IT Governance Implementation: The Determinant Factors

Ruben Pereira and Miguel Mira da Silva

Instituto Superior Tecnico, Lisbon, Portugal 

Copyright © 2012 Ruben Pereira and Miguel Mira da Silva. This is an open access article distributed under the Creative Commons Attribution License unported 3.0, which permits unrestricted use, distribution, and reproduction in any medium, provided that original work is properly cited.

Abstract

In the last 20 years, the use of IT by organizations has increased and ITG discipline is today a major concern. ITG has been recognized as a CIO top-10 issue for more than five years and has risen in priority between 2007 and 2009. Best practices and frameworks have been proposed in order to help organizations in ITG implementation. However, such practices and frameworks argue that the application of their practices depends on each organization context, but they don’t describe the different contexts and how the practices must be applied given the different contexts. Such fact calls for the identification and formalization of the determinant factors that can influence each ITG implementation which is not present in any framework. The researchers start the paper with a literature review to leverage such differentiator factors, herein called contingency factors, in order to provide a scientific viewpoint. Then, the researchers present the evaluation section with expert’s interviews in order to provide practitioner viewpoint. The researchers finalize the research with main contribution and future work section.

Keywords: IT, Governance, Implementation, Contingency Factors.

Introduction

Nowadays, IT plays a significant role in inter-organizational transactions and relations. Thus, IT has become a valuable asset and resource in contemporary business strategy literature (Dahlberg and Lahdelma, 2007; Gao, Chen and Fang, 2009; Jiandong and Hongjun, 2010). Many organizations have become totally reliant on IT for success and recognize that IT is becoming one of their main organizational assets (Gerrard, 2009; Park, Jung, Lee and Jang, 2006). Decisions about IT adoption, implementation and management are still complex, so many organizations are wasting a lot of money in bad IT acquisition (Lunardi, Becker and Macada, 2009).

Since IT has become crucial to the support, sustainability and growth of the business, this pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT Governance (ITG) (De Haes and Grembergen, 2008). Indeed, Gartner states that ITG has been recognized as a CIO top-10 issue for more than five years and has risen in priority between 2007 and 2009 (Gerrard, 2009). Some studies have shown that companies with good ITG models generate superior returns on their IT investments than their competitors (Lunardi, Becker and Macada, 2009; Jacobson, 2009). With IT investments making up a significant portion of corporate budgets and increased external pressure to control and monitor costs, effective ITG is seen as a vital way to ensure returns on IT investments and improved organizational performance (Jacobson, 2009). Organizations can no longer afford to have ITG by default or bad ITG by design (Simonsson, Lagerström and Johnson, 2008; Symons, 2005).

Several Frameworks and Best Practices exist to help organizations in ITG implementation e.g. COBIT (Information Technology Governance Institute, 2007), ITIL (Taylor, Iqbal and Nieves, 2007), CMMI-SVC (Forrester, Buteau and Shrum, 2009), etc; however, most of the Frameworks and Best Practices share the idea that each case is a different case considering organizations context (Lunardi, Becker and Macada, 2009; Information Technology Governance Institute, 2007; Agarwal and Sambamurthy, 2002). Such fact calls for the identification and specification of the factors that can influence each ITG implementation which is not present in any Framework or Best Practice that, besides the provision of a set of valuable guidelines, lack a correct explanation of how they can and must  be used giving organizations context. Moreover, some of the most important Frameworks and Best Practices in the market are also pointed out in literature as lacking a theoretical foundation from a scientific viewpoint (Goeken and Alter, 2008; 2009).

The hereby objectives are to use literature review to identify and formalize the current contingency factors that influence ITG implementation in organizations obtaining an artefact with theoretical foundation from a scientific viewpoint. The researchers intend to evaluate their contingency factors, interviewing some ITG experts with several years of practice in their organizations. This type of evaluation will also ensure that the artefact won’t lack a practitioner viewpoint becoming more complete and coherent with the reality.

In the next section, the researchers will describe the problem that this article intends to help in solving. Afterwards, in section 3, the research methodology that will be used is described. Building on these findings, the researchers make a literature review and propose their contingency factors in section 4. Then, the evaluation of the contingency factors in section 5 is detailed and   the conclusion and future work finalize the paper in section 6.

Problem

Although ITG relevance for business success, conceiving the ITG model is just the first step, implementing ITG as a sustainable solution is the next challenging step (Fasanghari, NasserEslami and Naghavi, 2008).

There are evidences of the positive effect of good ITG implementation in organizations, for example:

  • With the help of well-organized ITG, organizations may increase their return on IT investments by as much as 40% (Weil and Ross, 2004).
  • Enterprises that perform well in ITG may gain returns on IT investment 40% higher than their competitors; given the same business strategy, those with an average performance in ITG may make 20% more profit (Lingyu, Bingwu, Ruiping and Jianzhang, 2010).

In spite of all these evidences about influence of ITG in organizations’ success and returns, there are also evidences of IT continuously being badly managed and governed:

  • The far-reaching structural changes following an ERP implementation can be disastrous, as shown by Bingi, Sharma and Godla (1999) who states that there are several failed ERP attempts, and companies lost not only the capital invested in ERP packages and millions paid to outside consultants, but also a major portion of their business.  Buckhout, Frey and Nemec (1999)  affirm that in several ERP implementations, the overrun of costs and schedule as well as the lack of improvements is high, or even Scott (1999) who evidences the FoxMeyer bankruptcy case. Indeed, 70% of ERP implementations fail to achieve their corporate goals (Bernroider, 2008).
  • Gallagher and Worrel (2008) report a case of a new cross-business units system implementation where the delay in the implementation of a earlier product versions were frustrating because many of these projects took well in excess the timeline originally targeted.
  • Shpilberg, Berez, Puryear and Shah (2007) affirm that organizations must stop spending more than 80% of their IT budget in maintenance, patches, upgrades and other routine expenses, and less than 20% on the development of new applications and capabilities.
  • Lunardi, Becker and Macada (2009) evidence some important facts, as for example that 72% of IT projects are late, over-budget, lacking in functionality, or never delivered; of the “successful” projects (28%), 45% were over budget and 68% took longer than planned.
  • Yet, Lunardi, Becker and Macada (2009) highlight the fact that many companies spend about 50% of all their capital investment on IT.
  • On the other hand, Gao, Chen and Fang (2009) conclude and affirm that huge IT investment did not bring significant benefits.

With evidences of failure of so many IT implementations, the proposal of new approaches for ITG is imperative. Currently, the most adopted solutions are the existing frameworks in the market.

Indeed, several Frameworks and Best Practices exist to support organizations in ITG implementation. ITIL and COBIT, for example, are between the most adopted frameworks (Broussard and Tero, 2007; Radovanovic, Radojevic, Lucic and Sarac, 2010; Ridley, Young and Carroll, 2004), but several organizations still prefer to design their own (Broussard and Tero, 2007). Such fact is not surprising since the most Frameworks and Best Practices state that there is no single “best” IT organizational structure or governance arrangement because IT needs to respond to the unique environments within which it exists (Lunardi, Becker and Macada, 2009; Information Technology Governance Institute, 2007; Agarwal and Sambamurthy, 2002). Since the existing Frameworks and Best Practices do not make any reference to the possible factors that can influence each ITG implementation and the way the provided guidelines must be used giving the different organizations’ environment, organizations are developing their own Framework in order to adapt it to their specific needs. ITG implementation is influenced by external and internal factors (Xue, Liang and Boulton, 2006), however, literature and current Frameworks and Best Practices fail to reveal a clear and concise identification of these factors.

Moreover, some of the most used and known Frameworks and Best Practices in the market are seen as complex (Pereira and Mira da Silva, 2011), too general (Morimoto, 2009), lacking a theoretical foundation from a scientific viewpoint (Goeken and Alter, 2008; 2009), and overlap with each other (Pereira and Mira da Silva, 2010). These statements reinforce the possibility of improvements in the existing Frameworks and Best Practices. Framework complexity is even demonstrated by Pereira and Mira da Silva (2011) (Figure 1).


Fig 1. ITIL V3 Conceptual Model (Pereira and Mira da Silva, 2011)

The main problem that this research contributes to solve is the following:

There are many frameworks to support ITG implementation. However, Frameworks keep affirming that each case is a case and still lacking the identification of the factors that can influence each ITG implementation taking into account each organization’s environment.

Research Methodology

The research methodology that will be used in this paper is Design Science Research (DSR). Toward the end of the 1990s, it began growing in popularity for use in scholarly investigations in IS. DSR methodology is conducted in two complementary phases: build and evaluate. In contrast to behaviour research, design-oriented research builds a “to-be” conception and posteriorly seeks to build the system according to the defined model taking into account the restrictions and limitations (Osterle et al., 2011). Design science addresses research through the building and evaluation of artefacts designed to meet the identified business needs (Hevner, March, Park and Ram, 2004), instead of analyzing existing IS in order to identify causal relations (Osterle et al., 2011).

Few researchers attempted to perform empirical studies on ITG topic (Brown and Grant, 2005). Hence, the researchers build and evaluate new and innovative artefacts following the design research paradigm (Hevner, March, Park and Ram, 2004). It is argued that a better understanding of ITG implementation guide from different and sometimes complementary points of view can be accomplished.

Based on the four design artefacts produced by design science research in IS (constructs, models, methods and instantiations),   constructs will be focused on. Constructs are necessary to describe certain aspects of a problem domain and allow the development of the research project’s terminology (Schermann, Böhmann and Krcmar, 2009). The constructs proposed will be the Contingency Factors.

The research methodology applied is divided according to the two processes of design science research in IS; build and evaluate. The build process and the evaluation process are composed by one stage (Table 1). This kind of research approach was already used in other researches as De Haes and Grembergen (2008) and Vicente and Mira da Silva (2011).

In the first stage, the researchers started with the literature review. Since Contingency Factors area is poorly explored or even in the early stages, this research is exploratory rather than being hypothesis testing. Exploratory research often builds on secondary research, such as reviewing available literature and/or data or qualitative approaches, such as informal discussions with customers, employees, management or depth interviews, focus group projective methods, case studies or pilot studies (De Haes and Grembergen, 2008).

In consequence, the researchers used literature review and depth interviews to identify the ITG Contingency Factors. In the academic literature, a number of authors compiled “mini” reviews to support their own conceptual or empirical papers (De Haes and Grembergen, 2008; Brown and Grant, 2005; Brown and Magill, 1994; Sambamurthy and Zmud, 1999; Simonsson and Ekstedt, 2006). Nevertheless, literature review represents the foundation for research in IS. As such, review articles are critical to strengthening IS as a field of study. Moreover, the approach used in this paper follows the concept-centric methodology of IS literature reviews as outlined in Webster and Watson (2002).

Table 1. Research Methodology

Additionally, the guidelines for design science research proposed by Hevner, March, Park and Ram were followed (2004). These guidelines are: design as an artefact; problem relevance; design evaluation; research Contributions; research rigour; design as a search process and communication of research.

A design artefact is complete and effective when it satisfies the requirements and constraints of the problem that was meant to be solved. In this paper, the present artefacts were evaluated through interviews as well as literature review. In addition, by submitting these research results to respected international conferences, the researchers have also used the appraisal of the scientific community as evaluation criteria.

Proposal

The researchers decided to start the literature review with an overview on the different types of governance in order to clearly identify the type of governance approached on this article, followed by a historical overview about ITG definition in order to demonstrate that ITG definition is not clear in scientific community.

Governance is a concept that can be used in many contexts. There are many different types of governance and the researchers should make a brief review of them in order to understand each one and which governance will be focused on:

  • Corporate Governance –is the responsibility delegated by stakeholders and the public, defined by legislators and regulators and shared by boards, in some measure, with managers (Webb et al., 2006).
  • Enterprise Governance – is a set of responsibilities and practices exercised by the board and executive managers, with the goal of providing strategic direction, ensuring that plans and objectives are achieved, assessing that risks are proactively managed and assuring that the enterprise’s resources are used responsibly (Grembergen and De Haes, 2008).
  • IT Governance (ITG) – Literature has demonstrated a lack of a clear shared understanding of the term ITG. None of the definitions reflect all of the elements of the framework, possibly indicating that authors do develop definitions to support their particular focus (Webb et al., 2006). The researchers identified several ITG definitions in many articles and books, with minor differences (Fasanghari et al., 2008;Grembergen and De Haes, 2008;Gerrard, 2010; Guney and Cresswell, 2010;Selig, 2008;Jacobson, 2009;Nabiollahi and Sahibuddin, 2008;Park et al., 2006;Simonsson and Ekstedt, 2006;Symons, 2005;Webb et al., 2006; Weill and Ross, 2004).

These types of governance are correlated and cannot be dissociated from each other. They should be dealt with as “whole Governance” with dependencies and relations between them and an order to be followed. However, ITG already developed into a discipline of its own rights (Simonsson and Ekstedt, 2006). Since ITG cannot exist in isolation but must be a sub-set of enterprise governance (Symons, 2005;Park et al., 2006) and is also commonly referred to as a sub-set of corporate governance (Lunardi et al., 2009) (Webb, 2006), it is concluded that ITG is the most specific and focused on the identified types of governance. In this paper, the focus will be on ITG.

Table 2 presents a summary of the several definitions proposed in the last 20 years. Noticed is that a consensus about ITG definition still does not exist. The purpose of this research is not to decide which the most appropriate ITG definition is, or even propose a new one; however, the concern is stated and a historical overview of the main ITG definitions in the literature presented. Such uncertainty is not advisable and proves that ITG field has much to evolve further. As such, the researchers propose to identify and formalize, based on literature review, the factors that must be taken into consideration by organizations before an ITG implementation which is called herein Contingency Factors.  Contingency Factors are defined as:

Factors that, depending on organizations context, may influence the ITG implementation but that are not likely or intended, are a possibility that must be prepared for.

Table 2. ITG Definitions

From a literature review came a number of substantive conclusions relating the contingency factors to ITG implementation. After dealing with the literature review, the identified Contingency factors include: organizational culture and structure, strategy, size, regional differences, industry, maturity, ethical and trust. A summary of the identified contingency factors as well as their literature references is present in Table 3. Below is detailed each of the identified Contingency Factors:

Culture – Corporate culture plays an invaluable role in the enterprise development. Management of culture is to make employees care about enterprise (Jiandong and Hongjun, 2010), and its context refers to managing IT workers and workplaces in such a way that the social processes, which reflect the interactions among groups of people with differing worldviews, are taken into account (Weisinger and Trauth, 2003). Surveys of CEOs during the past few years have identified organizational culture as one of the largest inhibitors to change and related business performance improvements (Gerrard, 2009), which means corporate culture can influence the success of ITG implementation (Fink and Ploder, 2008).

Structure – The structure of IT is one of the major recurring issues in literature (Goeken and Alter, 2008; Bernroider, 2008; Sambamurthy and Zmud, 1999; Adams, Larson and Xia, 2008). The majority of the existing literature approaches the topic of ITG from existing or proposed structures point of view (Webb, Pollard and Ridley, 2006). IT has not only changed the traditional ways people acquire information, but has also broken old patterns of production management and profoundly changed firm’s organization structure in space and time. Organization structure is the necessary condition to the achievement of business goals by organizations (Gao, Chen and Fang, 2009). Organizational structure has been identified by the literature as a concern that should be taken into consideration in ITG implementation.

Size – Some studies have attempted to discover the effect of organization size on ITG (De Haes and Grembergen, 2008; Brown and Grant, 2005; Cochran, 2010). Sambamurthy and Zmud (1999) state that the size of the firm influences the ITG mode through its effect on the mode of corporate governance. There are also evidences that many small organizations lack standardized project management practices (Cochran, 2010).
Industry – IT has a wide range of applicability across almost all industries (Tanriverdi, 2006). Some ITG studies only focus on a specific kind of industry (De Haes and Grembergen, 2008), others in several industries as for example (Simonsson, Lagerström and Johnson, 2008), who conducted interviews in separated industries and collected different results. ITG means different things in distinct industries, evident by the different regulations that have been developed (Webb, Pollard and Ridley, 2006).

Regional Differences – Some studies have been made about regional differences on ITG implementations. For example, Weisinger and Trauth (2003) pointed out the importance of aspects, such as language, local laws and national information infrastructures. Another study performed by Aagesen, van Veenstra, Janssen and Krogstie (2011) made a cross-country comparative study where they found different ITG implementations, while Fink and Ploder (2008) performed some regional case studies in different countries.

Maturity – IT has matured so much that, in many ways, IT has become a commodity. However, specialized resources are still needed (Cochran, 2010). The use of ITG maturity measurements is one of the means to evaluate the success of ITG (Dahlberg and Lahdelma, 2007). Some studies were performed and interesting conclusions were collected: a study compared different organizations and determined that, in general, the high performers have more mature ITG structures and processes (De Haes and Grembergen, 2008); another study identified possible requirements for good ITG maturity assessments (Simonsson, Johnson and Ekstedt, 2008); and yet another study concluded that there is a correlation between ITG performance and ITG maturity indicators (Simonsson, Lagerström and Johnson, 2008) .

Strategy – How to accomplish strategic alignment between business and IT in the complex and dynamic environment of the real world remains a great unanswered challenge for the CIO and CEO (Ekstedt, et al., 2004; Silva, Plazaola and Ekstedt, 2006), therefore ITG should be dealt with as a business strategy (Park, Jung, Lee and Jang, 2006). Some research projects focus on how strategic alignment impacts business performance (Simonsson, Johnson and Ekstedt, 2008). Strategy had even already been proposed as a possible contingency factor of ITG by Brown and Grant (2005).

Ethical – To promote ethical business practices, an organization needs a leader who is committed to something more than profits. Ethical awareness in corporate governance has a strong effect to ensure employee trust in the workplace (Memiyanty and Putera, 2010). In the interviews performed by Maidin and Arshad (2010), most of the respondents agreed that ethics of compliance is an important aspect for ITG practices.

Trust – Many scholars claim that the concept of trust and cooperation is crucial for solving or at least minimizing governance failure (Memiyanty and Putera, 2010).

In the current literature review, few researchers approach such kind of factors. In this section, the researchers analyzed the main literature and proposed a set of Contingency Factors (supported by the literature) that organizations should put into consideration before an ITG implementation.

Table 3. Literature Reference(s) of Each Contingency Factor

Evaluation

To evaluate the identified Contingency Factors, nine interviews were performed (90 minutes each) with ITG experts who have strategic alignment and ITG knowledge in their organizations. Seven interviews were performed in Portugal and two in Ireland by Skype. The interviewees were 3 consultant organizations marked as C in first column (1, 2 and 7) and 6 non-consultant marked as NC in first column (3, 4, 5, 6, 8 and 9) organizations.
Table 4 shows a summary of the results of the interviews. To turn Table 4 easier to read, the researchers used colors such as yellow and orange to highlight the first (yellow) and second (orange) choice of the interviewees (they were asked to rank the contingency factors by relevance), and green and red in the “yes/no” questions in order to highlight the positive (green) and negative (red) responses. Overall, the Contingency Factors are seen as relevant, complete and useful by the interviewees.

Table 4. Summary of the Interviews

Fifth, sixth and seventh interviewees stated that some factors were missing. The fifth and sixth referred to the organizations’ financial power (which the researchers believe that it could be related to organization size since bigger organizations certainly have more financial power and vice versa), while the seventh mentioned the people (which the researchers believe to be related to ethic and trust, since ethic and trust are social values that should cross the entire human resources).

Culture, structure, industry and maturity are seen as the most relevant contingency factors for ITG implementation. On the other side, Regional Differences wasn’t chosen by any interviewee, which can be justified by the fact that in general the interviewees are not familiar with ITG implementations beyond their country.

Several conclusions could be withdrawn from the interviews:

  • Culture, structure, industry and maturity are seen as the most relevant contingency factors for ITG implementation.
  • Contingency factors were identified by all the interviewees as a relevant concern and useful as information available at the beginning of ITG implementations.
  • Regional Differences was the only contingency factor not chosen by the interviewees. However, as already explained, it could be related to the fact that the interviewees only had experience in one country.
  • Consultant organizations tend to give more importance to industry and maturity.
  • Non-consultant organizations tend to assign higher relevance to culture and structure

Experts gave an excellent feedback and validated all the Contingency Factors. Few improvements or changes were proposed. Most of them do not question the validity of the Contingency Factors, but simply add something which makes perfect sense since the researchers are analyzing information from two different sources (literature and practitioners).

This research provided us with some important learning in ITG Contingency Factors field. Many factors must be taken into consideration by organizations before ITG implementation. Almost all the Contingency Factors identified in the literature are recognized as relevant by practitioners. Yet, the way consultant and non-consultant organizations look to Contingency Factors is quite different, and in the future the achievement of a more concrete and coherent differentiation of the most important Contingency Factors for consultants and non-consultants must be explored. Moreover, it is interesting that existing Frameworks also don’t make any reference to the different viewpoints of consultant and non-consultant organizations since many non-consultant organizations hire consultant organizations to implement some domains as ITG; and such divergent viewpoints of what should be given the priority can be the reason of some problems.

This research has some limitations as well. So far, the researchers leverage the Contingency Factors based on literature review and also validated them with experts’ interviews. However, more interviews are required in order to achieve more concrete and coherent results.

Conclusion

Frameworks keep affirming that each case is a different case and still not providing any help in this field. With this research, a formalization of the Contingency Factors that must be considered by organizations before any ITG implementation is achieved. Organizations are now able to analyse what can influence their ITG implementation and decide what should be done in the first place, given the environment of each organization.

Since the most known Frameworks lack a scientific viewpoint, the researchers leveraged the Contingency Factors based on literature review giving them theoretical foundation. Yet, in order to keep providing a practitioner viewpoint, interviews were performed with ITG experts. Then, Contingency Factors are argued to be built under both scientific and practitioner viewpoint.

With the identification of the Contingency Factors the organizations are able to begin the collection of information in a correct format and leave precious information for other organizations, standardizing as much as possible the initial approach of the ITG implementation process. Then, organizations with similar contexts can easily realize what they should do first in order to avoid some mistakes.

Future work must pass by the integration of the Contingency Factors with an ITG framework. At the same time, more interviews should be realized to increase the empirical validity of the mentioned Contingency Factors.

It is important that organizations begin to consider this kind of factors before their ITG implementation. How the Contingency Factors influenced their ITG implementation in their organization context must be recorded in order to create a consolidated data base to minimize the risks of future ITG implementations by other organizations.

(adsbygoogle = window.adsbygoogle || []).push({});

References

Aagesen, G., van Veenstra, A. F., Janssen, M. & Krogstie, J. (2011). “The Entanglement of Enterprise Architecture and IT-Governance: The Cases of Norway and the Netherlands,” Proceedings of the 44th Hawaii International Conference on System Sciences (HICSS), ISBN: 978-1-4244-9618-1, 4-7 January 2011, Hawaii, USA, 1-10.
PublisherGoogle Scholar

Adams, C. R., Larson, E. C. & Xia, W. (2008). “IS/IT Governance Structure and Alignment: An Apparent Paradox,” Management Information Systems Research Center.
Publisher

Agarwal, R. & Sambamurthy, V. (2002). “Principles and Models for Organizing the IT Function,” Management Information Systems Quarterly Executive, 1(1).
PublisherGoogle Scholar

Bernroider, E. W. N. (2008). “IT Governance for Enterprise Resource Planning Supported by the DeLone-McLean Model of Information Systems Success,” Information & Management, 45(5), 257-269.
PublisherGoogle Scholar

Bingi, P., Sharma, M. K. & Godla, J. K. (1999). “Critical Issues Affecting an ERP Implementation,” Information Systems Management Decision, 16(3), 7-14.
PublisherGoogle Scholar – British Library Direct

Broussard, F. W. & Tero, V. (2007). “Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach,” White Paper. IDC.
Publisher

Brown, A. E. & Grant, G. G. (2005). “Framing the Frameworks: A Review of IT Governance Research,” Communications of the Association of Information Systems, 15, 696-712.
PublisherGoogle Scholar

Brown, C. V. & Magill, S. L. (1994). “Alignment of the IS Functions with the Enterprise: Toward a Model of Antecedents,” Management Information Systems Quarterly, (18) 4, 371-404.
PublisherGoogle Scholar – British Library Direct

Buckhout, S., Frey, E. & Nemec, J. (1999). ‘Making ERP Succeed. Turning Fear into Promise,’ IEEE Transactions on Engineering Management, 27(3), 116-123.
Google Scholar – British Library Direct

Cochran, M. (2010). “Proposal of an Operations Department Model to Provide IT Governance in Organizations that Don’t have IT C-Level Executives,” Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), ISBN: 978-1-4244-5509-6, 5-8 January 2010, Hawaii, USA, 1-10.
PublisherGoogle Scholar

Craig, S., Cecere, M., Young, G. O. & Lambert, N. (2005). ‘IT Governance Framework: Structures, Processes, and Communication,’ White Paper, Forester Research.

Dahlberg, T. & Lahdelma, P. (2007). “IT Governance Maturity and IT Outsourcing Degree: An Exploratory Study,” Proceedings of the 40th Hawaii International Conference on System Sciences (HICSS), ISBN: 0-7695-2755-8, 3-7 January 2007, Hawaii, USA, 236a.
PublisherGoogle Scholar – British Library Direct

De Haes, S. & Grembergen, W. (2008). “Analysing the Relationship between IT Governance and Business/IT Alignment Maturity,” Proceedings of the 41st Hawaii International Conference on System Sciences (HICSS), ISBN: 0-7695-3075-8, 7-10 January 2008, Hawaii, USA, 428.
PublisherGoogle Scholar

Ekstedt, M., Johnson, P., Lindstrom, A., Gammelgard, M., Johansson, E., Plazaola, L., Silva, E. & Lilieskold, J. (2004). “Consistent Enterprise Software System Architecture for the CIO: A Utility-Cost Based Approach,” Proceedings of the 37th Hawaii International Conference on System Sciences (HICSS), ISBN: 0-7695-2056-1, 5-8 January 2004, Hawaii, USA, 1-10.
PublisherGoogle Scholar – British Library Direct

Fasanghari, M., NasserEslami, F. & Naghavi, M. (2008). “IT Governance Standard Selection Based on Two Phase Clustering Method,” Proceedings of the 4th International Conference on Networked Computing and Advanced Information Management (NCM), ISBN: 978-0-7695-3322-3-02, 2-4 September 2008, Gyeongju, South Korea, 513-518.
PublisherGoogle Scholar

Fink, K. & Ploder, K. (2008). “Decision Support Framework for the Implementation of IT-Governance,” Proceedings of the 41st Hawaii International Conference on System Sciences (HICSS), ISBN: 0-7695-3075-8, 7-10 January 2008, Hawaii, USA, 432.
PublisherGoogle Scholar

Forrester, E. C., Buteau, B. L. & Shrum, S. (2009). ‘CMMI for Services, Version 1.2,’ Technical Report, Software Engineering Institute.

Gallagher, K. P. & Worrel, J. L. (2008). “Organizing IT to Promote Agility,” Information Technology Management, 9(1), 71-88.
PublisherGoogle Scholar – British Library Direct

Gao, S., Chen, J. & Fang, D. (2009). “The Influence of IT Capability on Dimensions of Organization Structure,” Proceedings of the 2nd International Conference on Future Information Technology and Management Engineering (FITME), ISBN: 978-0-7695-3880-8, 13-14 December 2009, Sanya, China, 269-273.
PublisherGoogle Scholar

Gerrard, M. (2009). “IT Governance, a Flawed Concept: It’s Time for Business Change Governance,” Gartner ID: G00171658.
Publisher

Gerrard, M. (2010). “Defining IT Governance: The Gartner IT Governance Demand/Supply Model,” Gartner ID: G00175053.
Publisher

Goeken, M. & Alter, S. (2008). “Representing IT Governance Frameworks as Metamodels,” Proceedings of the International Conference on E-Business, Enterprise IS & E-Government (EEE), ISBN: 1-60132-063-9, 14-17 July 2008, Las Vegas, USA, 48-54.
Publisher

Goeken, M. & Alter, S. (2009). “Towards Conceptual Metamodeling of IT Governance Frameworks Approach – Use – Benefits,” Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), ISBN: 978-0-7695-3450-3, 5-8 January 2009, Hawaii, USA, 1-10.
PublisherGoogle Scholar

Grembergen, W. V (2000). “The Balanced Scorecard and IT Governance,” Information Systems Control Journal, 2, 40-41.
Publisher

Grembergen, W. V. & De Haes, S. (2008). ‘Implementing Information Technology Governance: Models, Practices, and Cases,’ IGI Publishing, Hershey, New York.
Google Scholar

Guney, S. & Cresswell, A. M. (2010). “IT Governance as Organizing: Playing the Game,” Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), ISBN: 978-1-4244-5509-6, 5-8 January 2010, Hawaii, USA, 1-10.
PublisherGoogle Scholar

Hevner, A. R., March, S. T., Park, J. & Ram, S. (2004). “Design Science in Information Systems Research,” Management Information Systems Quarterly, 28(1),75-105.
PublisherGoogle Scholar – British Library Direct

Information Technology Governance Institute (2004). “Board Briefing on IT Governance,” IT Governance Institute, United States of America.
Publisher

Information Technology Governance Institute (2007). ‘IT Governance Institute: COBIT 4,1,’ [online] Available at: <http://www.isaca.org> [Accessed 27 February 2012].
Publisher

Jacobson, D. D. (2009). “Revisiting IT Governance in the Light of Institutional Theory,” Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), ISBN: 978-0-7695-3450-, 5-8 January 2009, Hawaii, USA, 1-9.
PublisherGoogle Scholar

Jiandong, Z. & Hongjun, X. (2010). “The Research on Staff Well-being in IT Industry in China,” Proceedings of the International Conference on Optics Photonics and Energy Engineering (OPEE), ISBN: 978-1-4244-5236-1, 10-11 May 2010, Wuhan, China, 48-51.
PublisherGoogle Scholar

Lingyu, H., Bingwu, L., Ruiping, Y. & Jianzhang, W. (2010). “An IT Governance Framework of ERP System Implementation,” Proceedings of the 2010 International Conference on Computing, Control and Industrial Engineering (CCIE), ISBN: 978-0-7695-4026-9, 5-6 June 2010, Wuhan, China, 431-434.
PublisherGoogle Scholar

Luftman. J. N. (1996). Competing in the Information Age: Strategic Alignment, Oxford University Press, New York.
Publisher

Lunardi, G. L., Becker, J. L. & Macada, A. C. G. (2009). “The Financial Impact of IT Governance Mechanisms’ Adoption: An Empirical Analysis with Brazilian Firms,” Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), ISBN: 978-0-7695-3450-3, 5-8 January 2009, Hawaii, USA, 1-10.
PublisherGoogle Scholar

Maidin, S. S. & Arshad, N. H. (2010). “IT Governance Practices Model in IT Project Approval and Implementation in Malaysian Public Sector,” Proceedings of the International Conference on Electronics and Information Engineering (ICEIE), ISBN: 978-1-4244-7681-7, 1-3 August 2010, Kyoto, Japan, V1-532-V1-536.
PublisherGoogle Scholar

Memiyanty, A. R., Putera, M. S. & Salleh, K. (2010). “Ethical Leadership and Employee Trust: Governance Perspective,” Proceedings of the International Conference on Information and Financial Engineering (ICIFE), ISBN: 978-1-4244-6927-7, 17-19 September 2010, Chongqing, China, 848-851.
PublisherGoogle Scholar

Morimoto, S. (2009). “Application of COBIT to Security Management in Information Systems Development,” Proceedings of the Fourth International Conference on Frontier of Computer Science and Technology (FCST), ISBN: 978-1-4244-5467-9, 17-19 December 2009, Shangai, China, 625 – 630.
PublisherGoogle Scholar

Nabiollahi, A. & bin Sahibuddin, S. (2008). “Considering Service Strategy in ITIL V3 as a Framework for IT Governance,” Proceedings of the Information Technology International Symposium (ITSim), ISBN: 978-1-4244-2328-6, 26-28 August, Kuala Lumpur, Malaysia, 1-6.
PublisherGoogle Scholar

Osterle, H., Becker, J., Frank, U., Hess, T., Karagiannis, D., Krcmar, H., Loos, P., Mertens, P., Oberweis, A. & Sinz, E. J. (2011). “Memorandum on Design-Oriented Information Systems Research,” European Journal of Information Systems, 20,7–10.
PublisherGoogle Scholar

Park, H. Y., Jung, S. H., Lee, Y.- J. & Jang, K. C. (2006). “The Effect of Improving IT Standard in IT Governance,” Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation (CIMCA), ISBN: 0-7695-2731-0, 28 November – 1 December 2006, Sydney, Australia, 22.
PublisherGoogle Scholar

Pereira, R. & Mira da Silva, M. (2010). “A Maturity Model for Implementing ITIL v3,” Proceedings of the 6th World Congress on Services (SERVICES-1), ISBN: 978-0-7695-4129-7, 5-10 July 2010, Florida, USA, 399-406.
PublisherGoogle Scholar

Pereira, R. & Mira da Silva, M. (2011). “A Maturity Model for Implementing ITIL V3 in Practice,” Proceedings of the 15th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW), ISBN: 978-0-7695-4426-7, 29 August – 2 September 2011, Helsinki, Finland, 259 – 268.
PublisherGoogle Scholar

Radovanovic, D., Radojevic, T., Lucic, D. & Sarac, M. (2010). “IT audit in accordance with Cobit Standard,” Proceedings of the 33rd International Convention (MIPRO), ISBN: 978-1-4244-7763-0, 24-28 May 2010, Opatija, Croatia, 1137–1141.
PublisherGoogle Scholar

Ridley, G., Young, J. & Carroll, P. (2004). “COBIT and its Utilization: A Framework From the Literature,” Proceedings of the 37th Hawaii International Conference on System Sciences (HICSS), ISBN: 0-7695-2056-1, 5-8 january 2004, Hawaii, USA, 1-8.
PublisherGoogle Scholar – British Library Direct

Sambamurthy, V. & Zmud, R. W. (1999). “Arrangements for Information Technology Governance: A theory of Multiple Contingencies,” Management Information Systems Quarterly, 23(2), 261-291.
PublisherGoogle Scholar – British Library Direct

Schermann, M., Böhmann, T. & Krcmar, H. (2009). “Explicating Design Theories with Conceptual Models: Towards a Theoretical Role of Reference Models,” In J. Becker, H. Krcmar & B. Niehaves, 175–194.
PublisherGoogle Scholar

Schwarz, A. & Hirschheim, R. (2003). “An Extended Platform Logic Perspective of IT Governance: Managing Perceptions and Activities of IT,” Journal of Strategic Information Systems, (12)2, 129-166.
PublisherGoogle Scholar

Scott, J. E. (1999). “The FoxMeyer Drugs’ Bankruptcy: Was it a Failure of ERP?,” Proceedings of the 5th Americas Conference on Information Systems (AMCIS), 13-15 August 1999, Milwaukee, USA, 223-225.
PublisherGoogle Scholar

Selig, G. J. (2008). Implementing IT Governance: A Practical Guide to Global Best Practices in It Management, Van Haren Publishing, Zaltbommel, Amersfoort.
PublisherGoogle Scholar

Shpilberg, D., Berez, S., Puryear, R. & Shah, S. (2007). “Avoiding the Alignment Trap in Information Technology,” MIT Sloan Management Review, 49(1), 51-58.
PublisherGoogle Scholar – British Library Direct

Silva, E., Plazaola, L. &  Ekstedt, M. (2006). “Strategic Business and IT Alignment, A Prioritized Theory Diagram,” Proceedings of the Technology Management for the Global Future (PICMET), ISBN: 1-890843-14-8, 8-13 July 2006, Istambul, Turkey, 1–8.
PublisherGoogle Scholar

Simonsson, M. & Ekstedt, M. (2006). “Getting the Priorities Right: Literature vs Practice on IT Governance,” Proceedings of the Technology Management for the Global Future (PICMET), ISBN: 1-890843-14-8, 8-13 July 2006, Portland, USA, 18-26.
PublisherGoogle Scholar

Simonsson, M., Johnson, P. & Ekstedt, M. (2008). “IT Governance Decision Support Using the IT Organization Modeling and Assessment Tool,” Proceedings of the Portland International Conference on Management of Engineering & Technology (PICMET), ISBN: 978-1-890843-18-2, 27-31 July 2008, Cape Town, South Africa, 802-810.
PublisherGoogle Scholar

Simonsson, M., Lagerström, R. & Johnson, P. (2008). “A Bayesian Network for IT Governance Performance Prediction,” Proceedings of the International Conference on Electronic Commerce (ICEC), ISBN: 978-1-60558-075-3, 27-28 March 2008, Bangkok, Thailand, 1-8.
PublisherGoogle Scholar

Symons, C. (2005). “IT Governance Framework,” Forrester Research.
PublisherGoogle Scholar

Tanriverdi, H. (2006). “Performance Effects of Information Technology Synergies in Multibusiness Firms,” Management Information Systems Quarterly, 30(1), 57-77.
PublisherGoogle Scholar – British Library Direct

Taylor, S., Iqbal, M. & Nieves, M. (2007). ‘ITIL: Service Design,’ TSO publications, Norwich, Norfolk.

Vicente, P. & Mira da Silva, M. (2011). “A Conceptual Model for Integrated Governance, Risk and Compliance,” Proceedings of the 23rd International Conference on Advanced Information Systems Engineering (CAiSE), ISBN: 978-3-642-21639-8, 20-24 June 2011, London, UK.
PublisherGoogle Scholar

Webb, P., Pollard, C. & Ridley, G. (2006). “Attempting to Define IT Governance: Wisdom or Folly?,” Proceedings of the 39th Hawaii International Conference on System Sciences (HICSS), ISBN: 0-7695-2507-5, 4-7 January 2006, Hawaii, USA, 194a.
PublisherGoogle Scholar – British Library Direct

Webster, J. & Watson, R. T. (2002). “Analyzing the Past to Prepare for the  Future: Writing a Literature Review,” Management Information Systems Quarterly, 26(2), xiii-xxiii.
PublisherGoogle Scholar – British Library Direct

Weill, P. & Ross, J. W. (2004). ‘IT Governance: How Top Performers Manage IT Decision Rights for Superior Result,’ Harvard Business School Press, Boston, Massachusetts.
Google Scholar

Weill, P. & Vitale, M. (2002). “What IT Infrastructure Capabilities are Needed to Implement E-Business Models?,” Management Information Systems Quarterly Executive, 1(1), 17-34.
PublisherGoogle Scholar

Weisinger, J. Y. & Trauth, E. M. (2003). ”The Importance of Situating Culture in Cross-Cultural IT Management,” IEEE Transactions on Engineering Management, 26-30.
PublisherGoogle Scholar – British Library Direct

Xue, Y., Liang, H. & Boulton, W. R. (2006). ‘Information Technology Governance in Information Technology Investment Decision Processes: The Impact of Investment Characteristics, External Environment, and Internal Context,’ Management Information Systems Quarterly, 32(1), 67-96.

Shares