IT Governance Maturity for Uganda’s Higher Institutions of Learning

The daily application of information technology (IT) in the public sector organizations and its positioning as a critical driver for economic growth require a focus on implementing IT governance. Despite the increasing application of IT, there is limited academic systematic research regarding the maturity of IT governance and process improvement in higher institutions of learning (HILs). IT in HILs is highly complex, and managing complex systems of processes and platforms in HILs necessitates tools to assess and provide guidelines for integrating organizational processes. This research, therefore, evaluated the IT governance processes in HILs in Uganda and established the maturity level to ensure continuous improvement and organizational maturity. Eight HILs in Uganda were measured using 15 IT processes of the COBIT framework and rated with the generic maturity model. Data were analyzed using MS Excel. Results indicated IT governance maturity level of HILs in Uganda was at Level 2 (repeatable).


INTRoDUCTIoN
The day-to-day use of IT in organizations has led to increased investment in IT systems (Adaba & Rusu, 2014). NITA-U (2018) notes that IT usage in public sector organizations enhances effective and efficient public service delivery. For HILs, IT enables automated access to educational services through IT platforms for academic and management functions (Montenegro & Flores, 2015). The IT systems in HILs are complex and diverse, consisting of a diverse set of technologies involving various applications, platforms, educational systems, and cloud applications to support their teaching, learning, research, and administrative processes (Bianchi et al., 2017). Hence, managing IT systems in HILs requires a focus on IT governance (Laita & Belaissaoui, 2017;Nyeko et al., 2018).
IT governance is a central portion of an organization's governance consisting of leadership, organizational structures, and processes to enable the IT in organizations to sustain and extend the strategies and objectives of the organization (ITGI, 2003). According to Weill and Ross (2004), IT governance involves applying IT processes that enable IT activities to be aligned with the organization's mission, strategy, and objectives. Numerous standards on IT governance exist. The prominent ones include Information Technology Infrastructure Library that describes practices for managing IT services (Zhang et al., 2013); Control Objectives for Information and related Technology (COBIT) that describes policies and practices for control of IT and security (ISACA, 2004); and ISO 38500 for IT corporate governance (OGC, 2008). However, the COBIT framework is adopted in this study due to its wide acceptance in IT governance practice (ITGI & PwC, 2008). Eckel and King (2004) note that higher institutions consist of post-secondary education, research guidance, and training conducted at institutions like universities licensed by state authorities as educational institutions. Yudatama et al. (2017) further state that HILs are supposed to be non-profit entities encompassing academic and administration sections. The administration section supports the academic area for the smooth running of the institution considering education as the primary business (Yudatama et al., 2017). According to Forest and Kinser (2002), HILs carry out teaching, exacting applied work research, and social services. IT facilitates dissemination of knowledge, supports and improves academic activities, and enables sharing educational content (Yasemin et al., 2008;Lockyer et al., 2001). Additional, through the proper use of IT systems, disadvantaged groups of people can be reached (Toro & Joshi, 2012).

IT Governance Maturity
IT governance maturity is a measure that entails a collection of IT capabilities that concerns what the IT department provides for the business (Axios, 2018) by indicating the progress of an organization over time (IGI Global, 2021). Microsoft IF&SRT (2009) further states that a maturity model as a measure designates and evaluates the practices and processes that let an organization achieve dependable and supportable results. In addition, Axios (2018) asserts that a mature IT organization is pertinent to business goals, competently functions, and can rapidly change as business requirements change. In contrast, a low maturity IT organization may incline to provide wrong things at an unacceptable cost and fail to change as business requirements change.
For HILs, a maturity model works as a point of reference to understand the reality of the situation institutions must follow to realize excellence by defining the path to undertake and providing quality mechanisms at each maturity level (Carvalho et al., 2018). Studies on IT governance maturity exist, such as a comparative study of maturity models of different subareas of education was identified and categorized in HILs (Carvalho et al., 2018). Tocto-Cano et al. (2020) present a method that detects gaps in existing maturity models for universities since they do not indicate their whole dimensions. Duarte and Martins (2013) provide an extension to a business process maturity model for HILs. Đurek and Ređep (2016) proposed a method to prioritize elements in the digital maturity framework for HILs and assessing the digital maturity level of HILs in Croatia.

Challenges of IT Governance Maturity in HILs
HILs are unique institutions whose technological infrastructure comprises heterogeneous technologies such as diversity of applications, educational systems, cloud applications, different platforms (Duarte & Martins, 2013). In addition, HILs have a large spectrum of platforms like student relationship management, learning management systems, survey tools, and business intelligence (Carvalho et al., 2018;Duarte & Martins, 2013). Hence, HILs must have a cohesive strategy that is capable of supporting their transverse processes.
Besides, HILs lack standard academic management processes (Carvalho et al., 2018). Each HILs follows its internal procedures, which become an obstacle to adopt standard software packages. However, some commercial and open-source products have been developed, such as Moodle (Carvalho et al., 2018), and initiatives for interoperability of processes in HILs (Ribeiro et al., 2016) make it evident to alter this situation.
Managing such complex processes and platforms in HILs necessitates tools to assess and provide guidelines for integrating organizational processes and information systems. Thus, an IT governance maturity model using 15 processes of COBIT (Guldentops et al., 2002;ISACA, 2003) and scored using the generic maturity model (ITGI, 2003(ITGI, : 2007 was used to assess the maturity level of IT governance in HILs in Uganda.

Theoretical Framework
Following an earlier paragraph, the COBIT framework was created by IT Governance Institute, Information Systems Audit and Control Association . It has three parts. Namely: Criteria for information, IT resources, and processes for IT (COBIT, 2007). IT processes have four domains (COBIT, 2007) with 34 cases of IT (Devos & Van de Ginste, 2015). The four domains involve; acquire and implement, deliver and support, plan and organize and monitor and evaluate (COBIT, 2007). Furthermore, COBIT consists of management guidelines for assessing, implementing, and improving IT management consistent with organizational business goals (Van Grembergen & De Haes, 2008).
One of the evaluation tools is the generic maturity model. The maturity model provides guidelines undertaken by management in organizations to do self-evaluation through measuring the level of management processes for 34 IT processes of COBIT (ITGI, 2003). According to Nfuka and Rusu (2010), maturity level ranges from 0 to 5, showing the state for every IT process and what should be in place to realize a higher level. Also, ITGI (2008) notes that maturity level shows IT governance in an organization and compares it with other geographical locations to develop strategies for improvement. The generic maturity model, as highlighted above, is given in Table 1.
Several evaluations on IT governance maturity have been conducted. For example, the IT governance maturity level evaluates Swedish electric utilities' support systems and administrative processes (Simonsson et al., 2007). Establishing a governance maturity reference benchmark for the public and not-for-profit organizations (Guldentops et al., 2002;Liu & Ridley, 2005). The study on maturity level and its effects on IT governance for public sector organizations in Australia (Liu & Ridley, 2005). Conversely, Yanosky and Caruso (2008) present a poorly moderated maturity level of IT governance for HILs. While these studies underscore the importance of IT governance in ensuring the successful adoption of IT systems, many public sector organizations in developing countries like Uganda are yet to streamline IT governance.

Ugandan Context
IT governance maturity is still low in public sector organizations in Uganda. For example, a survey on "IT performance for public sector organizations" indicated a low maturity level of IT governance (NITA-U, 2018). The survey shows that the ICT technical committee is at 29.9%, the ICT steering committee is at 28.6%, and 53.9% were positioned at the unit level and 33.9% at the department level. Also, knowledge, IT resources, and culture limitations for developing countries (Ndou, 2004;Bakari, 2007) express a need to evaluate IT governance maturity. Evaluation of IT governance maturity level shows the condition of IT processes and what is required to sustain and increase IT governance in such changing environment (Amanat, 2018;Nfuka, 2012).
Therefore, this paper evaluates the IT governance maturity level in eight HILs in Uganda. The study analyses 15 COBIT processes scored with the generic maturity model (ITGI, 2003; (see  table 2) as in earlier related studies (Amanat, 2018;Nfuka & Rusu, 2010). Furthermore, a comparison of IT governance maturity level in HILs in Uganda was done with selected public sector organizations in Pakistan (Amanat, 2018) and Australia (Liu & Ridley, 2005) as well as with an international range of nations (ISACA, 2003).

Empirical Source
Eight public degree-awarding HILs in Uganda were selected to evaluate IT governance maturity. HILs were chosen because of their high dependency on IT for teaching, learning, research, administrative processes, and community outreach. Given that the selected HILs are examples of public sector organizations of a developing country (Uganda), the attained state of maturity on how they plan, implement, support, and monitor IT signifies IT processes' relative maturity in organizations with similar set-up and environment. HILs were: Gulu University (GU) which was established after appointing a technical task force in 2001 to set up the institution (Gulu University, 2018). Busitema University (BUS) was established to improve equitable access to university education in the eastern part of the country (Busitema University, 2019). Makerere University (MUK), the largest and oldest HIL, was first established as a technical school in 1922 (Roach, 2011). Lira University (LU) was the first public institution teaching hospital in Uganda established to train students in health sciences (Lira University, 2020). Soroti University (SU) was the newest degree-awarding institution established by the Government of Uganda after lobbying by stakeholders from the Teso sub-region in the Soroti district (Beinomugisha, 2015). Kyambogo University (KYU) was established in 2003 after a merger of Uganda Polytechnic Kyambogo, Institute of Teacher Education Kyambogo, and Uganda National Institute of Special Education (Cula, 2005). Kabale University (KAB) donates to the development of Kigezi and Africa at large through service delivery, research, and training (Kushaba, 2012). Mbarara University of Science and Technology (MUST) was established in the former Nursing and Midwifery School to cover the gap of health professionals in the country (MUST, 2019).
An exploratory survey was conducted between September and October 2020. A questionnaire consisting of 6 Likert scales ranging from 0 to 5 was administered to 51 participants to ascertain their agreement on established, formalized, and documented IT processes. The development of the questionnaire was based on a maturity measurement tool by ITGI (2007) that was customized to fit the studied environmental context and the 15 IT processes of COBIT.
A total of 51 persons participated in the survey involving IT and business representatives, specifically IT and Business Directors/Managers as in earlier related studies (Amanat, 2018;Nfuka & Rusu, 2010;ISACA, 2003). The selection of participants was based on their role in IT leadership and decision-making.

Research Process
The researcher informed participants of the purpose of the survey. Documents were gathered by Chief Information Officers (CIOs) in HILs, which were availed to the researcher. Hence, documents were used to verify data, thus adding credibility (Yin, 2003) to the rated maturity level. Such documents included IT policies, procedures, strategies, structures, plans, performance reports, and meeting minutes. Whenever a higher maturity level was quoted and not supported by an accompanying document, the researcher noted the document, clarified it, and discussed the document with the participants. Participants were requested to indicate the actual score depending on formalized IT processes. Most participants understood the IT processes, although some confused them at the beginning. The data collected was analyzed using MS. Excel software and represented graphically using charts (Manikandan, 2011).

RESULTS
This section presents results of IT governance maturity in eight public degree-awarding HILs in Uganda. The comparative maturity level study (Carvalho et al., 2018;Amanat, 2018) for IT processes, domain level, IT processes at the institutional level, and country (economic) status is as follows.

IT Governance Maturity Level for HILs in Uganda
The average maturity level across the eight HILs in Uganda was 2.72 (see table 4) with a range between 0.79 and 3.91 and 80% (12 over 15) IT processes were greater than 2.00 compared to 20% Table 3

. Distribution of participants in HILs in Uganda
(3 over 15) IT processes were lower than 2.00. This showed that the lower end was at an initial stage (level 1), whereas the higher level was at the defined process stage (level 3). On average, processes apply comparable procedures used by various people responsible for a similar job; however, official communication of standard practices is limited, resulting in errors. Results showed that issues need to be addressed to increase the IT governance maturity level.

Comparison of IT Processes
IT processes in HILs in Uganda were compared, as shown in Figure 1. It was observed that some IT processes performed reasonably well, and others performed poorly.
IT processes that reasonably performed include the following: 1. DS1: Define and manage service levels with a maturity level of 3.91. A possible reason could be that all HILs needed to follow procurement and disposal procedures as stated in Public Procurement and Disposal of Public Assets Act 1 of 2003 (PPDA, n.d.). No HIL receives a service without a formally signed contract between the institution and the service provider. 2. PO1: Define a strategic IT plan with a maturity level of 3.81. This score is that all HILs in Uganda had an IT strategic plan which was included in the master plan of the institution. Secondly, e-learning is an emphasized mode of remote teaching and learning in institutions due to the COVID-19 pandemic. NCHE set guidelines for e-learning in HILs across the country (Daily Mornitor, 2020); hence, IT cannot be avoided since it's an enabler for this activity and its direction, as indicated in the strategic plan. 3. DS11: Manage data with a maturity level of 3.23. This might be due to the massive use of IT systems (such as human resource management systems, Integrated Financial Management, and System Academic Information Management System) developed externally and internally to store and reserve institutional academic and administrative data.

Table 4. Shows the average maturity level of IT processes for the eight HILs in Uganda
These findings were consistent with the previous study of a developing country (Amanat, 2018;Nfuka & Rusu, 2010).
In contrast, the IT processes that performed poorly include: 1. PO9: Assess IT risks with a maturity level of 0.79. The low performance could be associated with the fact that institutions use ad hoc approaches on IT risks that hinge on a system-to-system basis. In addition, institutions did not hold a budget for IT risk management due to the limited funds since IT risk management was not considered a priority. These findings are consistent with previous authors of developing countries (Amanat, 2018; Nfuka & Rusu, 2010). 2. DS4: Ensure continuous service with a maturity level of 0.85. The reason for the low score could be that institutions had sustainability and maintenance challenges of IT systems. Some IT systems were donor-funded, and their management was challenged when donor funds ended. For example, the Blackboard learning management system was a project for learning and teaching at Makerere University (Abigail, 2018), whose management was terminated because of high license costs (Ssekakubo et al., 2011).

Domain-Level Comparison
A comparison of domains of 15 IT processes in eight HILs in Uganda was made. Results in figure  2 show variations in scores for the different domains. According to Figure 2, it is observed that domains scored different average maturity levels (figure 5.2). Domain Plan and Organise scored highest at 2.87. This is consistent with previous scholars (Nfuka & Rusu, 2010;Guldentops et al., 2002) who had a high average maturity level for plan and organize domain. The high average maturity level could be that before IT systems are introduced in HILs, they should be desired, and plans should be placed before implementation. For instance, due to the COVID-19 pandemic, all HILs must have e-learning facilities before conducting online lessons.
On the other hand, domain Deliver and Support had the lowest average maturity level at 2.44. The low score could be due to the high failure rate of IT systems that do not perform to the users' expectations. Also, the IT systems functions may not be aligned with the business goals. But, again, this is inconsistent with previous studies (Nfuka & Rusu, 2010;Guldentops et al., 2002), indicating higher maturity in the delivery and support domain due to policies and regulations.

Comparison of Maturity Level of IT Process at Institutional Level
A comparison for the maturity level for each of the 8 HIL in Uganda was carried out (see Figures 3  and 4). MUK scored the highest of 3.4. The possible reason could be that MUK was the oldest degreeawarding HIL in Uganda, having reasonably implemented IT governance mechanisms. Process DS5 -Ensure systems security scored highest of 4.9. This meant that MUK is sensitive to its information and applies reasonable security procedures to protect its data. Followed by AI2 -Acquire and Maintain Application Software with an average maturity level of 4.8. The possible reason for this score may be developing the various IT systems for both academic and administrative activities. The lowest IT process was AI1 -Identify automated solutions of 0.7 followed by AI6 -Manage changes of 1.4.
The second HIL with a high maturity level was KYU of 3.1. The possible reason for the high maturity level may be that KYU is at its best at operationalizing most of its IT functions and affiliated tertiary institutions. IT processes PO1 -Define a strategic IT plan and PO3 -Determine technological direction had the highest IT maturity level of 4.4. IT process PO9 -Assess IT risks and DS4 -Ensure continuous service had the lowest average maturity level of 0.7.
SU was the lowest of 2.3. The possible explanation for the low score could be that SU was the newest institution functional for two years where IT systems were being set up and at initial stages. The highest IT process was AI1 -Identify automated solutions of 4.5. Followed by DS1 -Define and manage service levels of 4.3. The lowest IT processes were: DS4 -Ensure continuous service of 0.4 and PO9 -Assess IT risks of 0.4.

Comparison with Developing Country, Developed Country, and Internationally
The scored average maturity level was compared with similar studies of selected public sector organizations in Pakistan (developing country), Australia (developed country), and international with various nations. The average maturity level for 15 IT processes was already indicated in previous  (2018), for Australia in Liu and Ridley (2005), and internationally across a range of nations in Guldentops et al. (2002). The data for studied Australian public sector organizations was published in 2005 and the international public sector benchmark in 2002; their numerical comparison could not be found (Amanat2018); hence, they could be compared in the chart. However, the comparison between the studied HILs and public sector organizations in Pakistan is in figure 5.
Analysis showed that the average maturity level for HILs in Uganda was higher than Pakistan but lower than Australia and intentionally from various nations. The maturity level of IT processes of selected public sector organizations in Pakistan ranged from 1.6 to 3.1, with the majority above the maturity level of 2.0 (60% or 9 out of 15), falling between 2.1 and 2.7. The maturity level of IT processes for the public sector in Australia ranged from 2.5 to 3.5, with the majority above the maturity level of 3 (60% or 9 out of 15) falling between 3 and 3.5. The maturity level of international public sector organizations ranged from 2 to 3, with the majority above 2.5 (87% or 13 out of 15) ranging between 2.5 and 3.0. Based on the generic maturity model, this indicated that IT processes for developed countries (such as Australia) and international are relatively well defined with standardized and documented measures (ITGI, 2000). This is comparable with the public sector organizations of developing countries such as Uganda that prompted to learn from them and improve.
Concerning the public sector organizations of developing countries such as Uganda prompted to learn from them and improve. IT process DS11-Manage Data performed well, like the studied public sector organizations in Australia. This meant that studied HILs in Uganda were equally well in managing data and related activities. Also, the studied HILs in Uganda should learn from the studied public sector organizations in Australia and improve on IT processes that performed low. Besides, most IT processes in the studied HILs in Uganda performed lower than the studied international public sector benchmark. This showed that studied HILs in Uganda were still lower than the studied international public sector benchmark. This could be caused by the time range between the two studies. Hence, the need to improve lower-performed IT processes in studied HILs in Uganda. Moreover, most of the IT processes in the studied HILs in Uganda performed better than Pakistan's selected public sector organizations. This could be caused by the different contexts in which the organizations are working.

CoNCLUSIoN AND FURTHER RESEARCH
The study sought to determine the IT governance maturity level for HILs in Uganda. This was attained by assessing the maturity of IT processes for eight HILs in Uganda as a developing country and compared with developing country (Pakistan), developed country (Australia), and internationally using various nations to benchmark for learning and embracing best practices. Analysis showed IT governance maturity level for eight HILs in Uganda was 2.72 (level 2: repeatable). Indicating that processes apply comparable procedures used by various people responsible for a similar job; however, official communication of standard practices is limited, resulting in errors. The studied HILs in Uganda performed better than 6 studied public sector organizations in Pakistan but lower than those in Australia and internationally. Most importantly, the study provided a reference benchmark of the maturity level of IT processes in HILs in Uganda previously unexplored.
More research on evaluating the maturity of IT processes in other public sector and private sector organizations in Uganda whose maturity level is unknown is still required. This will enable identifying the IT governance gaps and setting plans towards achieving the desired level of strategic alignment, IT governance maturity, and IT governance.

ACKNowLEDGMENT
This study was funded in part by the Swedish International Development Cooperation Agency and Makerere University.

FUNDING AGENCy
Publisher has waived the Open Access publishing fee.