You are on page 1of 19

European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)

June 7-8, Munich, Germany

A LITERATURE REVIEW: GUIDELINES AND


CONTINGENCY FACTORS FOR IT GOVERNANCE

Ruben Pereira, PhD Student, Computer Science Department, Instituto Superior Tecnico, Lisbon
rubenfspereira@ist.utl.pt
Miguel Mira da Silva, Professor, Computer Science Department, Instituto Superior Tecnico, Lisbon
mms@ist.utl.pt

Abstract
ITG has been recognized as a CIO top-10 issue for more than five years and has risen in
priority between 2007 and 2009. Several Frameworks exist to help organizations in ITG
implementation but lack scientific viewpoint, are complex, and also overlap each other. In this
paper we make a literature review to leverage the ITG Contingency factors and ITG general
guidelines in order to provide a scientific viewpoint validation. We also evaluate our artefacts
with experts interviews so we provide practitioner viewpoint validation. Finally, we conclude
our research with main contributions and future work.
Keywords: IT Governance, Contingency Factors, IT Governance Guidelines

1 INTRODUCTION
Almost 50 years ago Garrity argued that information technology (IT) structure could have an impact
on firms performance (Garrity, 1963). Nowadays, IT plays an important role in the modern social and
economic life (Jiandong and Hongjun, 2010). IT has not only changed the traditional ways through
which people acquire information, but has also broken old patterns of production management and
profoundly changed firms organization structure in space and time (Gao et al., 2009). IT plays a
significant role in inter-organizational transactions and relations. Thus, IT has become a valuable asset
and resource in contemporary business strategy literature (Dahlberg and Lahdelma, 2007).
The rapidly changing business world demands flexibility and responsiveness in business and,
therefore, in IT as well (Adams et al., 2008). Nowadays IT and Information Systems (IS) are highly
related and agility also represents a challenge for many IS today (Gallagher and Worrel, 2008).
Since IT has become crucial to the support, sustainability and growth of the business, this pervasive
use of technology has created a critical dependency on IT that calls for a specific focus on IT
Governance (ITG) (De Haes and Grembergen, 2008). Some studies have shown that companies which
have good ITG models generate superior returns on their IT investments than their competitors
(Lunardi et al., 2009) (Webb et al., 2006). With IT investments making up a significant portion of
corporate budgets and increased external pressure to control and monitor costs, effective ITG is seen
as a vital way to ensure returns on IT investments and improved organizational performance
(Jacobson, 2009).
ITG has been a concern in the last 20 years. However, good ITG is no longer a nice to have. Good
ITG is a must have and can contribute to higher returns on assets at a time when business is
increasing their technology investment (Webb et al., 2006). ITG elevates information to a key
organizational asset and treats governance of information at par with governance of other assets, such
as human, financial, intellectual, and relationship assets (Fasanghari et al., 2008). Organizations can
no longer afford to have ITG by default or bad ITG by design (Symons, 2005). ITG is not only
designed to achieve internal efficiency in the IT organization, such as deploying good IT processes
and making sure that the means and goals are documented. The final goal of good ITG is rather to
provide the business with the support needed to conduct business in a good manner (Simonsson et al.,
2008).

Pereira and da Silva 342


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

The purpose of this paper is to perform a literature review and identify what are the contingency
factors as well as the general guidelines to be followed. To better understand where we are heading
and where we currently stand, a review of where we started is needed. Our produced artefacts will be
implicit evaluated by literature review and were also evaluated with experts interviews.
In next section we describe the current ITG problem(s) in more detail. On section 3 we review the
literature, from where we extract our proposals. Because research in some of the proposed proposal
artefacts is poorly explored/synthesized or even in the early stages, part of this research is exploratory
rather than hypothesis testing. Exploratory research often builds on secondary research, such as
reviewing available literature and/or data or qualitative approaches such as informal discussions with
customers, employees, management or depth interviews, focus group projective methods, case studies
or pilot studies (De Haes and Grembergen, 2008). Our research strategy for ITG implementation
guidelines and ITG contingency factors was based on literature review. The approach used in this
paper follows the concept-centric methodology of IS literature reviews as outlined in (Webster and
Watson, 2002). In section 4 we present evaluation of the artefacts proposed based on interviews and
comparison with current theories. Finally, in section 5 we take our conclusions, including future work.

2 PROBLEM
Since nineties that ITG is a concern. Indeed, Gartner states that ITG has been recognized as a CIO top-
10 issue for more than five years and has risen in priority between 2007 and 2009 (Gerrard, 2009).
ITG has been identified as an appropriate solution to deal with increasing IT changes and complexity.
Although ITG relevance for business success, conceiving the ITG model is just the first step,
implementing ITG as a sustainable solution is the next challenging step (Fasanghari et al., 2008).
There are evidences of the positive effect of good ITG implementation in organizations, for example:
With the help of well-organized ITG, organizations may increase their return on IT investments
by as much as 40% (Weil and Ross, 2004).
Enterprises that perform well in ITG may gain returns on IT investment 40% higher than their
competitors; given the same business strategy, those with an average performance in ITG may
make 20% more profit (Lingyu et al., 2010).
In spite of all these evidences about influence of ITG in organizations success and returns, there are
also evidences that IT keep being badly managed and governed:
The far-reaching structural changes following an ERP implementation can be disastrous, as
shown by examples (Bingi et al., 1999)(Buckhout et al., 1999)(Scott, 1999). Indeed, 70% of ERP
implementations fail to achieve their corporate goals (Benroider, 2008).
The delay in the implementation of a earlier product versions were frustrating because many of
these projects took well in excess the timeline originally targeted (Gallagher and Worrel, 2008)
Organizations must stop spending more than 80% of their IT budget in maintenance, patches,
upgrades and other routine expenses, and less than 20% on the development of new applications
and capabilities (Shpilberg et al., 2007).
72% of IT projects are late, over budget, lacking in functionality, or never delivered; of the
successful projects (28%), 45% were over budget and 68% took longer than planned (Lunardi
et al., 2009).
Many companies spend about 50% of all their capital investment on IT (Lunardi et al., 2009).
Huge IT investment did not bring significant benefits (Gao et al., 2009).
There is no single best IT organizational structure or governance arrangement because IT needs to
respond to the unique environments within which exists (Agarwal and Sambamurthy, 2002) (Lunardi
et al., 2009). Nevertheless, organizations use frameworks to support their ITG implementation. ITIL
[Taylor et al., 2007] and COBIT [ITGI, 2007] are among the most used and adopted frameworks by
organizations (Broussard and Tero, 2007).
Besides the frameworks, several organizations keep designing their own (Broussard and Tero, 2007).
In order to understand why organizations still prefer to develop their own frameworks instead of
adopting the most important frameworks we used conceptual modeling to represent these frameworks.

Ruben Pereira and Miguel Mira da Silva 343


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Conceptual models are a prerequisite for successfully planning and designing complex systems
(Moody and Shanks, 2003) (Frank 1999) (Recker, 2005) (Jeusfeld et al., 2006). Conceptual modeling
has been employed to facilitate, systematize, and aid the process of information systems engineering
(Recker, 2005).

Figure 1. ITIL V3 Conceptual Model (Pereira and Mira da Silva, 2011)

ITIL and COBIT were chosen as examples of frameworks to be modelled since they are the most
adopted frameworks (Broussard and Tero, 2007). With respect to ITIL, our research already provided
a conceptual model (Pereira and Mira da Silva, 2011). As we can see in Figure 1, we demonstrated
that ITIL is a complex framework with many dependencies between processes that make difficult
implementation by organizations.
With respect to COBIT, which is seen in the business and academic world as the best and most
complete ITG framework (Radovanovic et al., 2010) (Ridley et al., 2004), we designed a COBIT
conceptual model. If we look for Figure 2, COBIT also seems a very complex framework with several
dependencies between processes, and organizations have to deal with that complexity to implement
COBIT.

Ruben Pereira and Miguel Mira da Silva 344


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Figure 2. COBIT Conceptual Model (Original Research by the Authors)

Ruben Pereira and Miguel Mira da Silva 345


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Furthermore, COBIT is too general purpose (Morimoto, 2009) and needs deep expert knowledge for
the implementation.
Many other frameworks have been proposed. However, many of the frameworks are similar and have
much more in common that initially thought (Sahibudin et al., 2008). We also showed that frameworks
overlap each other (Pereira and Mira da Silva, 2010) which hugely increase the effort of organizations
(money, time, resources, etc.) because some IT areas (if not all) may use more than one framework to
get a complete, concise and coherent approach. So, organizations have several frameworks to chose
and dont know which are the most suitable to their purpose.
In the literature several authors state each case is a case about ITG implementation. This approach
led us to the theory of the contingency factors that we define as:
Factors that, depending on organizations context, may influence the ITG implementation but
that are not likely or intended, are a possibility that must be prepared for.
Due to the fact that there is a clear need for methodological support for the actual tasks and challenges
of IT Management (ITM) and ITG, it is surprising, that little attention is paid to these questions
(Goeken and Alter, 2008).
The main problem that this research contributes to solve is the following:
There are many frameworks for IT Governance. However, organizations still fail to
implement IT Governance due to their complexity and overlapping.

3 IT GOVERNANCE
In the academic literature a number of authors compiled mini reviews to support their own
conceptual or empirical papers (Brown, 1997) (Bown and Grant 2005) (Brown and Magill, 1994)
(Sambamurthy and Zmud 1999) (Sambamurthy and Zmud, 2000) (Tavakolian, 1989) (Brown and
Grant, 2005) (De Haes and Grembergen, 2008) (Losso and Goeken, 2010) (Simonsson and Ekstedt,
2006). Nevertheless, literature review represents the foundation for research in IS. As such, review
articles are critical to strengthening IS as a field of study (Webster and Watson, 2002). In
accomplishing the literature review we followed the guidelines provided by (Webster and Watson,
2002).
Today governance is a concept that can be used in many contexts; there are many different types of
governance: Corporate Governance, Enterprise Governance and IT Governance. These types of
governance are correlated and we should look to them as whole Governance with dependencies
between them and an order to follow.
Since ITG cannot exist in isolation but must be a sub-set of enterprise governance (Symons, 2005) and
is also commonly referred as a sub-set of corporate governance (Lunardi et al., 2009) (Webb, 2006)
we conclude that ITG is the most bottom level of the three types of governance and the most specific
and focused.
Since IT and IS are highly related, the lack of clarity about the concept of ITG is not surprising given
that IS is a relatively new discipline that has emerged in a variety of different background disciplines
including, but certainly not limited to, the social sciences and the computing sciences (Webb et al.,
2006) (Goeken and Alter, 2008). Many studies continue to focus on defining ITG (Peterson, 2004)
(Webb et al., 2006) and, as we can see by Table 1, many definitions have been proposed.
A consensus about ITG definition still does not exist. The purpose of this research is not to decide
which the most appropriate ITG definition is, or even propose a new one; however the concern is
stated and a historical review of the main ITG definitions in the literature presented.

Ruben Pereira and Miguel Mira da Silva 346


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Researcher Year Reference


Brown and ITG decisions the locus of responsibility for IT functions.
1994 (Brown and Magill, 1994).
Magill
ITG is the degree which the authority for making IT decisions is defined and shared among
management, and the processes managers in both IT and business organizations apply in
Luftman 1996
setting IT priorities and the allocation of the IT resources.
(Luftman, 1996)
Sambamurphy ITG refers to the patters of authority for key IT activities
1999 (Sambamurthy and Zmud, 1999)
and Zmud
ITG is the organizational capacity by the board, executive management and ITM to control
the formulation and implementation of IT strategy and in this way ensure the fusion of
Gembergen 2000
business and IT.
(Grembergen, 2000)
ITG describes a firms overall process for sharing decision rights about IT and monitoring
Weil and Vitale 2002 the performance of IT investments.
(Weil and Vitale, 2002)
ITG consists of IT-related structures or architectures (and associated authority patterns),
Schwartz and implemented to successfully accomplish (IT imperative) activities in response to an
2003
Hirschheim enterprises environment and strategic imperatives.
(Schwarz and Hirschheim, 2003)
ITG is the responsibility of the board of directors and executive management. It is a integral
part of enterprise governance and consist of the leadership and organizational structures
IT Governance
2004 and processes that ensure that organizations IT sustains and extends the organizations
Institute(ITGI)
strategies and objectives.
(ITGI, 2004)
ITG is specifying the decision rights and accountability standard to encourage desirable
Weil and Ross 2004 behavior in using IT.
(Weil and Ross, 2004)
ITG is the process by which decisions are made around IT investments. How decisions are
made, who makes the decisions, who is held accountable, and how the results of decisions
Craig et al. 2005
measured and monitored are all parts of ITG.
(Craig et al., 2005)
The strategic alignment of IT with business such that maximum business value is achieved
though the development and maintenance of effective IT control and accountability,
Webb et al. 2006
performance management, and risk management.
(Webb et al., 2006)
ITG is the preparation for, making of and implementation of IT-related decisions regarding
Simonsson and
2006 goals, processes, people and technology on a tactical or strategic level.
Ekstedt
(Simonsson and Ekstedt, 2006)
ITG is the process that ensures the effective and efficient use of IT in enabling an
Gerrard 2010 organization to achieve its goals.
(Gerrard, 2010)

Table1. ITG Definitions

The IT Governance Institute and Weil/Ross ITG definitions are the most adopted between researchers
in the area (Nfuka and Rusu, 2010) (Park et al., 2006). In this paper we will adopt the ITGI definition.

4 ITG CONTINGENCY FACTORS


Several authors state that in ITG implementation and/or ITG frameworks implementation each case is
a case. This fact leads us to the theory of the contingency factors that could influence organizations in
their ITG implementation.
ITG implementation is influenced by external and internal factors (Xue et al., 2006). Nevertheless,
literature fails to reveal a clear and concise identification of these factors. From a literature review
came a number of substantive conclusions relating the contingency factors to ITG implementation.
Contingency factors include: organizational culture and structure, strategy, size, regional differences,
industry, maturity, ethical and trust. A summary of the identified contingency factors as well as their
literature references is present in Table 2.
We now describe in detail each of the proposed Contingency Factors:

Ruben Pereira and Miguel Mira da Silva 347


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Culture Corporate culture plays an invaluable role in the enterprise development. Management of
culture is to make employees care about enterprise (Jiandong and Hongjun 2010) and its context refers
to managing IT workers and workplaces in such a way that the social processes, which reflect the
interactions among groups of people with differing worldviews, are taken into account (Weisinger and
Trauth 2003).
Surveys of CEOs during the past few years have identified organizational culture as one of the largest
inhibitors to change and related business performance improvements (Gerrard 2009), which means
corporate culture can influence the success of ITG implementation (Fink and Ploder, 2008).
Structure The structure of IT is one of the major recurring issues in literature (Adams et al., 2008)
(Gallagher and Worrel, 2008) (Goeken and Alter, 2008) (King, 1983) (Peak and Azadmanesh, 1997)
(Sambamurthy and Zmud, 1999). The majority of the existing literature approaches the topic of ITG
from existing or proposed structures point of view (Webb et al., 2006). IT has not only changed the
traditional ways people acquire information, but has also broken old patterns of production
management and profoundly changed firms organization structure in space and time. Organization
structure is the necessary condition to the achievement of business goals by organizations (Gao et al.,
2009). Organizational structure has being identified by the literature as a concern that should be taken
into consideration in ITG implementation.
Size Some studies have attempted to discover the effect of organization size on ITG (Brown and
Grant, 2010) (Cochran, 2010) (De Haes and Grembergen, 2008). Sambamurthy states that the size of
the firm influences the ITG mode through its effect on the mode of corporate governance
(Sambamurthy and Zmud 1999). There are also evidences that many small organizations lack
standardized project management practices (Cochran, 2010).
Industry IT has a wide range of applicability across almost all industries (Tanriverdi, 2006). Some
ITG studies only focus on a specific kind of industry (De Haes and Grembergen, 2008), others in more
than one (Simonsson et al., 2008) who conducted interviews in separate industries and collected
different results. ITG means different things in distinct industries, evident by the different regulations
that have been developed (Webb et al., 2006).
Regional Differences Some studies have been made about regional differences on ITG
implementations. For example, (Weisinger and Trauth, 2003) pointed out the importance of aspects
like language, local laws, and national information infrastructures. Another study performed by
(Aagesen et al., 2011) made a cross-country comparative study where they found different ITG
implementations, while (Fink and Ploder, 2008) performed some regional case studies in different
countries.
Maturity IT has matured so much that, in many ways, IT is a commodity. However, specialized
resources are still needed (Cochran, 2010). The use of ITG maturity measurements is one of the means
to evaluate the success of ITG (Dahlberg and Lahdelma, 2007). Some studies have been performed
and interesting conclusions collected: a study compared different organizations and determined that, in
general, the high performers have more mature ITG structures and processes (De Haes and
Grembergen, 2008); another study identified possible requirements for good ITG maturity assessments
(Simonsson and Johnson, 2008); and yet another study concluded that there is a correlation between
ITG performance and ITG maturity indicators (Simonsson et al., 2008).
Strategy How to accomplish strategic alignment between business and IT in the complex and
dynamic environment of the real world remains a great unanswered challenge for the CIO and CEO
(Ekstedt et al., 2004) (Silva et al., 2006) (Tallon et al., 1998), therefore ITG should be dealt with as a
business strategy (Park et al., 2006). Some research projects focus on how strategic alignment impacts
business performance (Simonsson, 2008) Strategy had even already been proposed as a possible
contingency factor of ITG by (Brown and Grant, 2005).
Ethical To promote ethical business practices, an organization needs a leader who is committed to
something more than profits. Ethical awareness in corporate governance has a strong effect to ensure
employee trust in the workplace (Memiyanty and Putera, 2010). In the interviews performed by

Ruben Pereira and Miguel Mira da Silva 348


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

(Maidin and Arshad, 2010) most of the respondents agreed that ethic of compliance is an important
aspect for ITG practices.
Trust Many scholars claim that the concept of trust and cooperation is crucial for solving or at least
minimizing governance failure (Memiyanty and Putera, 2010).

Contingency Literature
Factors
(Brown and Grant, 2005) (Fink and Ploder, 2008) (Gerard, 2009) (Hosseinbeig et al., 2011)
Organizational (Jiandong and Hongjun, 2010) (Maidin and Arshad, 2010) (Symons, 2005)
Culture
(Weisinger and Trauth, 2003)
(Adams et al., 2008) (Aagesen et al., 2011) (Cochran, 2010) (De Haes and Grembergen,
Organizational 2008) (Gallagher and Worrel, 2008) (Gao et al., 2009) (Guney and Cresswell, 2010)
Structure (Hosseinbeig et al., 2011) (Lunardi et al., 2009) (Park et al., 2006) (Shpilberg et al., 2007)
(Symons, 2005) (Web et al., 2006)
(Brown and Grant, 2005) (Cochran, 2010) (De Haes and Grembergen, 2008)
Size
(Jacobson, 2009) (Lunardi et al., 2009)
(Brown and Grant, 2005) (De Haes and Grembergen, 2008) (Gerard, 2009) (Jacobson, 2009)
Industry
(Jiandong and Hongjun, 2010) (Simonsson et al., 2008) (Tanriverdi, 2006)
Regional (Aagesen et al., 2011) (Fink and Ploder, 2008) (Gallagher and Worrel, 2008) (Shpilberg et
Differences al., 2007) (Weisinger and Trauth, 2003)
(Cochran, 2010) (Dahlberg and Lahdelma, 2007) (De Haes and Grembergen, 2008)
Maturity
(Park et al., 2006) (Simonsson and Johnson, 2008) (Simonsson et al., 2008)
(Brown and Grant, 2005) (Dahlberg and Lahdelma, 2007) (De Haes and Grembergen, 2008)
Strategy
(Jacobson, 2009) (Park et al., 2006) (Silva, and Chaix, 2008) (Symons, 2005)
Ethical (Maidin and Arshad, 2010) (Memiyanty and Putera, 2010)
Trust (Memiyanty and Putera, 2010)

Table2. Literature Reference(s) of Each Contingency factor

In our literature review few researchers approach the contingency factors topic; however, many
researchers stated that each ITG implementation is different. In this section we analyzed the main
literature and proposed a set of important contingency factors (supported by the literature) that
organizations should have into consideration in ITG implementation.

5 ITG GUIDELINES
Guidelines have been designed, used, and adopted in several domains e.g. (Bohl et al., 2002) (Goeken
and Alter, 2009) (Hevner et al., 2004) (Herzwurm and Pietsch, 2008) (Muller-Rathgeber et al., 2008)
(Simonsson et al., 2008) (Takata et al., 2004) (Ungar and Parameswaran, 2005). Guidelines should be
considered an instrument that ought not to be underestimated since they are necessary to obtain a
uniformity regarding functionality and optics, as well as a desired quality level (Bohl et al., 2002). In
this section, we will present our proposed guidelines for ITG implementation.
Smith and Mosier (Smith and Mosier, 1986) suggest that every guideline development effort should
begin and end by acknowledging other peoples significant contributions. Therefore, reviewing
available ITG literature is an essential part for developing appropriate guidelines. Also, guidelines can
be based on experience - either practical, or derived from research (Aagesen, 2011). In the available
literature, both approaches can be seen (Hevner et al., 2004).
We have studied the main literature in the area and proposed a set of guidelines (Table 4) that
organizations should follow in order to increase ITG implementation success rate. These guidelines

Ruben Pereira and Miguel Mira da Silva 349


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

provide a high level picture of ITGs main steps while, at the same time, describe What we need and
How to do it to follow these steps.
Guidelines 1 and 2 Companies seeking to deliver higher business performance by harnessing IT
have focused on alignment (Fink and Ploder, 2008)(Shpilberg et al., 2007). Many researchers have
studied the strategy alignment concern e.g. (Webb et al., 2006) and currently many companies also
recognize that IT and business priorities must be tightly linked (Shpilberg et al., 2007).
In fact, to create a sustained value for organizations, the development of the IT strategy must be
closely connected to the business one (Luftman, 2000). When there is alignment, IT delivers services
that are crucial to the companys strategies, operation, or user needs (Fink and Ploder, 2008). In recent
literature, strategy is included in several frameworks proposed by researchers, e.g. (Simonsson et al.,
2008)(Gerrard, 2010)(Lingyu et al., 2010) and strategy alignment is identified as an important issue
for ITG (Grembergen, 2000) (ITGI, 2004) (Weil and Ross, 2004) (Simonsson and Ekstedt, 2006)
(Webb et al., 2006). Therefore, IT strategy alignment is one of the most important steps on ITG
implementation (Fink and Ploder, 2008) (Gerrard, 2010) (Symons, 2005) (Xiao-wen et al., 2009).
Some authors even state that ensuring the alignment between business and IT is one of the primary
goals of ITG (Nabiollahi and Sahibuddin, 2008) (Symons, 2005) (Xiao-wen et al., 2009).
Guideline 3 ITG can be deployed using a mixture of various structures, processes and relational
mechanisms (Grembergen et al., 2003) (Peterson, 2003) (Peterson et al., 2002) (Weil and Ross, 2004).
A well-matured ITG framework should be based on three major elements: structures, processes and
communication (Nabiollahi and Sahibuddin, 2008) (Symons, 2005).
With ITG structures, process and relational mechanisms, organizations aim at securing that IT delivers
value to the business in a transparent manner, that accountabilities are organized to support the
maximal delivery of business value from IT, and that risks are mitigated according to business needs
(Dahlberg and Lahdelma, 2007). Relational mechanisms are crucial in an ITG framework and
paramount for attaining and sustaining business IT alignment, even when the appropriate structures
and processes are in place (Callahan and Jeyes, 2003) (Henderson et al., 1993) (Keill et al., 2002)
(Smaczny, 2001).
Guideline 4 ITG is composed of processes with inputs, outputs, roles and responsibilities inherent to
a process definition (Gerrard, 2010). Actually, the effective management of organizational IT
resources, enabling the provision to achieve its goals, is done through a set of IT processes (Webb et
al., 2006). With the alignment of IS strategy and business strategy, it is important that an organization
designs ITG processes to be closely in tuned with those of its corporate governance (Webb et al.,
2006).
Simonsson and Ekstedt identified the implementation and management of IT processes as a dimension
of ITG in which IT decisions are made and carried out (Simonsson and Ekstedt, 2006). Agarwal and
Sambamurthy also identify a set of IT processes that should be present and managed in every IT
function to convert foundation IT capabilities into business applications and services (Agarwal and
Sambamurthy, 2002).
Guideline 5 Even without consensus among academics and practitioners about how it should be
done, IT/business alignment should be measured in an organization along with what procedures ought
to be taken to maintain and improve it (Silva and Chaix, 2008). The decisions implications should
also be monitored and measured (Simonsson and Ekstedt, 2006) always being conscious that how the
results of decisions are measured and monitored is part of ITG (symons, 2005).
Not just IT/business alignment, but also IT processes maintenance has to be measured, evaluated and
controlled in order to implement ITG (Nabiollahi and Sahibuddin, 2008). Furthermore, monitoring and
measuring have been used by several researchers in their frameworks as an important step for ITG
implementation e.g. (Dahlberg and Lahdelma, 2007) (Lingyu et al., 2010) (Nabiollahi and Sahibuddin,
2008).

Ruben Pereira and Miguel Mira da Silva 350


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Guideline About what? What do we need? Literature

(Gao et al., 2009) (Dahlberg and Lahdelma,


2007) (Webb et al., 2006) (Gerrard, 2009)
Vision and IT/business strategies
1 Where do (Agarwal and Sambamurthy, 2002) (Simonsson
IT/business
we want to be? IT/business goals et al., 2008) (Shpilberg et al., 2007) (Maidin and
objectives
Arshad, 2010)(Ploder, 2008) (Symons, 2005)
(Jaafar and Jordan, 2009)
Core competences (Gao et al., 2009) (Dahlberg and Lahdelma,
IT/business
Assess IT department and 2007) (Webb et al., 2006) (Gerrard, 2009)
alignment,
2 Where are maturity (Agarwal and Sambamurthy, 2002) (Simonsson
ITG maturity,
we now? et al., 2008) (Shpilberg et al., 2007) (Maidin and
IT/business Assess enterprise Arshad, 2010) (Ploder, 2008) (Symons, 2005)
strategic plan
Assess business/IT alignment (Jaafar and Jordan, 2009)

Collect information about the


Structures, (Fasanghari et al., 2008)(Jiandong and Hongjun,
3 What do we culture, strategy, structure, etc.,
processes, and 2010) (Jacobson, 2009)(Dahlberg and Lahdelma,
need to get of the organization and
relational 2007) (Symons, 2005)(Jaafar and Jordan, 2009)
there? integrate them in the resulting
mechanisms (Hosseinbeig et al., 2011)
documents of previous steps
4 How do we (Dahlberg and Lahdelma, 2007)(Gerrard, 2009)
Materialize the plan defined in
get where we IT processes (Simonsson et al., 2008 )(Simonsson et al., 2008)
the previous step
want to be? (Maidin and Arshad, 2010)(Symons, 2005)
(Fasanghari et al., 2008) (Dahlberg and
Lahdelma, 2007)(Webb et al., 2006) (Gerrard,
5 How do we Metrics IT Balance Scorecard 2009) (Simonsson et al., 2008) (Dahlberg and
know we have
Measurements Enterprise Balance Scorecard Lahdelma, 2007)(Silva, and Chaix,
arrived there?
2008)(Symons, 2005) (Jaafar and Jordan, 2009)
(Maidin and Arshad,2010)

6 Are we Standards
following the Be aware of BPs frameworks
BPs (Dahlberg and Lahdelma, 2007) (Mellis, 1998)
markets best and standards
practices? Frameworks

7 How do we Audit regularly


Compliance (Dahlberg and Lahdelma, 2007) (Jacobson, 2009)
know we are Internal and external
Audit (Jaferian et al., 2008)
doing it right? compliance
Collect information to improve
Improvement (Agarwal and Sambamurthy, 2002) (Shpilberg et
8 How do we and innovate in order to prepare
al., 2007) (Maidin and Arshad, 2010) (Jacobson,
keep it on track? Innovation organization for current and
2009) (Guney and Cresswell, 2010)
future challenges

Table 3. ITG Guidelines

Grembergen even identified the control of the performance as a main element of ITG (Grembergen et
al., 2003). The elements for implementing effective ITG are performance drivers that provide
indicators on how ITG is achieving (Silva and Chaix, 2008).
Guideline 6 Many frameworks (ITIL, COBIT, amongst others) were developed and proposed. These
frameworks describe goals, processes, and organizational aspects of ITM and control. They are created
and are put to use in practice (Goeken and Alter, 2008). While there is no single, complete, off-the-
shelf ITG framework, there are a number of frameworks available that can be useful for developing a
governance model (Symons, 2005). Many researchers encourage the use of such frameworks
frameworks and standards to help in ITG implementation e.g. (Jaafar and Jordan, 2009) (Nabiollahi
and Sahibuddin, 2008) (Silva and Chaix, 2008) (Symons, 2005) (Webb et al., 2006).
Guideline 7 Business development and changes in the supervision environment, internal rules and
regulations tend to get more and more miscellaneous. Regulatory compliance mandates are becoming
increasingly pervasive and burdensome in many countries, and compliance function is coming under
ever increasing pressure by recent regulatory developments (PrinceWaterHouseCoopers, 2008). Some
research has begun to focus on the audit and control aspects of ITG e.g. (Jacobson, 2009).

Ruben Pereira and Miguel Mira da Silva 351


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Implementation of policies defines specific procedures and practices for compliance with each
affected area, along with the method of oversight, compliance enforcement, and an escalation/appeal
process to deal with requests for waivers or other exceptions that might be allowed (Gerrard, 2010).
Therefore, organizations should ensure that are compliant with all the previously statements including
regulations, processes, activities, etc.
Guideline 8 IT now plays a more prominent role in corporate agility, enabling speedy and continual
business innovation in products, services, channels, and supply and demand chain management
(Agarwal and Sambamurthy, 2002). Technology is constantly changing and complexity increases with
change. Nowadays, agility presents a challenge for many IS (Gallagher and Worrel, 2008). Firms are
investing heavily on enterprise digital platforms to support innovations in their ecosystems that is,
their business partnerships with customers, suppliers, and other specialist firms (Agarwal and
Sambamurthy, 2002).
A survey has concluded that many organizations spend 80% of their IT budget in maintenance,
upgrades and less than 20% on new applications and capabilities (Shpilberg et al., 2007). However, for
ITG implementation to be effective, organizations need to continually design governance (Weil and
Ross, 2004), transforming and positioning IT for meeting future business challenges (Silva and Chaix,
2008). Decisions about business innovations require significant levels of collaboration and partnership
between IT and business executives (Agarwal and Sambamurthy, 2002).
Many organizations, and besides the existing frameworks, still dont know which steps perform first
and got lost in ITG implementation. In this section we analyzed the main literature and proposed a set
of general guidelines (which are not different from ITG implementation to ITG implementation) that
organizations should have into consideration in ITG implementation.

6 EVALUATION
In order to validate our artefacts, besides the complete literature review and despite the little empirical
work concerning ITG in the literature, we also mapped the artefacts with current theories and also
used the results of a series of experts interviews.

6.1 Guidelines Vs Current Theories


We mapped our guidelines to some of the best known practices as well as with some guidelines
described in the main books of the area. We mapped our guideline with four theories in the literature
which can be seen in the next Tables (Table 4, Table 5, Table 6 and Table 7). The structure of the
tables is: our guidelines in rows and theories steps/guidelines/etc. in columns.

Business IT Plan, Objectives, IT Plan Performance Management, People Development,


Plan/ Portfolio Investment Execution & Controls, Risk, Compliance Continuous Process
Objectives and Approvals Delivery and Vendor Management Improvement & Learning
1 X X
2 X X
3 -------------- -------------- -------------- -------------- --------------
4 X
5 X
6 -------------- -------------- -------------- -------------- --------------
7 X
8 X

Table 4. ITG Imperatives and Work Areas

The first theory is described by Selig (Selig, 2008), the authors developed an ITG framework in which
they identify five critical ITG imperatives and work areas. In Table 4 we conclude that our guidelines
fulfill the areas of work contained in the theory described by (Selig, 2008). However, this theory lacks
some completeness leaving some of our guidelines without a match.

Ruben Pereira and Miguel Mira da Silva 352


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

The second theory is the Deming Cycle. In the 1950's Deming proposed that business processes should
be analyzed and measured to identify sources of variations that cause products to deviate from
customer requirements. He recommended that business processes be placed in a continuous feedback
loop so that managers can identify and change the parts of the process that need improvements.
Deming created a (rather oversimplified) diagram to illustrate this continuous process, commonly
known as the PDCA (Plan, Do, Check and Act) cycle.

Plan Do Check Act


1 X
2 X
3 X
4 X
5 X
6 X
7 X
8 X

Table 5. Deming Cycle

This PDCA cycle has been adopted by some frameworks that use the cycle to justify or clarify their
guidance, for example ITIL V3, or ISO 20000, or even the Balanced Scorecard.
Since this PDCA cycle seems to be important for some relevant frameworks in order to implement an
iterative process, and since we saw that IT is constantly changing and organizations feel the necessity
of a iterative process to control the changes, we decided to map our guidelines with deming cycle
phases in order to demonstrate that our guidelines could work as an iterative process. The result is
presented in Table 5 where the guidelines designed can fulfill the need of an iterative process and
mitigate the risks of the constantly IT changing.
The third theory was developed by (Grembergen and De Haes, 2008) in order to help organizations in
ITG implementation. De Haes and Grembergen are two respected authors with several articles and
books published in this area. In order to understand if our guidelines are aligned with this guide, we
mapped our guidelines with it (Table 6).
Set Up Support Communication
Involve Executive Management

Use Performance Measurement


Set Up a Clear IT Organization
Define Business Goals and IT

Define the Right ITG Process

and awareness Mechanisms


and the Board of Directors

Install IT Steering and IT

Manage and Align the IT


and Decision Structure

Strategy Committees

Investment Portfolio
Manage Roles and
Responsibilities
Goals

Tools

1 X X
2 X
3 X X X X X
4 X X
5 X
6 ----- ----- ----- ----- ----- ----- ----- ----- -----
7 ----- ----- ----- ----- ----- ----- ----- ----- -----
8 ----- ----- ----- ----- ----- ----- ----- ----- -----

Table 6. Grembergen and De Haes Guide

By Table 6, we conclude that our guidelines fulfill this theory, although some of our guidelines do not
have a correspondent activity. We can conclude that our guidelines are more complete that the guide
provided by (Grembergen and De Haes, 2008).

Ruben Pereira and Miguel Mira da Silva 353


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

The fourth theory is present by (Selig, 2008) which describes a pragmatic business and IT planning
process used successfully in industry that is called pressure point analysis. IT is primarily based on
analyzing internal and external pressures and trends, and addressing six basic questions.

Where are What could


Why change? What should we do? How do we get there? Did we get there?
we? we do?
1 X
2 X
3 X X
4 X
5 X
6 ------------ ------------ ------------ ------------ ------------ ------------
7 ------------ ------------ ------------ ------------ ------------ ------------
8 ------------ ------------ ------------ ------------ ------------ ------------

Table 7. Pressure Points analysis

After analyzing Table 7 we can observe that our guidelines cover the six steps of the pressure point
analysis theory which indicate our guidelines support the constantly improving of ITG process.

6.2 Interviews
We also performed nine interviews (90 minutes each) with ITG experts who have strategic alignment
and ITG knowledge in their organizations. Seven interviews were performed in Portugal and two in
Ireland by Skype. The interviewees were 3 consultant organizations (1, 2 and 7) and 6 non-consultant
(3, 4, 5, 6, 8 and 9) organizations.
Table 8 shows a summary of the results. We used colors to make Table 8 easier to read. In
contingency factors we used yellow and orange to highlight the first (yellow) and second (orange)
choice of the interviewees (we asked them to rank the contingency factors by relevance). We also used
the green and red in the yes/no questions in order to highlight the positive (green) and negative (red)
responses. Overall, our artefacts are seen as relevant, complete and useful by the interviewees. Also,
few improvements were proposed, thus reinforcing that our framework is complete.
The third interviewee was the only one to disagree with the proposed guidelines. He argued that
guidelines 4, 6, and 8 are not needed and a new one about investment decision making between
guideline 2 and 3 was missing. However, since we have strong literature support and only one
interviewee mentioned this argument, we decided to keep the guidelines without changes. The fifth
interviewee stated that such guidelines were not useful since COBIT already has guidelines with such
abstraction.

ITG Contingency Factors Guidelines


Remove step?
Interviewees

Regional D.

Complete?

Complete?
Structure

Missing?

General?
Maturity
Industry

Strategy

Useful?

Useful?
Culture

Ethic
Trust
Size

1 2 1 3 Yes No Yes Yes Yes Yes No


2 2 1 3 Yes No Yes Yes Yes Yes No
3 1 2 3 4 Yes No Yes Yes Yes No Yes
4 3 1 4 2 Yes No Yes Yes Yes Yes No
5 1 2 3 No Yes Yes No Yes Yes No
6 1 2 No Yes Yes Yes Yes Yes No
7 2 1 3 No Yes Yes Yes Yes Yes No
8 1 4 3 2 Yes No Yes Yes Yes Yes No
9 2 3 4 1 Yes No Yes Yes Yes Yes No

Table 8. Artefacts Evaluation by Experts

Ruben Pereira and Miguel Mira da Silva 354


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Fifth, sixth and seventh interviewees stated that some factors were missing. The fifth and sixth
referred the organizations financial power (which we believe that could be related with organization
size since bigger organizations certainly have more financial power and vice versa) while the seventh
mentioned the people (which we believe to be related with ethic and trust, since ethic and trust are
social values that should cross the entire human resources).
Culture, structure, industry and maturity are seen as the most relevant contingency factors for ITG
implementation. On the other side, Regional Differences wasnt chosen by any interviewee, which can
be justified by the fact that in general the interviewees are not familiarized with ITG implementations
beyond their country.
Several conclusions could be withdrawn from the interviews:
Culture, structure, industry and maturity are seen as the most relevant contingency factors for ITG
implementation.
Contingency factors were identified by all the interviewees as a relevant concern and useful as
information available at the beginning of ITG implementations.
Regional Differences was the only contingency factor not chosen by the interviewees. However it
could be related with the fact that the interviewees only had experience in one country reality.
Consultant organizations tend to give more importance to industry and maturity
Non consultant organizations tend to assign higher relevance to culture and structure
Most of the interviews see the guidelines as useful, compete and general

Experts gave an excellent feedback and validated all our artefacts. Few improvements or changes were
proposed. Most of them do not question the validity of the artefacts, but simply add something. This
makes sense, since we are analyzing information from two different sources (literature and
practitioners).

7 CONCLUSION
This research provided us some important learning in ITG field. Based on both scientific and
practitioner viewpoint with achieved the formalization of the contingency factors and ITG general
guidelines. Yet, the way consultant and non-consultant organizations look to Contingency Factors is
quite different. Moreover, it is interesting that existing Frameworks also dont make any reference to
the different viewpoint of consultant and non-consultant organizations since many non-consultant
organizations hire consultant organizations to implement some domains as ITG and such divergent
viewpoints of what they should be worried or focus first can be the reason of some problems.
From the literature few theories were founded to map with our guidelines in order to evaluate them.
This fact can indicate the lack of such general directives to provide an initial roadmap to the
organizations before ITG implementation.
We also perceived that most frameworks in the market intend to focus in a specific area instead in
overall ITG and ITM topic. Such fact calls for an extra effort of the organizations in understand which
frameworks or frameworks are advisable and needed and integrated them with organizations
structure, and known that frameworks dont provide any guidance in contingency factors and also
overlap each other it is expectable that organizations take much more time and waste resources in that
journey.
Our research also has some limitations as well. So far we leverage our artefacts based on literature
review and also validated them with experts interviews. However, more interviews are required in
order to achieve more concrete and coherent results. In a future the achievement of a more concrete
and coherent differentiation of the most important Contingency Factors for consultants and non-
consultants as well as for each type of organization must be explored.
We evaluated our proposed guidelines with other current and already published theories. From this
evaluation we concluded that our guidelines are more complete that all the other theories, so they
cover the current theories and also add some current concerns of researchers.

Ruben Pereira and Miguel Mira da Silva 355


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

We can conclude that the potential of our artefacts could be further if properly explored. We can now
affirm that we designed a set of artefacts that add important knowledge to the ITG literature and
helpful in ITG implementation.
Future work should pass by the identification of the main ITG and IT Management areas and together
with the contingency factors and ITG guidelines that we propose on this paper design an integrated
ITG and IT Management framework. We will also keep performing more expert interviews.

8 REFERENCES
Aagesen G., van Veenstra A.F., Janssen M. and Krogstie J. 2011. The Entanglement of Enterprise
Architecture and IT-Governance: The Cases of Norway and the Netherlands. In 44th Hawaii
International Conference on System Sciences, pp. 1-10, HICSS, Hawaii, USA.
Adams C.R., Larson E.C. and Xia W. 2008. IS/IT Governance Structure and Alignment: An Apparent
Paradox. MISRC.
Agarwal R. and Sambamurthy V. 2002. Principles and Models for Organizing the IT Function. MIS
Quarterly Executive, 1(1).
Benroider E. 2008. IT governance for enterprise resource planning supported by the DeLone-McLean
model of information systems success. Information & Management, 45(5): 257-269.
Bingi P., Sharma M. and Godla J. 1999. Critical issues affecting an ERP implementation.
Information Systems Management Decision, 16(3): 7-14.
Bohl O., Frankfurth A., Schelhase J. and Winand U. 2002. Guidelines A Critical Success Factor in
the Development of Web-based Trainings. In International Conference on Computers in
Educational, pp.545546 vol.1, ICCE, Auckland, New Zealand.
Broussard F.W. and Tero V. 2007. Configuration and Change Management for IT Compliance and
Risk Management: The Tripwire Approach. White Paper.
Brown C.V. 1997. Examining the Emergence of Hybrid IS governance Solutions: Evidence from a
Single Case Site. Information Systems Research, 8(1), 69-95.
Brown A.E. and Grant G.G. 2005. Framing the Frameworks: A Review of IT Governance Research.
CAIS, 15: 696-712.
Brown C.V. and Magill S.L. 1994. Alignment of the IS Functions with the Enterprise: Toward a
Model of Antecedents. MIS Quarterly, (18)4, 371-404.
Buckhout S., Frey E. and Nemec Jr. J. 1999. Making ERP succeed. Turning fear into promise. IEEE
Transactions of Engineering Management, 27(3), 116-123.
Callahan J. and Jeyes D. 2003. The evolution of IT Governance at NB Power. In Grembergen, W.V.
(Ed.) Strategies for Information Technology Governance, PA: Idea Group Publishing,
Hershey.
Cochran M. 2010. Proposal of an Operations Department Model to Provide IT Governance in
Organizations that Don't have IT C-Level Executives. In 43rd Hawaii International
Conference on System Sciences, pp.1-10, HICSS, Hawaii, USA.
Craig S., Cecere M., Young G.O. and Lambert N. 2005. IT Governance Framework: Structures,
Processes, And Communication. White Paper, Forester Research.
Dahlberg T. and Lahdelma P. 2007. IT Governance Maturity and IT Outsourcing Degree: An
Exploratory Study. In 40th Annual Hawaii International Conference on System Sciences,
pp. 236a, HICSS, Hawaii, USA.
De Haes S. and Grembergen W.V. 2008. Analysing the Relationship between IT Governance and
Business/IT Alignment Maturity. In 41st Annual Hawaii International Conference on
System Sciences, pp.428, HICSS, Hawaii, USA.
Ekstedt M., Johnson P., Lindstrom A., Gammelgard M., Johansson E., Plazaola, L. Silva E. and
Lilieskold J. 2004. Consistent Enterprise Software System Architecture for the CIO: A
Utility-Cost Based Approach. In 37th Annual Hawaii International Conference on System
Sciences, p. 1-10, HICSS, Hawaii, USA.
Fasanghari M., NasserEslami F. and Naghavi M. 2008. IT Governance Standard Selection Based on
Two Phase Clustering Method. In Fourth International Conference on Networked
Computing and Advanced Information Management, p.513-518, NCM, Gyeongju, Corea.

Ruben Pereira and Miguel Mira da Silva 356


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Fink K. and Ploder K. 2008. Decision Support Framework for the Implementation of IT-
Governance. In 41st Annual Hawaii International Conference on System Sciences, pp. 432.
HICSS, Hawaii, USA.
Frank U. 1999. Conceptual Modelling as the Core of the Information Systems Discipline:
Perspectives and Epistemological Challenges. In Fifth Americas Conference on
Information, pp.695698, AMCIS, Milwaukee, USA.
Gallagher K.P. and Worrel J.L. 2008. Organizing IT to Promote Agility. Inf. Technol. Manag., 9(1):
71-88.
Gao S., Chen J. and Fang D. 2009. The Influence of IT Capability on Dimensions of Organization
Structure. In Second International Conference on Future Information Technology and
Management Engineering, p. 269-273, FITME, Sanya, China.
Garrity J.T. 1963. Top Management and Computer Profits. Harvard Business Review, 41(4), 6-13.
Gerrard M. 2009. IT Governance, a Flawed Concept: Its Time for Business Change Governance.
Gartner ID:G00171658
Gerrard M. 2010. Defining IT Governance: The Gartner IT Governance Demand/Supply Model.
Gartner ID:G00140091
Goeken M. and Alter S. 2008. Representing IT Governance Frameworks as Metamodels. In
International Conference on E-Business, Enterprise Information Systems, E-Government,
and Outsourcing, pp.48-54. CSREAEEE, Nevada, USA.
Grembergen V.W. 2000. The balanced scorecard and IT governance. Information Systems Control
Journal, 2: 40-41.
Grembergen W.V. and De Haes S. 2008. Implementing Information Technology Governance:
Models, Practices, and Cases. IGI Publishing, Hershey, New York.
Grembergen W.V., De Haes S. and Guldentops E. 2003. Structures, Processes and Relational
Mechanisms for IT Governance. In Grembergen, W.V. (Ed.) Strategies for Information
Technology Governance, PA: Idea Group Publishing, Hershey.
Guney S. and Cresswell A.M. 2010. IT Governance as Organizing: Playing the Game. In 43rd
Hawaii International Conference on System Sciences, pp.1-10, HICSS, Hawaii, USA.
Henderson J.C., Venkatraman N. and Oldach S. 1993. Continuous Strategic Alignment: Exploiting
Information Technology Capabilities for Competitive Success. European Management
Journal, 11(2): 139-149.
Herzwurm G. and Pietsch W. 2008. Guidelines for the Analysis of IT Business Models and Strategic
Positioning of IT-Products. In Second International Workshop on Software Product
Management, pp.1-8, IWSPM, Barcelona, Spain.
Hevner A.R., March S.T., Park J. and Ram S. 2004. Design Science in Information Systems
Research. Management Information Systems Quarterly, 28(1): 75-105.
Hosseinbeig S., Karimzadgan-Moghadam D., Vahdat D. and Moghadam R.A. 2011. IT strategic
alignment maturity and IT governance. In 4th International Conference on Interaction
Sciences, pp.67-72. ICIS, Busan, Korea.
Huang C. and Hu Q. 2007. Achieving IT-Business Strategic Alignment via Enterprise-Wide
Implementation of Balanced Scorecards. Information Systems Management, 24(2): 173-
184.
Information Technology Governance Institute 2004. Board Briefing on IT Governance. IT
Governance Institute, United States of America.
Information Technology Governance Institute 2007. IT Governance Institute: COBIT 4,1,
www.isaca.org.
Jaafar N.I. and Jordan E. 2009. Information Technology Governance (ITG) Practices and
Accountability of Information Technology (IT) Projects A Case Study in a Malaysian
Government-Linked Company (GLC). In: Pacific Asia Conference on Information Systems,
paper 31, PACIS, Hyderabad, India.
Jacobson D.D. 2009. Revisiting IT Governance in the Light of Institutional Theory. In 42nd Hawaii
International Conference on System Sciences, p.1-9, HICSS, Hawaii, USA.
Jaferian P., Botta D., Raja F., Hawkey K. and Beznosov K. 2008. Guidelines for designing IT
security management tools. Computer Human Interaction for the Management of
Information Technology, 7-10.

Ruben Pereira and Miguel Mira da Silva 357


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Jeusfeld M.A., Jarke M., Nissen H.W. and Staudt M. 2006. ConceptBase: Managing Conceptual
Models about Information Systems. In Bernus, P., Mertins, K., Schmidt, G. (eds.)
Handbook on Architectures of information Systems. International Handbooks Information
System, pp.273294, Springer, Heidelberg.
Jiandong Z. and Hongjun X. 2010. The Research on Staff Well-being in IT Industry in China. In
International Conference on Optics Photonics and Energy Engineering, p. 48-51, ICOPEE,
Wuhan, China.
Keill M. et al 2002. Reconsiling user and propject manager perceptions of IT project risk: a delphi
study. Information Systems Journal, 12: 103-119.
King J.L. 1983. Centralized versus Decentralized Computing: Organizational Considerations and
Management Options. Computing Survey, 15: 320-349.
Lingyu H., Bingwu L., Ruiping Y. and Jianzhang W. 2010. An IT Governance Framework of ERP
System Implementation. In Computing Control and Industrial Engineering, pp.431-434,
CCIE, Wuhan, China.
Losso S. and Goeken M. 2010. Application of Best-Practice Reference Models of IT Governance. In
the 18th European Conference on Information Systems, ECIS, Pretoria, South Africa.
Luftman J. 1996. Competing in the Information Age: Strategic Alignment. Oxford University Press,
New York.
Luftman J. 2000. Assessing Business-IT Alignment Maturity. Communications of The Ais, 4,
Article 14.
Lunardi G.L., Becker J.L. and Macada A.C.G. 2009. The Financial Impact of IT Governance
Mechanisms' Adoption: An Empirical Analysis with Brazilian Firms. In 42nd Hawaii
International Conference on System Sciences, pp.1-10, HICSS, Hawaii, USA.
Maidin S.S. and Arshad N.H. 2010. IT governance practices model in IT project approval and
implementation in Malaysian public sector. In International Conference on Electronics and
Information Engineering, pp. V1-532 -V1-536. ICEIE, Kyoto, Japan.
Mellis W. 1998. Software quality management in turbulent times - are there alternatives to process
oriented software quality management?. SQJ, 7(3/4): 277-295.
Memiyanty A.R. and Putera M.S. 2010. Ethical Leadership and Employee Trust: Governance
Perspective. In International Conference on Information and Financial Engineering, pp.848-
851, ICIFE, Chongqing, China.
Moody D.L. and Shanks G.G. 2003. Improving the Quality of Data Models: Empirical Validation of a
Quality Management Framework. Inf. Syst., 28(6): 619650.
Morimoto S. 2009. Application of COBIT to Security Management in Information Systems
Development. In Fourth International Conference on Frontier of Computer Science and
Technology, p. 625 630, FCST, Shangai, China.
Muller-Rathgeber B., Eichhorn M., and Michel H.-U. 2008. A unified Car-IT Communication-
Architecture: Design guidelines and prototypical implementation. In International
Conference Vehicular Electronics and Safety, pp.70 714, ICVES, Columbus, USA.
Nabiollahi A. and Sahibuddin S. 2008. Considering Service Strategy in ITIL V3 as a Framework for
IT Governance. In Information Technology International Symposium, p.1-6, ITSim.
Nfuka E.N. and Rusu L. 2010. Critical Success Factors for Effective IT Governance in the Public
Sector Organizations in a Developing Country: The Case of Tanzania. In 18th European
Conference on Information Systems, paper 128, ECIS, Pretoria, South Africa.
Park H.Y., Jung S.H., Lee Y. and Jang K.C. 2006. The Effect of Improving IT Standard in IT
Governance. In International Conference on Computational Intelligence for Modelling,
Control and Automation, p.22, CIMCA, Australia.
Peak D.A. and Azadmanesh M.H. 1997. Centralization/Decentralization cycles in computing: Market
evidence. Information & Management, 31: 303-317.
Pereira R. and Mira da Silva M. 2010. A Maturity Model for Implementing ITIL v3. In 6th World
Congress on Services, pp. 399-406, SERVICES-1, Florida, USA.
Pereira R. and Mira da Silva M. 2011. A Maturity Model for Implementing ITIL V3 in Practice. In
15th IEEE International Enterprise Distributed Object Computing Conference Workshops, p.
259 268, EDOCW, Helsinki, Finland.

Ruben Pereira and Miguel Mira da Silva 358


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Peterson R.R. 2003. Integration Strategies and Tactics for Information Technology Governance. In
Grembergen, W.V. (Ed.) Strategies for Information Technology Governance, PA: Idea
Group Publishing, Hershey.
Peterson R.R. 2004. Integration Strategies and Tactics for Information Technology Governance. In
Strategies for Information Technology Governance, p. 37-80. Idea Group, London.
Peterson R.R., Parker M.M. and Ribbers P. 2002. Information Technology Governance Processes
under environmental dynamism: investigating competing theories of decision making and
knowledge sharing. In 23rd International Conference of Information Systems, pp. 562-575,
ICIS
Radovanovic D., Radojevic T., Lucic D. and Sarac M. 2010. IT audit in accordance with Cobit
standard. In 33rd International Convention MIPRO, p. 1137 1141, Opatija, Croatia.
Recker J.C. 2005. Conceptual Model Evaluation. Towards more Paradigmatic Rigor. In: Halpin, T.,
Siau, K., Krogstie, J. (eds.) In Workshop on Evaluating Modeling Methods for Systems
Analysis and Design held in Conjunction with the 17th Conference on Advanced
Information Systems, EMMSAD CAiSE, Porto, Portugal.
Ridley G., Young J. and Carroll P. 2004. COBIT and its utilization: a framework from the literature.
In 37th Annual Hawaii International Conference on Systems Sciences, p. 1-8, HICSS,
Hawaii, USA.
Sahibudin S., Sharifi M. and Ayat M. 2008. Combining ITIL, COBIT and ISO/IEC 27002 in Order to
Design a Comprehensive IT Framework in Organizations. In Second Asia International
Conference on Modeling & Simulation, p. 749 753, AICMS, Kuala Lumpur, Malaysia.
Sambamurthy V. and Zmud R.W. 1999. Arrangements for Information Technology Governance: A
Theory of Multiple Contingencies. MISQ, 23(2): 261-290.
Sambamurthy V. and Zmud R.W. 2000. Research commentary: the organizing logic for an
enterprise's IT activities in the digital era: a prognosis of practice and a call for research.
Information Systems Research, 11(2), 105-114.
Schwarz A. and Hirschheim R. 2003. An Extended Platform Logic Perspective of IT Governance:
Managing Perceptions and Activities of IT, Journal of Strategic Information Systems (12)2:
129-166.
Scott J.E. 1999. The FoxMeyer drugs bankruptcy: was it a failure of ERP?. In Fifth Americas
Conference on Information Systems, p. 223-225, ACIS, Milwaukee, USA.
Selig G.J. 2008. Implementing IT Governance: A Practical Guide to Global Best Practices in IT
Management. Van Haren Publishing, Zaltbommel.
Shpilberg D., Berez S., Puryear R. and Shah S. 2007. Avoiding the Alignment Trap in Information
Technology. MIT Sloan Management Review, 49(1): 51-58.
Silva E. and Chaix Y. 2008. Business and IT Governance Alignment Simulation Essay on a Business
Process and IT Service Model. In 41st Annual Hawaii International Conference on System
Sciences, pp.434, HICSS, Hawaii, USA.Simon, H.A. (1996). The Sciences of the Artificial.
3rd Edition. MIT Press, Massachusetts.
Silva E., Plazaola L. and Ekstedt M. 2006. Strategic Business and IT Alignment, A Prioritized
Theory Diagram. In Technology Management for the Global Future, p. 1 8, PICMET,
Istambul, Turkey
Simonsson M. and Ekstedt M. 2006. Getting the Priorities Right: Literature vs Practice on IT
Governance. In Portland International Conference on Management of Engineering &
Technology, pp.18-26, PICMET, Portland, USA.
Simonsson M. and Johnson P. 2008. The IT Organization Modeling and Assessment Tool:
Correlating IT Governance Maturity with the Effect of IT. In 41st Annual Hawaii
International Conference on System Sciences, pp.431, HICSS, Hawaii, USA.
Simonsson M., Johnson P. and Ekstedt M. 2008. IT Governance Decision Support Using the IT
Organization Modeling and Assessment Tool. In Portland International Conference on
Management of Engineering & Technology, pp.802-810, PICMET, Portland, USA.
Smaczny T. 2001. Is an alignment between business and Information Technology the appropriate
paradigm to manage IT in todays organizations?. Management Decisions, 39(10).
Smith S. L., and Mosier J. N. 1986. Guidelines for designing user interface software. Report ESD-
TR-86-278. Bedford, MA: The MITRE Corporation.

Ruben Pereira and Miguel Mira da Silva 359


A Literature Review: Guidelines and Contingency Factors for IT Governance
European, Mediterranean & Middle Eastern Conference on Information Systems 2012 (EMCIS2012)
June 7-8, Munich, Germany

Symons C. 2005. IT Governance Framework. Forrester


Takata Y., Nakamura T., and Seki H. 2004. Accessibility verification of WWW documents by an
automatic guideline verification tool. In 37th Annual Hawaii International Conference on
System Sciences, pp.10, HICSS, Hawaii, USA.
Tallon P. et al 1998. A Process-Oriented Assessment of the Alignment of Information Systems and
Business Strategy: Implications for IT Business Value. In Proceeding s of the Association
for Information Systems Americas Conference, Maryland, USA.
Tanriverdi H. 2006. Performance Effects of Information Technology Synergies in Multibusiness
Firm. MISQ, 30(1), 57-77.Tapia, R.S., Daneva, M. and Eck, P.V. (2007). Developing an
Inter-Enterprise Alignment Maturity Model: Research Challenges and Solutions. Technical
report, University of Twente
Tavakolian H. 1989. Linking the Information Technology Structure with Organizational Competitive
Strategy: A Survey. MIS Quarterly, 13: 309-317.
Taylor S., Iqbal M. and Nieves M. 2007. ITIL. TSO publications, Norwith.
Ungar L.Y., and Parameswaran R. 2005. Knowledge base to manage the grading and selection of
testability guidelines. In Autotestcon, pp.444450, AUTEST, Orlando, USA
Xiao-wen L., Xiao-chun L. and Ke-jin H. 2009. Design and implementation of IT governance
planning decision supporting system. In Chinese Control and Decision Conference,
pp.5629-5632, CCDC, Guilin, China.
Xue Y., Liang H. and Boulton W.R. 2006. Information Technology Governance in Information
Technology Investment Decision Processes: The Impact of Investment Characteristics,
External Environment, and Internal Context. MISQ, 32(1): 67-96.
Webb P., Pollard C. and Ridley G. 2006. Attempting to Define IT Governance: Wisdom or Folly?. In
39th Annual Hawaii International Conference on System Sciences, p.194a, HICSS, Hawaii,
USA.
Webster J. and Watson R.T. 2002. Analyzing the Past to Prepare for the Future: Writing a Literature
Review. MIS Quaterly, 26(2): xiii-xxiii.
Weil P. and Ross J.W. 2004. IT Governance: How Top Performers Manage IT Decision Rights for
Superior Result. Harvard Business School Press, Boston, Massachusetts.
Weill P. and Vitale M. 2002. What IT Infrastructure Capabilities are Needed to Implement E-
Business Models?. MIS Quarterly Executive, 1(1): 17-34.
Weisinger J.Y. and Trauth E.M. 2003. The Importance of Situating Culture in Cross-Cultural IT
Management. In IEEE Transactions on Engineering Management, pp. 26-30, TEM, Saint
Louis, MO, USA.
Wilbanks L. 2008. IT Management and Governance in Equal Parts. It Professional, 10(1): 60-61.

Ruben Pereira and Miguel Mira da Silva 360


A Literature Review: Guidelines and Contingency Factors for IT Governance