Research Services. Retrieved from http://www.csc.com Weill, P. (2004). Don’t just lead, govern—How WRSSHUIRUPLQJ¿UPVJRYHUQ,7&,65:RUNLQJ Paper No. 341. Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure—How market leaders capitalize on information technology. Boston: Harvard Business School Press. Weill, P., & Ross, J. W. (2004). IT governance How top performers manage IT decision rights for superior results. Boston: Harvard Business School Press. Weill, P., Subramani, M., & Broadbent, M. (2002). IT infrastructure for strategic agility. MIT Sloan Management Review, 44(1), 57-65. Zachman, J. A. (1999). A framework for informa- tion systems architecture. IBM Systems Journal, 38(2&3), 454-470. KEY TERMS COBIT: The COBIT (Control OBjectives for Information and related Technologies) is an IT *RYHUQDQFH)UDPHZRUNVSHFL¿HGE\WKH,7*RY- ernance Institute. The COBIT model describes the ³FRQWUROREMHFWLYHV´IRU,7SURFHVVHVDQGWKH management guidelines, implementation guide- l i n e s a n d o u t c o m e m e a s u r e s f o r t h e p r o c e s s e s . Governance Archetype: Archetypes typi- cally involve various stakeholder constituencies and their decision rights within the purview of IT governance. Governance Decisions: These represent the most crucial domains of IT decisions that are key t o g o o d I T g o ve r n a n c e , a n d i n c l u d e s I T p r i n c i p l e s , IT architecture, IT infrastructure, Business ap- plication needs and IT investment management. Governance Mechanism: These are ap- proaches adopted by organizations to implement and institutionalize governance structures and practices. IT Governance: The decision rights and accountability framework to encourage desir- able behaviors in the use of IT (Weill & Ross, 2004). The locus of enterprise decision-making authority for core IT activities (Sambamurthy & Zmud, 2000). 1852 E-Business Process Management and IT Governance IT Governance Maturity Model: This is part of the COBIT management guidelines and LVD¿YHVWDJHPDWXULW\PRGHORI,7JRYHUQDQFH and a series of tool kits, audit guidelines and implementation guidelines. The levels ranging IURP³QRQH[LVWHQW´WR³RSWLPL]HG´UHSUHVHQW progressively higher degree of effective gover- nance practices and processes. This work was previously published in Encyclopedia of E-Commerce, E-Government, and Mobile Commerce, edited by M. Khosrow-Pour, pp. 272-278 , copyright 2006 by Information Science Reference (an imprint of IGI Global). 1853 Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 6.9 A Prototype E-Business Model to Create a Competitive Advantage in SMEs S. Pavic 8QLYHUVLW\RI6KHI¿HOG8. M. Simpson 8QLYHUVLW\RI6KHI¿HOG8. S. C. Lenny Koh 8QLYHUVLW\RI6KHI¿HOG8. ABSTRACT This study explores new ways for SMEs to cre- ate a competitive advantage through the use of e-business. It examines the level of ICT use in 60 ( V D Q G L G H Q W L ¿ H V W K H G U LY H U V D Q G E D U U L H U V Z K L F K  owners/managers face in adopting e-business. Furthermore, it explores the degree of awareness amongst SMEs of the opportunities available to them for developing their employees, their busi- ness strategies, and their attitudes toward the range of initiatives and options, on the use of e-business. Industry behaviour and organisational culture in relation to the creation of competitive advantage through e-business also are explored. Case studies and literature review are used to collect informa- tion from and about SMEs in the UK. The results of these are employed to propose a prototype EXVLQHVVPRGHOQDPHG&$7(E±³&RPSHWLWLYH Advantage Through e-business.” INTRODUCTION The economic environment in which businesses ¿QGWKHPVHOYHVWRGD\LVSHUKDSVWKHPRVWWXUEXOHQW LQKLVWRU\,WLVGRPLQDWHGE\WKUHHSRZHUIXOLQÀX- ences: globalisation, knowledge and information revolution, and structural change of organisa- tions (Booz Allen Hamilton, 2002). Therefore, in this new era of the e-economy, the traditional starting point for strategic business thinking in . data, applications and infrastructure captured in a set of poli- cies, relationships and technical choices to achieve desired business and technical standardization and integration and broadly. DS10, DS12, and DS13 of the COBIT Framework. • Business Applications Needs:6 S H F L ¿H V W K H  business need for purchased or internally developed IT applications and maps to PO6 and PO8. status and criticality of information and IT to an organization. The harmonization of business processes and IT is natural and logical in most enterprises because cross functional and cross