You are on page 1of 19

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

A LITERATURE REVIEW: GUIDELINES AND CONTINGENCY FACTORS FOR IT GOVERNANCE


Ruben Pereira, PhD Student, Computer Science Department, Instituto Superior Tecnico, Lisbon rubenfspereira@ist.utl.pt Miguel Mira da Silva, Professor, Computer Science Department, Instituto Superior Tecnico, Lisbon mms@ist.utl.pt

Abstract
ITG has been recognized as a CIO top-10 issue for more than five years and has risen in priority between 2007 and 2009. Several Frameworks exist to help organizations in ITG implementation but lack scientific viewpoint, are complex, and also overlap each other. In this paper we make a literature review to leverage the ITG Contingency factors and ITG general guidelines in order to provide a scientific viewpoint validation. We also evaluate our artefacts with experts interviews so we provide practitioner viewpoint validation. Finally, we conclude our research with main contributions and future work. Keywords: IT Governance, Contingency Factors, IT Governance Guidelines

INTRODUCTION

Almost 50 years ago Garrity argued that information technology (IT) structure could have an impact on firms performance (Garrity, 1963). Nowadays, IT plays an important role in the modern social and economic life (Jiandong and Hongjun, 2010). IT has not only changed the traditional ways through which people acquire information, but has also broken old patterns of production management and profoundly changed firms organization structure in space and time (Gao et al., 2009). IT plays a significant role in inter-organizational transactions and relations. Thus, IT has become a valuable asset and resource in contemporary business strategy literature (Dahlberg and Lahdelma, 2007). The rapidly changing business world demands flexibility and responsiveness in business and, therefore, in IT as well (Adams et al., 2008). Nowadays IT and Information Systems (IS) are highly related and agility also represents a challenge for many IS today (Gallagher and Worrel, 2008). Since IT has become crucial to the support, sustainability and growth of the business, this pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT Governance (ITG) (De Haes and Grembergen, 2008). Some studies have shown that companies which have good ITG models generate superior returns on their IT investments than their competitors (Lunardi et al., 2009) (Webb et al., 2006). With IT investments making up a significant portion of corporate budgets and increased external pressure to control and monitor costs, effective ITG is seen as a vital way to ensure returns on IT investments and improved organizational performance (Jacobson, 2009). ITG has been a concern in the last 20 years. However, good ITG is no longer a nice to have. Good ITG is a must have and can contribute to higher returns on assets at a time when business is increasing their technology investment (Webb et al., 2006). ITG elevates information to a key organizational asset and treats governance of information at par with governance of other assets, such as human, financial, intellectual, and relationship assets (Fasanghari et al., 2008). Organizations can no longer afford to have ITG by default or bad ITG by design (Symons, 2005). ITG is not only designed to achieve internal efficiency in the IT organization, such as deploying good IT processes and making sure that the means and goals are documented. The final goal of good ITG is rather to provide the business with the support needed to conduct business in a good manner (Simonsson et al., 2008).

Pereira and da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

342

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

The purpose of this paper is to perform a literature review and identify what are the contingency factors as well as the general guidelines to be followed. To better understand where we are heading and where we currently stand, a review of where we started is needed. Our produced artefacts will be implicit evaluated by literature review and were also evaluated with experts interviews. In next section we describe the current ITG problem(s) in more detail. On section 3 we review the literature, from where we extract our proposals. Because research in some of the proposed proposal artefacts is poorly explored/synthesized or even in the early stages, part of this research is exploratory rather than hypothesis testing. Exploratory research often builds on secondary research, such as reviewing available literature and/or data or qualitative approaches such as informal discussions with customers, employees, management or depth interviews, focus group projective methods, case studies or pilot studies (De Haes and Grembergen, 2008). Our research strategy for ITG implementation guidelines and ITG contingency factors was based on literature review. The approach used in this paper follows the concept-centric methodology of IS literature reviews as outlined in (Webster and Watson, 2002). In section 4 we present evaluation of the artefacts proposed based on interviews and comparison with current theories. Finally, in section 5 we take our conclusions, including future work.

PROBLEM

Since nineties that ITG is a concern. Indeed, Gartner states that ITG has been recognized as a CIO top10 issue for more than five years and has risen in priority between 2007 and 2009 (Gerrard, 2009). ITG has been identified as an appropriate solution to deal with increasing IT changes and complexity. Although ITG relevance for business success, conceiving the ITG model is just the first step, implementing ITG as a sustainable solution is the next challenging step (Fasanghari et al., 2008). There are evidences of the positive effect of good ITG implementation in organizations, for example: With the help of well-organized ITG, organizations may increase their return on IT investments by as much as 40% (Weil and Ross, 2004). Enterprises that perform well in ITG may gain returns on IT investment 40% higher than their competitors; given the same business strategy, those with an average performance in ITG may make 20% more profit (Lingyu et al., 2010). In spite of all these evidences about influence of ITG in organizations success and returns, there are also evidences that IT keep being badly managed and governed: The far-reaching structural changes following an ERP implementation can be disastrous, as shown by examples (Bingi et al., 1999)(Buckhout et al., 1999)(Scott, 1999). Indeed, 70% of ERP implementations fail to achieve their corporate goals (Benroider, 2008). The delay in the implementation of a earlier product versions were frustrating because many of these projects took well in excess the timeline originally targeted (Gallagher and Worrel, 2008) Organizations must stop spending more than 80% of their IT budget in maintenance, patches, upgrades and other routine expenses, and less than 20% on the development of new applications and capabilities (Shpilberg et al., 2007). 72% of IT projects are late, over budget, lacking in functionality, or never delivered; of the successful projects (28%), 45% were over budget and 68% took longer than planned (Lunardi et al., 2009). Many companies spend about 50% of all their capital investment on IT (Lunardi et al., 2009). Huge IT investment did not bring significant benefits (Gao et al., 2009). There is no single best IT organizational structure or governance arrangement because IT needs to respond to the unique environments within which exists (Agarwal and Sambamurthy, 2002) (Lunardi et al., 2009). Nevertheless, organizations use frameworks to support their ITG implementation. ITIL [Taylor et al., 2007] and COBIT [ITGI, 2007] are among the most used and adopted frameworks by organizations (Broussard and Tero, 2007). Besides the frameworks, several organizations keep designing their own (Broussard and Tero, 2007). In order to understand why organizations still prefer to develop their own frameworks instead of adopting the most important frameworks we used conceptual modeling to represent these frameworks.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

343

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Conceptual models are a prerequisite for successfully planning and designing complex systems (Moody and Shanks, 2003) (Frank 1999) (Recker, 2005) (Jeusfeld et al., 2006). Conceptual modeling has been employed to facilitate, systematize, and aid the process of information systems engineering (Recker, 2005).

Figure 1.

ITIL V3 Conceptual Model (Pereira and Mira da Silva, 2011)

ITIL and COBIT were chosen as examples of frameworks to be modelled since they are the most adopted frameworks (Broussard and Tero, 2007). With respect to ITIL, our research already provided a conceptual model (Pereira and Mira da Silva, 2011). As we can see in Figure 1, we demonstrated that ITIL is a complex framework with many dependencies between processes that make difficult implementation by organizations. With respect to COBIT, which is seen in the business and academic world as the best and most complete ITG framework (Radovanovic et al., 2010) (Ridley et al., 2004), we designed a COBIT conceptual model. If we look for Figure 2, COBIT also seems a very complex framework with several dependencies between processes, and organizations have to deal with that complexity to implement COBIT.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

344

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Figure 2.

COBIT Conceptual Model (Original Research by the Authors)

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

345

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Furthermore, COBIT is too general purpose (Morimoto, 2009) and needs deep expert knowledge for the implementation. Many other frameworks have been proposed. However, many of the frameworks are similar and have much more in common that initially thought (Sahibudin et al., 2008). We also showed that frameworks overlap each other (Pereira and Mira da Silva, 2010) which hugely increase the effort of organizations (money, time, resources, etc.) because some IT areas (if not all) may use more than one framework to get a complete, concise and coherent approach. So, organizations have several frameworks to chose and dont know which are the most suitable to their purpose. In the literature several authors state each case is a case about ITG implementation. This approach led us to the theory of the contingency factors that we define as: Factors that, depending on organizations context, may influence the ITG implementation but that are not likely or intended, are a possibility that must be prepared for. Due to the fact that there is a clear need for methodological support for the actual tasks and challenges of IT Management (ITM) and ITG, it is surprising, that little attention is paid to these questions (Goeken and Alter, 2008). The main problem that this research contributes to solve is the following: There are many frameworks for IT Governance. However, organizations still fail to implement IT Governance due to their complexity and overlapping.

IT GOVERNANCE

In the academic literature a number of authors compiled mini reviews to support their own conceptual or empirical papers (Brown, 1997) (Bown and Grant 2005) (Brown and Magill, 1994) (Sambamurthy and Zmud 1999) (Sambamurthy and Zmud, 2000) (Tavakolian, 1989) (Brown and Grant, 2005) (De Haes and Grembergen, 2008) (Losso and Goeken, 2010) (Simonsson and Ekstedt, 2006). Nevertheless, literature review represents the foundation for research in IS. As such, review articles are critical to strengthening IS as a field of study (Webster and Watson, 2002). In accomplishing the literature review we followed the guidelines provided by (Webster and Watson, 2002). Today governance is a concept that can be used in many contexts; there are many different types of governance: Corporate Governance, Enterprise Governance and IT Governance. These types of governance are correlated and we should look to them as whole Governance with dependencies between them and an order to follow. Since ITG cannot exist in isolation but must be a sub-set of enterprise governance (Symons, 2005) and is also commonly referred as a sub-set of corporate governance (Lunardi et al., 2009) (Webb, 2006) we conclude that ITG is the most bottom level of the three types of governance and the most specific and focused. Since IT and IS are highly related, the lack of clarity about the concept of ITG is not surprising given that IS is a relatively new discipline that has emerged in a variety of different background disciplines including, but certainly not limited to, the social sciences and the computing sciences (Webb et al., 2006) (Goeken and Alter, 2008). Many studies continue to focus on defining ITG (Peterson, 2004) (Webb et al., 2006) and, as we can see by Table 1, many definitions have been proposed. A consensus about ITG definition still does not exist. The purpose of this research is not to decide which the most appropriate ITG definition is, or even propose a new one; however the concern is stated and a historical review of the main ITG definitions in the literature presented.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

346

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Researcher
Brown and Magill Luftman Sambamurphy and Zmud Gembergen

Year
1994

Reference
ITG decisions the locus of responsibility for IT functions. (Brown and Magill, 1994). ITG is the degree which the authority for making IT decisions is defined and shared among management, and the processes managers in both IT and business organizations apply in setting IT priorities and the allocation of the IT resources. (Luftman, 1996) ITG refers to the patters of authority for key IT activities (Sambamurthy and Zmud, 1999) ITG is the organizational capacity by the board, executive management and ITM to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT. (Grembergen, 2000) ITG describes a firms overall process for sharing decision rights about IT and monitoring the performance of IT investments. (Weil and Vitale, 2002) ITG consists of IT-related structures or architectures (and associated authority patterns), implemented to successfully accomplish (IT imperative) activities in response to an enterprises environment and strategic imperatives. (Schwarz and Hirschheim, 2003) ITG is the responsibility of the board of directors and executive management. It is a integral part of enterprise governance and consist of the leadership and organizational structures and processes that ensure that organizations IT sustains and extends the organizations strategies and objectives. (ITGI, 2004) ITG is specifying the decision rights and accountability standard to encourage desirable behavior in using IT. (Weil and Ross, 2004) ITG is the process by which decisions are made around IT investments. How decisions are made, who makes the decisions, who is held accountable, and how the results of decisions measured and monitored are all parts of ITG. (Craig et al., 2005) The strategic alignment of IT with business such that maximum business value is achieved though the development and maintenance of effective IT control and accountability, performance management, and risk management. (Webb et al., 2006) ITG is the preparation for, making of and implementation of IT-related decisions regarding goals, processes, people and technology on a tactical or strategic level. (Simonsson and Ekstedt, 2006) ITG is the process that ensures the effective and efficient use of IT in enabling an organization to achieve its goals. (Gerrard, 2010)

1996

1999

2000

Weil and Vitale

2002

Schwartz and Hirschheim

2003

IT Governance Institute(ITGI)

2004

Weil and Ross

2004

Craig et al.

2005

Webb et al.

2006

Simonsson and Ekstedt Gerrard

2006

2010

Table1.

ITG Definitions

The IT Governance Institute and Weil/Ross ITG definitions are the most adopted between researchers in the area (Nfuka and Rusu, 2010) (Park et al., 2006). In this paper we will adopt the ITGI definition.

ITG CONTINGENCY FACTORS

Several authors state that in ITG implementation and/or ITG frameworks implementation each case is a case. This fact leads us to the theory of the contingency factors that could influence organizations in their ITG implementation. ITG implementation is influenced by external and internal factors (Xue et al., 2006). Nevertheless, literature fails to reveal a clear and concise identification of these factors. From a literature review came a number of substantive conclusions relating the contingency factors to ITG implementation. Contingency factors include: organizational culture and structure, strategy, size, regional differences, industry, maturity, ethical and trust. A summary of the identified contingency factors as well as their literature references is present in Table 2. We now describe in detail each of the proposed Contingency Factors:

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

347

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Culture Corporate culture plays an invaluable role in the enterprise development. Management of culture is to make employees care about enterprise (Jiandong and Hongjun 2010) and its context refers to managing IT workers and workplaces in such a way that the social processes, which reflect the interactions among groups of people with differing worldviews, are taken into account (Weisinger and Trauth 2003). Surveys of CEOs during the past few years have identified organizational culture as one of the largest inhibitors to change and related business performance improvements (Gerrard 2009), which means corporate culture can influence the success of ITG implementation (Fink and Ploder, 2008). Structure The structure of IT is one of the major recurring issues in literature (Adams et al., 2008) (Gallagher and Worrel, 2008) (Goeken and Alter, 2008) (King, 1983) (Peak and Azadmanesh, 1997) (Sambamurthy and Zmud, 1999). The majority of the existing literature approaches the topic of ITG from existing or proposed structures point of view (Webb et al., 2006). IT has not only changed the traditional ways people acquire information, but has also broken old patterns of production management and profoundly changed firms organization structure in space and time. Organization structure is the necessary condition to the achievement of business goals by organizations (Gao et al., 2009). Organizational structure has being identified by the literature as a concern that should be taken into consideration in ITG implementation. Size Some studies have attempted to discover the effect of organization size on ITG (Brown and Grant, 2010) (Cochran, 2010) (De Haes and Grembergen, 2008). Sambamurthy states that the size of the firm influences the ITG mode through its effect on the mode of corporate governance (Sambamurthy and Zmud 1999). There are also evidences that many small organizations lack standardized project management practices (Cochran, 2010). Industry IT has a wide range of applicability across almost all industries (Tanriverdi, 2006). Some ITG studies only focus on a specific kind of industry (De Haes and Grembergen, 2008), others in more than one (Simonsson et al., 2008) who conducted interviews in separate industries and collected different results. ITG means different things in distinct industries, evident by the different regulations that have been developed (Webb et al., 2006). Regional Differences Some studies have been made about regional differences on ITG implementations. For example, (Weisinger and Trauth, 2003) pointed out the importance of aspects like language, local laws, and national information infrastructures. Another study performed by (Aagesen et al., 2011) made a cross-country comparative study where they found different ITG implementations, while (Fink and Ploder, 2008) performed some regional case studies in different countries. Maturity IT has matured so much that, in many ways, IT is a commodity. However, specialized resources are still needed (Cochran, 2010). The use of ITG maturity measurements is one of the means to evaluate the success of ITG (Dahlberg and Lahdelma, 2007). Some studies have been performed and interesting conclusions collected: a study compared different organizations and determined that, in general, the high performers have more mature ITG structures and processes (De Haes and Grembergen, 2008); another study identified possible requirements for good ITG maturity assessments (Simonsson and Johnson, 2008); and yet another study concluded that there is a correlation between ITG performance and ITG maturity indicators (Simonsson et al., 2008). Strategy How to accomplish strategic alignment between business and IT in the complex and dynamic environment of the real world remains a great unanswered challenge for the CIO and CEO (Ekstedt et al., 2004) (Silva et al., 2006) (Tallon et al., 1998), therefore ITG should be dealt with as a business strategy (Park et al., 2006). Some research projects focus on how strategic alignment impacts business performance (Simonsson, 2008) Strategy had even already been proposed as a possible contingency factor of ITG by (Brown and Grant, 2005). Ethical To promote ethical business practices, an organization needs a leader who is committed to something more than profits. Ethical awareness in corporate governance has a strong effect to ensure employee trust in the workplace (Memiyanty and Putera, 2010). In the interviews performed by

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

348

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

(Maidin and Arshad, 2010) most of the respondents agreed that ethic of compliance is an important aspect for ITG practices. Trust Many scholars claim that the concept of trust and cooperation is crucial for solving or at least minimizing governance failure (Memiyanty and Putera, 2010).
Contingency Factors Organizational Culture

Literature (Brown and Grant, 2005) (Fink and Ploder, 2008) (Gerard, 2009) (Hosseinbeig et al., 2011) (Jiandong and Hongjun, 2010) (Maidin and Arshad, 2010) (Symons, 2005) (Weisinger and Trauth, 2003) (Adams et al., 2008) (Aagesen et al., 2011) (Cochran, 2010) (De Haes and Grembergen, 2008) (Gallagher and Worrel, 2008) (Gao et al., 2009) (Guney and Cresswell, 2010) (Hosseinbeig et al., 2011) (Lunardi et al., 2009) (Park et al., 2006) (Shpilberg et al., 2007) (Symons, 2005) (Web et al., 2006) (Brown and Grant, 2005) (Cochran, 2010) (De Haes and Grembergen, 2008) (Jacobson, 2009) (Lunardi et al., 2009) (Brown and Grant, 2005) (De Haes and Grembergen, 2008) (Gerard, 2009) (Jacobson, 2009) (Jiandong and Hongjun, 2010) (Simonsson et al., 2008) (Tanriverdi, 2006) (Aagesen et al., 2011) (Fink and Ploder, 2008) (Gallagher and Worrel, 2008) (Shpilberg et al., 2007) (Weisinger and Trauth, 2003) (Cochran, 2010) (Dahlberg and Lahdelma, 2007) (De Haes and Grembergen, 2008) (Park et al., 2006) (Simonsson and Johnson, 2008) (Simonsson et al., 2008) (Brown and Grant, 2005) (Dahlberg and Lahdelma, 2007) (De Haes and Grembergen, 2008) (Jacobson, 2009) (Park et al., 2006) (Silva, and Chaix, 2008) (Symons, 2005) (Maidin and Arshad, 2010) (Memiyanty and Putera, 2010) (Memiyanty and Putera, 2010)

Organizational Structure

Size Industry Regional Differences Maturity Strategy Ethical Trust Table2.

Literature Reference(s) of Each Contingency factor

In our literature review few researchers approach the contingency factors topic; however, many researchers stated that each ITG implementation is different. In this section we analyzed the main literature and proposed a set of important contingency factors (supported by the literature) that organizations should have into consideration in ITG implementation.

ITG GUIDELINES

Guidelines have been designed, used, and adopted in several domains e.g. (Bohl et al., 2002) (Goeken and Alter, 2009) (Hevner et al., 2004) (Herzwurm and Pietsch, 2008) (Muller-Rathgeber et al., 2008) (Simonsson et al., 2008) (Takata et al., 2004) (Ungar and Parameswaran, 2005). Guidelines should be considered an instrument that ought not to be underestimated since they are necessary to obtain a uniformity regarding functionality and optics, as well as a desired quality level (Bohl et al., 2002). In this section, we will present our proposed guidelines for ITG implementation. Smith and Mosier (Smith and Mosier, 1986) suggest that every guideline development effort should begin and end by acknowledging other peoples significant contributions. Therefore, reviewing available ITG literature is an essential part for developing appropriate guidelines. Also, guidelines can be based on experience - either practical, or derived from research (Aagesen, 2011). In the available literature, both approaches can be seen (Hevner et al., 2004). We have studied the main literature in the area and proposed a set of guidelines (Table 4) that organizations should follow in order to increase ITG implementation success rate. These guidelines

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

349

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

provide a high level picture of ITGs main steps while, at the same time, describe What we need and How to do it to follow these steps. Guidelines 1 and 2 Companies seeking to deliver higher business performance by harnessing IT have focused on alignment (Fink and Ploder, 2008)(Shpilberg et al., 2007). Many researchers have studied the strategy alignment concern e.g. (Webb et al., 2006) and currently many companies also recognize that IT and business priorities must be tightly linked (Shpilberg et al., 2007). In fact, to create a sustained value for organizations, the development of the IT strategy must be closely connected to the business one (Luftman, 2000). When there is alignment, IT delivers services that are crucial to the companys strategies, operation, or user needs (Fink and Ploder, 2008). In recent literature, strategy is included in several frameworks proposed by researchers, e.g. (Simonsson et al., 2008)(Gerrard, 2010)(Lingyu et al., 2010) and strategy alignment is identified as an important issue for ITG (Grembergen, 2000) (ITGI, 2004) (Weil and Ross, 2004) (Simonsson and Ekstedt, 2006) (Webb et al., 2006). Therefore, IT strategy alignment is one of the most important steps on ITG implementation (Fink and Ploder, 2008) (Gerrard, 2010) (Symons, 2005) (Xiao-wen et al., 2009). Some authors even state that ensuring the alignment between business and IT is one of the primary goals of ITG (Nabiollahi and Sahibuddin, 2008) (Symons, 2005) (Xiao-wen et al., 2009). Guideline 3 ITG can be deployed using a mixture of various structures, processes and relational mechanisms (Grembergen et al., 2003) (Peterson, 2003) (Peterson et al., 2002) (Weil and Ross, 2004). A well-matured ITG framework should be based on three major elements: structures, processes and communication (Nabiollahi and Sahibuddin, 2008) (Symons, 2005). With ITG structures, process and relational mechanisms, organizations aim at securing that IT delivers value to the business in a transparent manner, that accountabilities are organized to support the maximal delivery of business value from IT, and that risks are mitigated according to business needs (Dahlberg and Lahdelma, 2007). Relational mechanisms are crucial in an ITG framework and paramount for attaining and sustaining business IT alignment, even when the appropriate structures and processes are in place (Callahan and Jeyes, 2003) (Henderson et al., 1993) (Keill et al., 2002) (Smaczny, 2001). Guideline 4 ITG is composed of processes with inputs, outputs, roles and responsibilities inherent to a process definition (Gerrard, 2010). Actually, the effective management of organizational IT resources, enabling the provision to achieve its goals, is done through a set of IT processes (Webb et al., 2006). With the alignment of IS strategy and business strategy, it is important that an organization designs ITG processes to be closely in tuned with those of its corporate governance (Webb et al., 2006). Simonsson and Ekstedt identified the implementation and management of IT processes as a dimension of ITG in which IT decisions are made and carried out (Simonsson and Ekstedt, 2006). Agarwal and Sambamurthy also identify a set of IT processes that should be present and managed in every IT function to convert foundation IT capabilities into business applications and services (Agarwal and Sambamurthy, 2002). Guideline 5 Even without consensus among academics and practitioners about how it should be done, IT/business alignment should be measured in an organization along with what procedures ought to be taken to maintain and improve it (Silva and Chaix, 2008). The decisions implications should also be monitored and measured (Simonsson and Ekstedt, 2006) always being conscious that how the results of decisions are measured and monitored is part of ITG (symons, 2005). Not just IT/business alignment, but also IT processes maintenance has to be measured, evaluated and controlled in order to implement ITG (Nabiollahi and Sahibuddin, 2008). Furthermore, monitoring and measuring have been used by several researchers in their frameworks as an important step for ITG implementation e.g. (Dahlberg and Lahdelma, 2007) (Lingyu et al., 2010) (Nabiollahi and Sahibuddin, 2008).

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

350

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Guideline

About what?

What do we need?

Literature (Gao et al., 2009) (Dahlberg and Lahdelma, 2007) (Webb et al., 2006) (Gerrard, 2009) (Agarwal and Sambamurthy, 2002) (Simonsson et al., 2008) (Shpilberg et al., 2007) (Maidin and Arshad, 2010)(Ploder, 2008) (Symons, 2005) (Jaafar and Jordan, 2009) (Gao et al., 2009) (Dahlberg and Lahdelma, 2007) (Webb et al., 2006) (Gerrard, 2009) (Agarwal and Sambamurthy, 2002) (Simonsson et al., 2008) (Shpilberg et al., 2007) (Maidin and Arshad, 2010) (Ploder, 2008) (Symons, 2005) (Jaafar and Jordan, 2009) (Fasanghari et al., 2008)(Jiandong and Hongjun, 2010) (Jacobson, 2009)(Dahlberg and Lahdelma, 2007) (Symons, 2005)(Jaafar and Jordan, 2009) (Hosseinbeig et al., 2011) (Dahlberg and Lahdelma, 2007)(Gerrard, 2009) (Simonsson et al., 2008 )(Simonsson et al., 2008) (Maidin and Arshad, 2010)(Symons, 2005) (Fasanghari et al., 2008) (Dahlberg and Lahdelma, 2007)(Webb et al., 2006) (Gerrard, 2009) (Simonsson et al., 2008) (Dahlberg and Lahdelma, 2007)(Silva, and Chaix, 2008)(Symons, 2005) (Jaafar and Jordan, 2009) (Maidin and Arshad,2010)

1 Where do we want to be?

Vision and IT/business objectives

IT/business strategies IT/business goals

Core competences 2 Where are we now? IT/business alignment, ITG maturity, IT/business strategic plan Assess IT department and maturity Assess enterprise Assess business/IT alignment 3 What do we need to get there? 4 How do we get where we want to be? Structures, processes, and relational mechanisms Collect information about the culture, strategy, structure, etc., of the organization and integrate them in the resulting documents of previous steps Materialize the plan defined in the previous step

IT processes

5 How do we know we have arrived there?

Metrics Measurements

IT Balance Scorecard Enterprise Balance Scorecard

6 Are we following the markets best practices? 7 How do we know we are doing it right? 8 How do we keep it on track?

Standards BPs Frameworks Compliance Audit Improvement Innovation Audit regularly Internal and external compliance Collect information to improve and innovate in order to prepare organization for current and future challenges (Dahlberg and Lahdelma, 2007) (Jacobson, 2009) (Jaferian et al., 2008) (Agarwal and Sambamurthy, 2002) (Shpilberg et al., 2007) (Maidin and Arshad, 2010) (Jacobson, 2009) (Guney and Cresswell, 2010) Be aware of BPs frameworks and standards (Dahlberg and Lahdelma, 2007) (Mellis, 1998)

Table 3.

ITG Guidelines

Grembergen even identified the control of the performance as a main element of ITG (Grembergen et al., 2003). The elements for implementing effective ITG are performance drivers that provide indicators on how ITG is achieving (Silva and Chaix, 2008). Guideline 6 Many frameworks (ITIL, COBIT, amongst others) were developed and proposed. These frameworks describe goals, processes, and organizational aspects of ITM and control. They are created and are put to use in practice (Goeken and Alter, 2008). While there is no single, complete, off-theshelf ITG framework, there are a number of frameworks available that can be useful for developing a governance model (Symons, 2005). Many researchers encourage the use of such frameworks frameworks and standards to help in ITG implementation e.g. (Jaafar and Jordan, 2009) (Nabiollahi and Sahibuddin, 2008) (Silva and Chaix, 2008) (Symons, 2005) (Webb et al., 2006). Guideline 7 Business development and changes in the supervision environment, internal rules and regulations tend to get more and more miscellaneous. Regulatory compliance mandates are becoming increasingly pervasive and burdensome in many countries, and compliance function is coming under ever increasing pressure by recent regulatory developments (PrinceWaterHouseCoopers, 2008). Some research has begun to focus on the audit and control aspects of ITG e.g. (Jacobson, 2009).

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

351

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Implementation of policies defines specific procedures and practices for compliance with each affected area, along with the method of oversight, compliance enforcement, and an escalation/appeal process to deal with requests for waivers or other exceptions that might be allowed (Gerrard, 2010). Therefore, organizations should ensure that are compliant with all the previously statements including regulations, processes, activities, etc. Guideline 8 IT now plays a more prominent role in corporate agility, enabling speedy and continual business innovation in products, services, channels, and supply and demand chain management (Agarwal and Sambamurthy, 2002). Technology is constantly changing and complexity increases with change. Nowadays, agility presents a challenge for many IS (Gallagher and Worrel, 2008). Firms are investing heavily on enterprise digital platforms to support innovations in their ecosystems that is, their business partnerships with customers, suppliers, and other specialist firms (Agarwal and Sambamurthy, 2002). A survey has concluded that many organizations spend 80% of their IT budget in maintenance, upgrades and less than 20% on new applications and capabilities (Shpilberg et al., 2007). However, for ITG implementation to be effective, organizations need to continually design governance (Weil and Ross, 2004), transforming and positioning IT for meeting future business challenges (Silva and Chaix, 2008). Decisions about business innovations require significant levels of collaboration and partnership between IT and business executives (Agarwal and Sambamurthy, 2002). Many organizations, and besides the existing frameworks, still dont know which steps perform first and got lost in ITG implementation. In this section we analyzed the main literature and proposed a set of general guidelines (which are not different from ITG implementation to ITG implementation) that organizations should have into consideration in ITG implementation.

EVALUATION

In order to validate our artefacts, besides the complete literature review and despite the little empirical work concerning ITG in the literature, we also mapped the artefacts with current theories and also used the results of a series of experts interviews. 6.1 Guidelines Vs Current Theories

We mapped our guidelines to some of the best known practices as well as with some guidelines described in the main books of the area. We mapped our guideline with four theories in the literature which can be seen in the next Tables (Table 4, Table 5, Table 6 and Table 7). The structure of the tables is: our guidelines in rows and theories steps/guidelines/etc. in columns.
Business Plan/ Objectives X X -------------IT Plan, Objectives, Portfolio Investment and Approvals X X -------------IT Plan Execution & Delivery Performance Management, Controls, Risk, Compliance and Vendor Management People Development, Continuous Process Improvement & Learning

1 2 3 4 5 6 7 8

-------------X --------------

-------------X -------------X

--------------

--------------

--------------

-------------X

Table 4.

ITG Imperatives and Work Areas

The first theory is described by Selig (Selig, 2008), the authors developed an ITG framework in which they identify five critical ITG imperatives and work areas. In Table 4 we conclude that our guidelines fulfill the areas of work contained in the theory described by (Selig, 2008). However, this theory lacks some completeness leaving some of our guidelines without a match.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

352

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

The second theory is the Deming Cycle. In the 1950's Deming proposed that business processes should be analyzed and measured to identify sources of variations that cause products to deviate from customer requirements. He recommended that business processes be placed in a continuous feedback loop so that managers can identify and change the parts of the process that need improvements. Deming created a (rather oversimplified) diagram to illustrate this continuous process, commonly known as the PDCA (Plan, Do, Check and Act) cycle.
Plan X X Do Check Act

1 2 3 4 5 6 7 8

X X X X X X

Table 5.

Deming Cycle

This PDCA cycle has been adopted by some frameworks that use the cycle to justify or clarify their guidance, for example ITIL V3, or ISO 20000, or even the Balanced Scorecard. Since this PDCA cycle seems to be important for some relevant frameworks in order to implement an iterative process, and since we saw that IT is constantly changing and organizations feel the necessity of a iterative process to control the changes, we decided to map our guidelines with deming cycle phases in order to demonstrate that our guidelines could work as an iterative process. The result is presented in Table 5 where the guidelines designed can fulfill the need of an iterative process and mitigate the risks of the constantly IT changing. The third theory was developed by (Grembergen and De Haes, 2008) in order to help organizations in ITG implementation. De Haes and Grembergen are two respected authors with several articles and books published in this area. In order to understand if our guidelines are aligned with this guide, we mapped our guidelines with it (Table 6).
Set Up Support Communication and awareness Mechanisms X X ------------------------------------------------------------X ------------------------Involve Executive Management and the Board of Directors Use Performance Measurement Tools Set Up a Clear IT Organization and Decision Structure

Define Business Goals and IT Goals

Define the Right ITG Process

Install IT Steering and IT Strategy Committees X X

1 2 3 4 5 6 7 8

X X X X ------------------------X X

Table 6.

Grembergen and De Haes Guide

By Table 6, we conclude that our guidelines fulfill this theory, although some of our guidelines do not have a correspondent activity. We can conclude that our guidelines are more complete that the guide provided by (Grembergen and De Haes, 2008).

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

Manage and Align the IT Investment Portfolio

Manage Roles and Responsibilities

353

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

The fourth theory is present by (Selig, 2008) which describes a pragmatic business and IT planning process used successfully in industry that is called pressure point analysis. IT is primarily based on analyzing internal and external pressures and trends, and addressing six basic questions.
Where are we? 1 2 3 4 5 6 7 8 X X X X ---------------------------------------------------------------------------------------------------------------------------------------------------------------------X ---------------------------------What could we do?

Why change? X

What should we do?

How do we get there?

Did we get there?

Table 7.

Pressure Points analysis

After analyzing Table 7 we can observe that our guidelines cover the six steps of the pressure point analysis theory which indicate our guidelines support the constantly improving of ITG process. 6.2 Interviews

We also performed nine interviews (90 minutes each) with ITG experts who have strategic alignment and ITG knowledge in their organizations. Seven interviews were performed in Portugal and two in Ireland by Skype. The interviewees were 3 consultant organizations (1, 2 and 7) and 6 non-consultant (3, 4, 5, 6, 8 and 9) organizations. Table 8 shows a summary of the results. We used colors to make Table 8 easier to read. In contingency factors we used yellow and orange to highlight the first (yellow) and second (orange) choice of the interviewees (we asked them to rank the contingency factors by relevance). We also used the green and red in the yes/no questions in order to highlight the positive (green) and negative (red) responses. Overall, our artefacts are seen as relevant, complete and useful by the interviewees. Also, few improvements were proposed, thus reinforcing that our framework is complete. The third interviewee was the only one to disagree with the proposed guidelines. He argued that guidelines 4, 6, and 8 are not needed and a new one about investment decision making between guideline 2 and 3 was missing. However, since we have strong literature support and only one interviewee mentioned this argument, we decided to keep the guidelines without changes. The fifth interviewee stated that such guidelines were not useful since COBIT already has guidelines with such abstraction.
ITG Contingency Factors Interviewees Regional D. Complete? Structure Missing? Maturity Industry Strategy Useful? Useful? Culture Ethic Trust Guidelines Remove step? No No Yes No No No No No No Complete? Yes Yes No Yes Yes Yes Yes Yes Yes General? Yes Yes Yes Yes Yes Yes Yes Yes Yes

1 2 3 4 5 6 7 8 9 1 3 1 1 2 1 2 1 4 3 1

2 2

1 1 2

3 3 3 4 4 2 2 3

Size

Yes Yes Yes Yes No No No Yes Yes

No No No No

Yes Yes Yes Yes

Yes Yes Yes Yes No Yes Yes Yes Yes

2 3 3 4 1 2

Yes Yes Yes Yes Yes Yes No Yes No Yes

Table 8. Artefacts Evaluation by Experts

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

354

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Fifth, sixth and seventh interviewees stated that some factors were missing. The fifth and sixth referred the organizations financial power (which we believe that could be related with organization size since bigger organizations certainly have more financial power and vice versa) while the seventh mentioned the people (which we believe to be related with ethic and trust, since ethic and trust are social values that should cross the entire human resources). Culture, structure, industry and maturity are seen as the most relevant contingency factors for ITG implementation. On the other side, Regional Differences wasnt chosen by any interviewee, which can be justified by the fact that in general the interviewees are not familiarized with ITG implementations beyond their country. Several conclusions could be withdrawn from the interviews: Culture, structure, industry and maturity are seen as the most relevant contingency factors for ITG implementation. Contingency factors were identified by all the interviewees as a relevant concern and useful as information available at the beginning of ITG implementations. Regional Differences was the only contingency factor not chosen by the interviewees. However it could be related with the fact that the interviewees only had experience in one country reality. Consultant organizations tend to give more importance to industry and maturity Non consultant organizations tend to assign higher relevance to culture and structure Most of the interviews see the guidelines as useful, compete and general Experts gave an excellent feedback and validated all our artefacts. Few improvements or changes were proposed. Most of them do not question the validity of the artefacts, but simply add something. This makes sense, since we are analyzing information from two different sources (literature and practitioners).

CONCLUSION

This research provided us some important learning in ITG field. Based on both scientific and practitioner viewpoint with achieved the formalization of the contingency factors and ITG general guidelines. Yet, the way consultant and non-consultant organizations look to Contingency Factors is quite different. Moreover, it is interesting that existing Frameworks also dont make any reference to the different viewpoint of consultant and non-consultant organizations since many non-consultant organizations hire consultant organizations to implement some domains as ITG and such divergent viewpoints of what they should be worried or focus first can be the reason of some problems. From the literature few theories were founded to map with our guidelines in order to evaluate them. This fact can indicate the lack of such general directives to provide an initial roadmap to the organizations before ITG implementation. We also perceived that most frameworks in the market intend to focus in a specific area instead in overall ITG and ITM topic. Such fact calls for an extra effort of the organizations in understand which frameworks or frameworks are advisable and needed and integrated them with organizations structure, and known that frameworks dont provide any guidance in contingency factors and also overlap each other it is expectable that organizations take much more time and waste resources in that journey. Our research also has some limitations as well. So far we leverage our artefacts based on literature review and also validated them with experts interviews. However, more interviews are required in order to achieve more concrete and coherent results. In a future the achievement of a more concrete and coherent differentiation of the most important Contingency Factors for consultants and nonconsultants as well as for each type of organization must be explored. We evaluated our proposed guidelines with other current and already published theories. From this evaluation we concluded that our guidelines are more complete that all the other theories, so they cover the current theories and also add some current concerns of researchers.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

355

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

We can conclude that the potential of our artefacts could be further if properly explored. We can now affirm that we designed a set of artefacts that add important knowledge to the ITG literature and helpful in ITG implementation. Future work should pass by the identification of the main ITG and IT Management areas and together with the contingency factors and ITG guidelines that we propose on this paper design an integrated ITG and IT Management framework. We will also keep performing more expert interviews.

REFERENCES

Aagesen G., van Veenstra A.F., Janssen M. and Krogstie J. 2011. The Entanglement of Enterprise Architecture and IT-Governance: The Cases of Norway and the Netherlands. In 44th Hawaii International Conference on System Sciences, pp. 1-10, HICSS, Hawaii, USA. Adams C.R., Larson E.C. and Xia W. 2008. IS/IT Governance Structure and Alignment: An Apparent Paradox. MISRC. Agarwal R. and Sambamurthy V. 2002. Principles and Models for Organizing the IT Function. MIS Quarterly Executive, 1(1). Benroider E. 2008. IT governance for enterprise resource planning supported by the DeLone-McLean model of information systems success. Information & Management, 45(5): 257-269. Bingi P., Sharma M. and Godla J. 1999. Critical issues affecting an ERP implementation. Information Systems Management Decision, 16(3): 7-14. Bohl O., Frankfurth A., Schelhase J. and Winand U. 2002. Guidelines A Critical Success Factor in the Development of Web-based Trainings. In International Conference on Computers in Educational, pp.545546 vol.1, ICCE, Auckland, New Zealand. Broussard F.W. and Tero V. 2007. Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach. White Paper. Brown C.V. 1997. Examining the Emergence of Hybrid IS governance Solutions: Evidence from a Single Case Site. Information Systems Research, 8(1), 69-95. Brown A.E. and Grant G.G. 2005. Framing the Frameworks: A Review of IT Governance Research. CAIS, 15: 696-712. Brown C.V. and Magill S.L. 1994. Alignment of the IS Functions with the Enterprise: Toward a Model of Antecedents. MIS Quarterly, (18)4, 371-404. Buckhout S., Frey E. and Nemec Jr. J. 1999. Making ERP succeed. Turning fear into promise. IEEE Transactions of Engineering Management, 27(3), 116-123. Callahan J. and Jeyes D. 2003. The evolution of IT Governance at NB Power. In Grembergen, W.V. (Ed.) Strategies for Information Technology Governance, PA: Idea Group Publishing, Hershey. Cochran M. 2010. Proposal of an Operations Department Model to Provide IT Governance in Organizations that Don't have IT C-Level Executives. In 43rd Hawaii International Conference on System Sciences, pp.1-10, HICSS, Hawaii, USA. Craig S., Cecere M., Young G.O. and Lambert N. 2005. IT Governance Framework: Structures, Processes, And Communication. White Paper, Forester Research. Dahlberg T. and Lahdelma P. 2007. IT Governance Maturity and IT Outsourcing Degree: An Exploratory Study. In 40th Annual Hawaii International Conference on System Sciences, pp. 236a, HICSS, Hawaii, USA. De Haes S. and Grembergen W.V. 2008. Analysing the Relationship between IT Governance and Business/IT Alignment Maturity. In 41st Annual Hawaii International Conference on System Sciences, pp.428, HICSS, Hawaii, USA. Ekstedt M., Johnson P., Lindstrom A., Gammelgard M., Johansson E., Plazaola, L. Silva E. and Lilieskold J. 2004. Consistent Enterprise Software System Architecture for the CIO: A Utility-Cost Based Approach. In 37th Annual Hawaii International Conference on System Sciences, p. 1-10, HICSS, Hawaii, USA. Fasanghari M., NasserEslami F. and Naghavi M. 2008. IT Governance Standard Selection Based on Two Phase Clustering Method. In Fourth International Conference on Networked Computing and Advanced Information Management, p.513-518, NCM, Gyeongju, Corea.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

356

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Fink K. and Ploder K. 2008. Decision Support Framework for the Implementation of ITGovernance. In 41st Annual Hawaii International Conference on System Sciences, pp. 432. HICSS, Hawaii, USA. Frank U. 1999. Conceptual Modelling as the Core of the Information Systems Discipline: Perspectives and Epistemological Challenges. In Fifth Americas Conference on Information, pp.695698, AMCIS, Milwaukee, USA. Gallagher K.P. and Worrel J.L. 2008. Organizing IT to Promote Agility. Inf. Technol. Manag., 9(1): 71-88. Gao S., Chen J. and Fang D. 2009. The Influence of IT Capability on Dimensions of Organization Structure. In Second International Conference on Future Information Technology and Management Engineering, p. 269-273, FITME, Sanya, China. Garrity J.T. 1963. Top Management and Computer Profits. Harvard Business Review, 41(4), 6-13. Gerrard M. 2009. IT Governance, a Flawed Concept: Its Time for Business Change Governance. Gartner ID:G00171658 Gerrard M. 2010. Defining IT Governance: The Gartner IT Governance Demand/Supply Model. Gartner ID:G00140091 Goeken M. and Alter S. 2008. Representing IT Governance Frameworks as Metamodels. In International Conference on E-Business, Enterprise Information Systems, E-Government, and Outsourcing, pp.48-54. CSREAEEE, Nevada, USA. Grembergen V.W. 2000. The balanced scorecard and IT governance. Information Systems Control Journal, 2: 40-41. Grembergen W.V. and De Haes S. 2008. Implementing Information Technology Governance: Models, Practices, and Cases. IGI Publishing, Hershey, New York. Grembergen W.V., De Haes S. and Guldentops E. 2003. Structures, Processes and Relational Mechanisms for IT Governance. In Grembergen, W.V. (Ed.) Strategies for Information Technology Governance, PA: Idea Group Publishing, Hershey. Guney S. and Cresswell A.M. 2010. IT Governance as Organizing: Playing the Game. In 43rd Hawaii International Conference on System Sciences, pp.1-10, HICSS, Hawaii, USA. Henderson J.C., Venkatraman N. and Oldach S. 1993. Continuous Strategic Alignment: Exploiting Information Technology Capabilities for Competitive Success. European Management Journal, 11(2): 139-149. Herzwurm G. and Pietsch W. 2008. Guidelines for the Analysis of IT Business Models and Strategic Positioning of IT-Products. In Second International Workshop on Software Product Management, pp.1-8, IWSPM, Barcelona, Spain. Hevner A.R., March S.T., Park J. and Ram S. 2004. Design Science in Information Systems Research. Management Information Systems Quarterly, 28(1): 75-105. Hosseinbeig S., Karimzadgan-Moghadam D., Vahdat D. and Moghadam R.A. 2011. IT strategic alignment maturity and IT governance. In 4th International Conference on Interaction Sciences, pp.67-72. ICIS, Busan, Korea. Huang C. and Hu Q. 2007. Achieving IT-Business Strategic Alignment via Enterprise-Wide Implementation of Balanced Scorecards. Information Systems Management, 24(2): 173184. Information Technology Governance Institute 2004. Board Briefing on IT Governance. IT Governance Institute, United States of America. Information Technology Governance Institute 2007. IT Governance Institute: COBIT 4,1, www.isaca.org. Jaafar N.I. and Jordan E. 2009. Information Technology Governance (ITG) Practices and Accountability of Information Technology (IT) Projects A Case Study in a Malaysian Government-Linked Company (GLC). In: Pacific Asia Conference on Information Systems, paper 31, PACIS, Hyderabad, India. Jacobson D.D. 2009. Revisiting IT Governance in the Light of Institutional Theory. In 42nd Hawaii International Conference on System Sciences, p.1-9, HICSS, Hawaii, USA. Jaferian P., Botta D., Raja F., Hawkey K. and Beznosov K. 2008. Guidelines for designing IT security management tools. Computer Human Interaction for the Management of Information Technology, 7-10.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

357

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Jeusfeld M.A., Jarke M., Nissen H.W. and Staudt M. 2006. ConceptBase: Managing Conceptual Models about Information Systems. In Bernus, P., Mertins, K., Schmidt, G. (eds.) Handbook on Architectures of information Systems. International Handbooks Information System, pp.273294, Springer, Heidelberg. Jiandong Z. and Hongjun X. 2010. The Research on Staff Well-being in IT Industry in China. In International Conference on Optics Photonics and Energy Engineering, p. 48-51, ICOPEE, Wuhan, China. Keill M. et al 2002. Reconsiling user and propject manager perceptions of IT project risk: a delphi study. Information Systems Journal, 12: 103-119. King J.L. 1983. Centralized versus Decentralized Computing: Organizational Considerations and Management Options. Computing Survey, 15: 320-349. Lingyu H., Bingwu L., Ruiping Y. and Jianzhang W. 2010. An IT Governance Framework of ERP System Implementation. In Computing Control and Industrial Engineering, pp.431-434, CCIE, Wuhan, China. Losso S. and Goeken M. 2010. Application of Best-Practice Reference Models of IT Governance. In the 18th European Conference on Information Systems, ECIS, Pretoria, South Africa. Luftman J. 1996. Competing in the Information Age: Strategic Alignment. Oxford University Press, New York. Luftman J. 2000. Assessing Business-IT Alignment Maturity. Communications of The Ais, 4, Article 14. Lunardi G.L., Becker J.L. and Macada A.C.G. 2009. The Financial Impact of IT Governance Mechanisms' Adoption: An Empirical Analysis with Brazilian Firms. In 42nd Hawaii International Conference on System Sciences, pp.1-10, HICSS, Hawaii, USA. Maidin S.S. and Arshad N.H. 2010. IT governance practices model in IT project approval and implementation in Malaysian public sector. In International Conference on Electronics and Information Engineering, pp. V1-532 -V1-536. ICEIE, Kyoto, Japan. Mellis W. 1998. Software quality management in turbulent times - are there alternatives to process oriented software quality management?. SQJ, 7(3/4): 277-295. Memiyanty A.R. and Putera M.S. 2010. Ethical Leadership and Employee Trust: Governance Perspective. In International Conference on Information and Financial Engineering, pp.848851, ICIFE, Chongqing, China. Moody D.L. and Shanks G.G. 2003. Improving the Quality of Data Models: Empirical Validation of a Quality Management Framework. Inf. Syst., 28(6): 619650. Morimoto S. 2009. Application of COBIT to Security Management in Information Systems Development. In Fourth International Conference on Frontier of Computer Science and Technology, p. 625 630, FCST, Shangai, China. Muller-Rathgeber B., Eichhorn M., and Michel H.-U. 2008. A unified Car-IT CommunicationArchitecture: Design guidelines and prototypical implementation. In International Conference Vehicular Electronics and Safety, pp.70 714, ICVES, Columbus, USA. Nabiollahi A. and Sahibuddin S. 2008. Considering Service Strategy in ITIL V3 as a Framework for IT Governance. In Information Technology International Symposium, p.1-6, ITSim. Nfuka E.N. and Rusu L. 2010. Critical Success Factors for Effective IT Governance in the Public Sector Organizations in a Developing Country: The Case of Tanzania. In 18th European Conference on Information Systems, paper 128, ECIS, Pretoria, South Africa. Park H.Y., Jung S.H., Lee Y. and Jang K.C. 2006. The Effect of Improving IT Standard in IT Governance. In International Conference on Computational Intelligence for Modelling, Control and Automation, p.22, CIMCA, Australia. Peak D.A. and Azadmanesh M.H. 1997. Centralization/Decentralization cycles in computing: Market evidence. Information & Management, 31: 303-317. Pereira R. and Mira da Silva M. 2010. A Maturity Model for Implementing ITIL v3. In 6th World Congress on Services, pp. 399-406, SERVICES-1, Florida, USA. Pereira R. and Mira da Silva M. 2011. A Maturity Model for Implementing ITIL V3 in Practice. In 15th IEEE International Enterprise Distributed Object Computing Conference Workshops, p. 259 268, EDOCW, Helsinki, Finland.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

358

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Peterson R.R. 2003. Integration Strategies and Tactics for Information Technology Governance. In Grembergen, W.V. (Ed.) Strategies for Information Technology Governance, PA: Idea Group Publishing, Hershey. Peterson R.R. 2004. Integration Strategies and Tactics for Information Technology Governance. In Strategies for Information Technology Governance, p. 37-80. Idea Group, London. Peterson R.R., Parker M.M. and Ribbers P. 2002. Information Technology Governance Processes under environmental dynamism: investigating competing theories of decision making and knowledge sharing. In 23rd International Conference of Information Systems, pp. 562-575, ICIS Radovanovic D., Radojevic T., Lucic D. and Sarac M. 2010. IT audit in accordance with Cobit standard. In 33rd International Convention MIPRO, p. 1137 1141, Opatija, Croatia. Recker J.C. 2005. Conceptual Model Evaluation. Towards more Paradigmatic Rigor. In: Halpin, T., Siau, K., Krogstie, J. (eds.) In Workshop on Evaluating Modeling Methods for Systems Analysis and Design held in Conjunction with the 17th Conference on Advanced Information Systems, EMMSAD CAiSE, Porto, Portugal. Ridley G., Young J. and Carroll P. 2004. COBIT and its utilization: a framework from the literature. In 37th Annual Hawaii International Conference on Systems Sciences, p. 1-8, HICSS, Hawaii, USA. Sahibudin S., Sharifi M. and Ayat M. 2008. Combining ITIL, COBIT and ISO/IEC 27002 in Order to Design a Comprehensive IT Framework in Organizations. In Second Asia International Conference on Modeling & Simulation, p. 749 753, AICMS, Kuala Lumpur, Malaysia. Sambamurthy V. and Zmud R.W. 1999. Arrangements for Information Technology Governance: A Theory of Multiple Contingencies. MISQ, 23(2): 261-290. Sambamurthy V. and Zmud R.W. 2000. Research commentary: the organizing logic for an enterprise's IT activities in the digital era: a prognosis of practice and a call for research. Information Systems Research, 11(2), 105-114. Schwarz A. and Hirschheim R. 2003. An Extended Platform Logic Perspective of IT Governance: Managing Perceptions and Activities of IT, Journal of Strategic Information Systems (12)2: 129-166. Scott J.E. 1999. The FoxMeyer drugs bankruptcy: was it a failure of ERP?. In Fifth Americas Conference on Information Systems, p. 223-225, ACIS, Milwaukee, USA. Selig G.J. 2008. Implementing IT Governance: A Practical Guide to Global Best Practices in IT Management. Van Haren Publishing, Zaltbommel. Shpilberg D., Berez S., Puryear R. and Shah S. 2007. Avoiding the Alignment Trap in Information Technology. MIT Sloan Management Review, 49(1): 51-58. Silva E. and Chaix Y. 2008. Business and IT Governance Alignment Simulation Essay on a Business Process and IT Service Model. In 41st Annual Hawaii International Conference on System Sciences, pp.434, HICSS, Hawaii, USA.Simon, H.A. (1996). The Sciences of the Artificial. 3rd Edition. MIT Press, Massachusetts. Silva E., Plazaola L. and Ekstedt M. 2006. Strategic Business and IT Alignment, A Prioritized Theory Diagram. In Technology Management for the Global Future, p. 1 8, PICMET, Istambul, Turkey Simonsson M. and Ekstedt M. 2006. Getting the Priorities Right: Literature vs Practice on IT Governance. In Portland International Conference on Management of Engineering & Technology, pp.18-26, PICMET, Portland, USA. Simonsson M. and Johnson P. 2008. The IT Organization Modeling and Assessment Tool: Correlating IT Governance Maturity with the Effect of IT. In 41st Annual Hawaii International Conference on System Sciences, pp.431, HICSS, Hawaii, USA. Simonsson M., Johnson P. and Ekstedt M. 2008. IT Governance Decision Support Using the IT Organization Modeling and Assessment Tool. In Portland International Conference on Management of Engineering & Technology, pp.802-810, PICMET, Portland, USA. Smaczny T. 2001. Is an alignment between business and Information Technology the appropriate paradigm to manage IT in todays organizations?. Management Decisions, 39(10). Smith S. L., and Mosier J. N. 1986. Guidelines for designing user interface software. Report ESDTR-86-278. Bedford, MA: The MITRE Corporation.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

359

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012) June 7-8, Munich, Germany

Symons C. 2005. IT Governance Framework. Forrester Takata Y., Nakamura T., and Seki H. 2004. Accessibility verification of WWW documents by an automatic guideline verification tool. In 37th Annual Hawaii International Conference on System Sciences, pp.10, HICSS, Hawaii, USA. Tallon P. et al 1998. A Process-Oriented Assessment of the Alignment of Information Systems and Business Strategy: Implications for IT Business Value. In Proceeding s of the Association for Information Systems Americas Conference, Maryland, USA. Tanriverdi H. 2006. Performance Effects of Information Technology Synergies in Multibusiness Firm. MISQ, 30(1), 57-77.Tapia, R.S., Daneva, M. and Eck, P.V. (2007). Developing an Inter-Enterprise Alignment Maturity Model: Research Challenges and Solutions. Technical report, University of Twente Tavakolian H. 1989. Linking the Information Technology Structure with Organizational Competitive Strategy: A Survey. MIS Quarterly, 13: 309-317. Taylor S., Iqbal M. and Nieves M. 2007. ITIL. TSO publications, Norwith. Ungar L.Y., and Parameswaran R. 2005. Knowledge base to manage the grading and selection of testability guidelines. In Autotestcon, pp.444450, AUTEST, Orlando, USA Xiao-wen L., Xiao-chun L. and Ke-jin H. 2009. Design and implementation of IT governance planning decision supporting system. In Chinese Control and Decision Conference, pp.5629-5632, CCDC, Guilin, China. Xue Y., Liang H. and Boulton W.R. 2006. Information Technology Governance in Information Technology Investment Decision Processes: The Impact of Investment Characteristics, External Environment, and Internal Context. MISQ, 32(1): 67-96. Webb P., Pollard C. and Ridley G. 2006. Attempting to Define IT Governance: Wisdom or Folly?. In 39th Annual Hawaii International Conference on System Sciences, p.194a, HICSS, Hawaii, USA. Webster J. and Watson R.T. 2002. Analyzing the Past to Prepare for the Future: Writing a Literature Review. MIS Quaterly, 26(2): xiii-xxiii. Weil P. and Ross J.W. 2004. IT Governance: How Top Performers Manage IT Decision Rights for Superior Result. Harvard Business School Press, Boston, Massachusetts. Weill P. and Vitale M. 2002. What IT Infrastructure Capabilities are Needed to Implement EBusiness Models?. MIS Quarterly Executive, 1(1): 17-34. Weisinger J.Y. and Trauth E.M. 2003. The Importance of Situating Culture in Cross-Cultural IT Management. In IEEE Transactions on Engineering Management, pp. 26-30, TEM, Saint Louis, MO, USA. Wilbanks L. 2008. IT Management and Governance in Equal Parts. It Professional, 10(1): 60-61.

Ruben Pereira and Miguel Mira da Silva A Literature Review: Guidelines and Contingency Factors for IT Governance

360