Professional Documents
Culture Documents
by
Copyright 2021
University of Phoenix
ABSTRACT
This study was an exploratory case study about the effect of IT Governance (ITG) on
hospital network operations. This study sought to understand stakeholders' perceptions on the use
of ITG and the relationship of ITG to critical health care infrastructures such as hospital IT
understanding how the IT governance body and IT governance practices implemented at the
hospital affect IT Network Operations' efficiency at a hospital in the Western United States of
America. In a qualitative exploratory simple case study, the researcher triangulated evidence
from interviews, document review, and observation to reach a holistic understanding of the
impact of ITG on hospital network operations and health care services. Five major themes
emerged from this study, namely: (a) The ITG value creation process leads to IT agility for the
Hospital's IT network operations; (b) ITG is used for strategic alignment between the hospital's
governance practices and IT Network operations; (c) IT governance is used to measure the
to manage IT assets; (d) ITG is used for risk management and risk mitigation for IT-related risks.
The key recommendations to IT practitioners are: (a) Training and retraining employees in IT
best practices such as COBIT 5 and ITIL V5 to raise awareness about the ITG value delivery
process; (b) Constant communications about ITG can help improve the perception of IT
governance and IT governance at the hospital; (c) Implement a balanced scorecard (BSC) as a
performance management tool for IT network operations; (d) ITG should dedicate more time and
resources to the stewardship and accountability of IT assets at the hospital; and (e) The Hospital's
strategic leadership team should ensure that cybersecurity efforts are well funded to respond to
iii
DEDICATION
I dedicate this study to my loving wife Stephanie, my friend, partner, and eternal
companion. You relentlessly but patiently encouraged me to continue to the end of my doctoral
journey, especially when I felt like giving up. You and our kids endured almost a decade of me
doing homework, even while on vacation. I remember several family trips and vacations where I
stayed at the hotel or at the campground in our motor home to work on and submit my
homework while you entertained the kids. To my mother, although you passed away when I was
12 years old, you instilled in me the value of education and hard work at a very young age. To
my father, you tough me that I would be successful through handwork and commitment to
education. You also sacrificed almost everything that you had to put me through school. To
Florence Isiko, you took care of me and raised me like your own son after my mother and uncle's
passing, and I will always be grateful for your love and support. To Bill Knowlton, Tom Hatch,
Michael Loosli, you helped me with the financial backing to attain my bachelor's degree in
Information Technology. I will never forget your financial support to help me earn my
undergraduate degree. To Herbert Shades, confidant in life and business partner, you have
always supported my academic endeavors. To Kagabo Robert, I am grateful for the educational
and dialogic guidance you gave me during my doctoral journey. Finally, to my Heavenly Father,
it is through his grace and mercy that a young man from a poor African family was able to
iv
ACKNOWLEDGMENTS
Isaac Newton is noted to have said that “If I have seen further, it is by standing on the
shoulders of Giants” (Fawcett et al., 2015). It is on the shoulders of academic giants and church
leaders in my life that I have been able to learn and grow. To Dr. John C. Sienrukos, my
dissertation chair, Dr. Jennifer Lapin, and Dr. Donald Munday, my committee members, for your
continual feedback and guidance through the final doctoral course. To my University of Phoenix
peers, you provided unwavering support and dedication throughout my doctoral Journey.
v
TABLE OF CONTENTS
Contents…………………………………………………………………………..……………Page
List of Tables……………………………………………………………………………..............ix
List of Figures………………………………………………………………………….................x
Definition of Terms........................................................................................................... 16
vi
Theoretical Framework Literature .................................................................................... 30
Conclusions ....................................................................................................................... 45
Instrumentation ................................................................................................................. 55
Pilot Study......................................................................................................................... 58
vii
Demographics ................................................................................................................... 80
Pilot Study......................................................................................................................... 82
Results ............................................................................................................................... 91
viii
LIST OF TABLES
Table 4.2: Second Level Codes, Categories And Emerging Themes ............................................ 84
Table 5.1: Research Questions And Corresponding Emergent Themes ...................................... 111
ix
LIST OF FIGURES
Figure 4.1: The codes, categories and emergent themes of the study. ........................................... 86
Figure 4.2: Showing a map of emergent categories and themes of the study ............................... 87
x
Chapter 1
Introduction
This study was an exploratory case study about the effect of IT Governance (ITG) on
hospital network operations. The research sought to understand the perception of stakeholders on
the use of ITG and the relationship of ITG to critical health care infrastructures such as hospital
could help improve health care services through well managed Health Information Systems
(HIS) (Yang et al., 2013). In this qualitative exploratory case study, the researcher used
hospital network operations and health care services by asking good research questions,
exercising good listening skills, good project and document management helped the researcher
succeed in the research. The researcher in this chapter covers: (a) the background of the problem,
(b) problem statement; (c) the purpose of the study; (d) population and sample; (e) significance
of the study; (f) nature of the study, (g) the research questions, (h) conceptual framework; (i)
definition of terms; and (j) assumptions, limitations and delimitations of the research.
technology and IT services in almost every organization in the 21st century (Ko & Fink, 2010).
Peterson (2004b), argued that information technology governance (ITG) had emerged as a
fundamental business imperative because the effective implementation of ITG leads to the
creation of business value and wealth. There is a relationship between IT governance and
corporate governance. Organizations should seek to strengthen those relationships for business
agility and competitiveness (Ko & Fink, 2010; Jairak & Praneetpolgrang, 2013). ITG is an
1
integral part of corporate governance; as such, ITG tends to benefit from the mature and well-
defined processes of corporate governance. ITG is likely to be well defined and implemented in
management and IT alignment to the corporate vision of the business (Subsermsri et al., 2015).
alignment between business and IT strategy (Reynolds & Yetton, 2015). The challenge however,
is that good corporate governance and IT governance is often found lacking in many
organizations (Jairak & Praneetpolgrang, 2013; Subsermsri et al., 2015). Sound corporate
governance is not only essential in the business world but critical in the health care industry
(Jamali et al., 2010). In addition to good corporate governance, CEO support for IT governance
tends to be related to the need for fascial responsibility regarding IT investments and the
health care industry, sound corporate governance is also often found lacking in the health care
continuously offer cost-effective services in a timely manner (Gerdewal & Seçim, 2014), the
rising cost of IT expenditure in organizations, failed IT projects, and the negative impacts that
organizations face as a result of failed IT projects have led to an increased amount of scrutiny of
IT department and a demand for IT accountability (Phillips, 2014; Asgarkhani et al., 2017). In
addition to increased demand for IT accountability, there is increased demand by the IT industry
and compliance requirements that have forced organizations to implement best practices and
2
frameworks such as Control Objectives for Information Technology (COBIT) framework
(Phillips, 2014, Bowen et al., 2007). Information Technology Infrastructure Library (ITIL),
Commission (IEC). Of all IT governance (ITG) frameworks, ITIL is the most adopted IT
governance framework (Nicho & Muamaar, 2016; Marquis, 2006). ITIL is a collection of best
practices for IT operations initially developed by the British government (Worthen &
be a long, complicated, and challenging task for many organizations and their IT departments
(Nicho & Muamaar, 2016). IT Governance is used to align IT services to strategic business
goals to improve IT services and perform continuous improvement of IT services to meet both
business and a business’s customer needs (Wautelet, 2019). The implementation of good ITG
and IT best practice frameworks call for good IT strategies. Monat (2006), posited that without
clear information technology strategies and flexible leadership styles aligned to serving
organizational needs, businesses might struggle to succeed in the 21st century. Teo, Abd Manaf,
and Choong (2013) contended that the demand for effective IT governance is on the rise as
businesses and governments continually increase their dependence on IT Network Services. Well
managed and well-governed IT functions can lead to very effective and efficient IT processes
IT success requires good corporate and IT governance practices, Clarke and Branson
(2012) argued that good corporate governance is an essential component of market integrity,
corporations sometimes lack the flexibility to craft governance that can quickly respond to
changes in technology, competition, and customer needs. Most organizations require a certain
3
degree of governance, including corporate governance and IT governance (Doherty et al., 2012).
Although IT governance plays a critical role in regulating how IT services are delivered to an
departments and businesses take to continuously provide improved IT Network Operations and
organizational practice concerned with maintaining a balance between economic and social
goals, individual and communal goals in a way that is designed to optimize organizational
resources through accountability and good stewardship of an organization's resources (T. Clarke
& Branson, 2012). Researchers such as (C. T. Clarke, Branson, 2016; Phillips, 2014) suggested
that almost all organizations in the 21st century are affected by poor IT governance, which
includes services such as IT Network Services and Network Operations. To solve the IT
governance challenges faced by many organizations, best practices such as ITIL, ISO 2000, and
COBIT have been established and adopted by the IT industry to help organizations to effectively
support and govern their IT operations and services (Gerdewal & Seçim, 2014). Although best
practices such as ITIL can be used to implement ITG in an organization, best practices such as
COBIT have been used as a proxy for IT management practices and a control mechanism for
effective best practice for IT governance (Phillips, 2014). However, despite the existing IT
governance best practices such as ITIL and COBIT many organizations implement IT
governance poorly and ended up with IT governance process that are not aligned with business
goals, strategy and mission (Nicho & Muamaar, 2016), furthermore, the implementation of IT
governance best practices in many organizations has not translated into IT alignment with the
4
organizations objectives in a way that IT is used to sustain the business (Improving Strategic
Alignment: A Case Study, 2015) . Poor implementations of IT governance could result into a
miss alignment between IT practices and corporate goals (Hiekkanen et al., 2015; Phillips,
2014). The miss alignment between business and IT goals and objectives could lead to poor
service delivery of IT network services and the continuous service improvement of IT services as
a whole (Ahmad et al., 2013a). Poor IT governance could also minimizes shareholder value and
diminishes the relationship between the principal (owners of the business) and agents (managers
Problem Statement
The main problem is that poor information technology governance (ITG) has often led
rely on IT for business operations (Ako-Nai & Singh, 2019). ITG governance is often found
2013). ITG is used to align IT services to strategic business goals in an effort to improve IT
services and perform continuous improvement of IT services to meet both business and a
business’s customer needs (Wautelet, 2019). Although ITG plays a critical role in regulating
could increase the time IT departments and businesses take to continuously provide improved IT
Network Operations and Network Services to their customers in environments such as hospitals.
To compound the problem of the lack of ITG in hospitals is the fact that health care
organizations are complex systems that heavily depend on good governance and multiple levels
of the governance process; corporate governance in hospitals may include Clinical governance,
5
medical governance, research governance (Delaney, 2015). Good cooperate governance in health
care works to reduce the level of discordance between the different entities within a health care
organization such as IT to improve service delivery, and patient care is critical to a hospital's
Effective ITG could mitigate the impact of network operations and service delivery of
health care services (Jairak & Praneetpolgrang, 2013; Subsermsri et al., 2015). Because
healthcare providers often deal with the lack of good corporate governance (Jairak &
Praneetpolgrang, 2013); poor corporate governance, in many cases, leads to poor ITG in hospital
environments that may lead to catastrophic health care system outages and may lead to poor
patient care. Corporate Leaders in the health care industry need to institute an effective ITG
process that will mitigate the risk of health system failures that could cause poor patient care.
The specific problem is that ITG governance is often found lacking in critical health care IT
infrastructure are at the heart of the effective service delivery of health care services. This
research will seek to answer the question, what is the relationship between IT governance and
A previously noted in the introduction of this chapter, this study used an exploratory
qualitative single case study to understand stakeholders' perceptions on the use of ITG and the
relationship of ITG to critical health care infrastructures such as hospital network operations. The
study also sought to explore how the IT governance body and IT governance practices
6
professionals such as IT managers, Network engineers, Hospital administrators, and other
hospital stakeholders about the significant contributions that IT governance could have on
hospital network operations. 2) The research findings also contribute to the understanding of IT
way to improve the alignment of network operations the strategic, goals, and missions of the
hospital.
Because many IT network services may take a long time to implement, leading to
frustrated customers, poor patient care, and lost business in settings such as a hospital, there is a
need to reexamine the role that corporate governance processes and IT governance processes
play in organizations such as hospitals in the Western United States of America. This study
examined the processes IT departments use to effectively govern IT Network Services' service
delivery and improve on existing IT Network Services at a hospital in the Western United States
of America. The findings of this research may provide important information to the hospital
board of directors, leaders such as the Chief Technical Officer (CTO), Chief Information Officer
(CIO), IT managers and hospital administrators with tools and practices on how to improve their
processes to reduce the time it takes to implement IT Network services to the business and its
customers but at the same time implement effective IT governance practices that are aligned with
The location of the research was at a hospital in the Western United States of America.
The research was feasible based on the researchers' proximity to the study site unit and the use of
online tools such as Microsoft Teams to conduct interviews, observations, and the hospitals' IT
governance website to conduct a document review. The three primary sources of evidence used
were interviews, observation, and document review of the existing IT governance process.
7
Population and Sample
The goal in both qualitative and quantitative studies is to select a sample that would most
appropriately help answer the research question (Meltzoff, J., & Cooper, 2018), In qualitative
considered adequate (Boddy, 2016). This study explored a purposive sample of 11 current IT
employees and hospital administrators responsible for IT governance and part of the change
advisory body (CAB). The employees interviewed include: The Chief Technical Officer (CTO),
IT directors, IT managers, Network Engineers, and IT service desk personnel. The study
examined how IT governance processes and practices impact IT network operations at a Hospital
in the Western United States of America. Because of the COVID 19 pandemic health
participating in 30-45 minutes semi-structured interviews using Microsoft Teams during the
month of January 2021. Document review and observation was used to collaborate findings from
interview data to validate the ITG processes used at the Hospital during the research period. The
main reason for conducting interviews and document review was to evaluate how the
implementation of ITG impacts the Network operations of a hospital in the Western United
States of America.
making it impossible to trace back to the respondents personally identifiable details. Participants
will have the right to receive a link to the dissertation which will include the study results; the
desertion may be published in academic libraries such as ProQuest and IT academic Journals
8
Significance of the Study
Although multiple studies have been conducted about the effects of corporate governance
and IT governance on an organization as the study by Nfuka and Rusu (2011) about the effect of
critical success factors on IT governance performance and a study by (Hiekkanen et al., 2015;
Salah, Rahim, & Carretero, 2010) about IT alignment and corporate governance in general,
current literature is silent about the effects of IT governance on hospital network operations.
The researcher used a case study of a hospital to understand hospital stakeholder perceptions
about the relationship of IT governance on network operations at the Hospital, this kind of
research had not been done before. The Goal of the study was to understand the relationship
between IT governance and the effects of IT governance on critical health care infrastructures
such as IT networks at a hospital in the Western United States of America. The findings from
this study may help hospital stakeholders implement and exercise IT governance best practices to
improve the service delivery of IT services by aligning the IT network operations department to
The findings in this study will also inform IT practitioners about the best way to
how IT governance can be improved on in a hospital setting may not only improve hospital
network operations but could also lead to improved health care service delivery. The research
will contribute to the academic community by informing future researchers about some of the
9
This research used a single exploratory case study at one Hospital in the Western United
States of America. Simple case studies tend to be subjective; more research using multiple case
hospitals in the Western United States of America and across the nation. Quantitively and mixed
methods studies may also be undertaken across hospitals in the Western United States of
America and across the United States to further measure the impact of IT governance on hospital
network operations on health care services at hospitals in the United States. Such studies would
allow the researcher to triangulate data from different sources and environments; triangulating
data from different sources of evidence, both qualitative and quantitative, may be wholistic
enough to serve as a ground to recommend and provide the most effective IT governance best
practices for Hospital Network Operations, and the role of network operations in improving
patient care.
The research design that was used is a simple exploratory case Study. Exploratory case
studies are used to explore a phenomenon in which the interventions being used has no clear set
of outcomes (Baxter Pamela & Jack, 1990). Research instruments and research design are at the
heart of the research study; as such, researchers should endeavor to design research instruments
as flawlessly as possible regardless of the research methods in use (Brewer et al., 2015). Case
studies are qualitative research designs used to explore a time, space-bound, and context-bound
phenomenon. Case study investigators explore real-life single our multiple bound systems over
time using in-depth data collection involving multiple sources of information (Alpi & Evans,
2019; Hyett et al., 2014b) also posited that a qualitative case study explores a real-life ,
contemporary bounded system. Case study evidence can be collected from interviews,
10
observation, document review, and physical artifacts (Alpi & Evans, 2019), case studies may use
multiple sources of data to gain a nuanced view from multiple perspectives (Farquhar et al.,
2020a). A case study, especially a single case study, is bounded because case studies focus on a
single entity (Jensen & Rodgers, 2001). Hyett et al., (2014a) suggested that a case study research
is an investigation and analysis for a single or multiple cases to capture the complexity of the
Further, a case study is a design of inquiry that can be applied to many fields, mainly in
which a researcher develops and in-depth analysis of a case such as a program, an event, activity,
or processes in an organization (Creswell & Creswell, 2018). Although case studies cannot be
used for generalization in social research, case studies are used to study human behavior because
they are down-to-earth and attention-holding (Stake, 1978). Case studies are also bounded
systems; as suggested by (Alpi and Evans 2019; Hyett et al., 2014a), the meaning of a bounded
system in a case study is derived from the characteristic of cases study designs, case studies are
institution (Stake, 1978) , time-bound, for example, a year or 6 months as the period of study.
Case boundaries are kept in focus to determine what is in scope and what is out of the scope of
department as a case (Yin, 2016), describe how the IT department works, point out some themes
that emerge from talking to IT employees throughout the data collection period. Using a case
study approach, a researcher can see how the IT department works and the impact an IT
11
Questionnaires and interviews are commonly used question-answering research
instruments in qualitative research (Rowley, 2014). Online surveys are an excellent example of
quantitative instruments (Leman, 2010). Shin (2016) used quantitative instruments such as
surveys and qualitative instruments such as interviewing on focus groups and experts to
understand how cross-platform services provide unified experiences across multiple devices that
users can use to watch content using platforms such as televisions, computers, and handheld
devices. In quantitative studies, researchers use web best tools to develop a questionnaire and
post the questionnaires online or distribute the questionnaires using email. In qualitative studies,
Face to face interviews are used, interviews may be recorded, transcribed, and coded to
determine merging themes from the interviewees. A qualitative case study was used because
qualitative case studies seek to answer the “why” and “how” questions of a research
For anonymity purposed, the case considered for inquiry is only referred to here as a
hospital. Therefore, a hospital in the Western United States of America was considered for this
case study. Researchers may use a combination of three forms of data collection, such as
document review, interviews, and direct observations of participants (Cunningham et al., 2017).
The researcher used Microsoft Teams to conduct semi-structured interviews for the CIO, IT
directors, IT managers, Network engineers, and service management experts at the hospital.
After interviews were conducted, interviews were be first transcribed before the data
from audio to transcripts is usually the next logical sequence after interviews are
12
largely shaped by the institutional culture, academic environment, and background of the
researcher (Nascimento & Steinbruch, 2019). Due to the complexity of the data transcription
process, many researcher tend to dislike the process; researchers can use data transcription
technologies such as voice recognition software (VRS) as a strategy to ease and increase the
speed of the data transcription process for audio recordings (Matheson, 2007). The researcher
generated transcripts from data recordings that were later used for further analysis by coding,
The next phase of qualitative research after collecting data is analysis and interpretation
of qualitative data; data analysis is a dialectic process of making sense of qualitative data; it is
the process generating new insights from raw data into intelligible accounts (Cunningham et al.,
a process of continually hunting for themes and concepts that emerge from the collected data,
researchers do not impose themes and concepts that should emerge out to the data prior to the
analysis of the data (Srivastava & Hopwood, 2009). Using and induction approach of data
analysis allows patterns and themes to emerge from the data based on what the researcher wants
to know from the data based on the theoretical framework of the researcher, the researcher's
Hopwood, 2009).
The key to qualitative research analysis is mastering the art of reflexivity and data
iteration as the researchers reviews, analyze, and revisits with analyzed data over and over to
13
discover new and emerging themes from the data and how those themes inform the researchers
An expert data analysis process and steps for case study design suggested by Srivastava and
Hopwood (2009), recommended that data analysis should focus on three main questions the
questions are 1) what are the data telling me?, 2). What is it that I want to know from the data?
3). What are the dialectical relationships between what the data is telling me what I want to
During data analysis, the initial skill that qualitative researchers may need to master is the
researchers that wish to become proficient at doing qualitative analysis must learn to code well
and efficiently. However, it is not possible for researchers to claim final coding authority because
there is no standard approach to coding neither is coding the only way for analyzing qualitative
A code in qualitative research is a word or short phrase that symbolizes salient, essence-
capturing, and or evocative attributes for a proposition of language-based on visual data. Coded
data could consist of interview transcripts, observation notes, journal analysis, documents,
drawings and artifacts, email correspondences and much more, coding is not a precise science,
rather it is an interpretive act (Saldaña, 2016). Coding is not a linear process but an iterative and
reflective process (Srivastava & Hopwood, 2009). Once coding has been done, it becomes easier
for researchers to tabulate test or recombine qualitative evidence to address the initial proposition
of a study.
14
Research Questions
Many case studies begin with a pilot exploratory research question, the purpose of the
pilot exploratory question is to identify the research questions or procedures to be used in the
subsequent research study (Yin, 2016; Robert, 2014). The researcher did not need to conduct an
exploratory case study to determine if the researcher had the correct research question and topic
for the research because it was clear to the researcher that the research question was feasible
Interviews, document review and observations conducted by the researcher were guided by the
SQ 2: How is IT governance of network operations used for strategic alignment to the Hospital's
management?
SQ 5: How is IT governance of network operations at the Hospital used for risk management?
Theoretical Framework
Joslin & Müller (2016), corporate governance is the system used to control and direct companies
(Yusof, 2016). IT governance works under the umbrella of corporate governance. Corporate
15
governance is situated in agency theory, stewardship theory, transaction cost economics,
stakeholder theory, shareholder theory, and resource dependency theory. Christopher (2010) also
noted that corporate governance principles are informed by theories such as agency theory; as
such, one of the foundations of corporate governance is agency theory. The epistemological
background of agency theory is rooted in economics and has for decades been used by scholars
across several disciplines such as organizational behavior, law, marketing, health care, and
accounting (Bendickson et al., 2016). Agency theory has its roots in the work of a German
sociologist Max Weber; agency theory is based on the concept of risk-sharing between two
parties; the two parties are the principal and agent (Bendickson et al., 2016), the principal is the
business owners or shareholders and the agents are the managers of the business, in agency
theory, one party acts on behalf of another (Shapiro, 2005), in this case, the managers of a
business are agents delegated to act on behalf the principal the stake holders of the business. The
main focus of agency theory is control (Asgarkhani et al., 2017), in the context of IT governance,
the principles of agency theory are used to control, direct and govern IT operations. IT
governance therefore is built on the foundation of agency theory, agency theory is one of the
Definition of Terms
The section below defines technical terms used in this dissertation that readers might not
be familiar with. The definition of terms is used to increase understanding of the study.
use management to guide an institution in fulfilling its cooperate mission and protect an
16
IT governance: IT governance is a framework used to encourage desirable IT
implementation, accountability, and behavior in an organization (A. E. Brown & Grant, 2005).
Furthermore, ITG governance is concerned with the IT delivery of value to the business and the
Corporate Governance: Is how a firm is run to meet the interests of the firm’s stake
holders (Tagesson & Collin, 2016), corporate governance is used to direct and monitor the
Agency theory: Is a theory rooted in economics where one party say an agent
The researcher assumed that the research participants were be willing to share
information about IT governance during the data collection phase of the research. The researcher
also assumed that the Hospital would provide document review and access to their environment
to allow the research review and observe the IT governance process. This study is a qualitative
simple case study; qualitative findings and interpretations tend to be subjective because
researchers may make assertions about a phenomenon based on their assumptions about the
nature of text data, the researcher’s influence on text interpretation, and the validity checks used
to justify text interpretations (Lacity & Janson, 1994). Quantitative research explains research
17
findings based on facts primarily through objective measurements (Firestone, 1987). Researchers
using qualitative research use multiple techniques, and the inquiry process is flexible as the
researcher sees fit for a given scenario (Cypress, 2017), the kind of flexibility that qualitative
research calls into question the research validity of the research findings since the researcher is
sometimes the instrument of the research (Cypress, 2017). Good qualitative research must
therefore demonstrate research rigor, reliability, and validity (Barusch et al., 2011a; Thomas &
Magilvy, 2011). Quantitative research rigor is equivalent to reliability and validity in quantitative
research (Thomas & Magilvy, 2011), qualitative research rigor can be demonstrated through the
research findings (Thomas & Magilvy, 2011). Therefore, as a limitation, it is hard to demonstrate
research rigor and generalize conclusions based on a single exploratory case study conducted at
one Hospital in the Western United States of America, as previously noted in this study, simple
case studies tend to be subjective. Future research using multiple case studies should be
conducted to examine the differences in IT governance between several hospitals in the Western
Chapter Summary
This chapter introduced an exploratory case study about the impact of IT Governance
(ITG) on hospital network operations. In this study, the researchers sought to seek to understand
the role of IT governance and the effects of IT management on critical health care infrastructures
improve health care services through well managed Health Information Systems (HIS) (Yang et
al., 2013). In this qualitative explanatory simple case study, the researcher used interviews,
18
document review, and observation to understand the impact of IT governance on hospital
missions, goals and overall strategy (Improving Strategic Alignment: A Case Study, 2015). In
this chapter, the researcher has introduced the concept of IT governance as a framework used to
Brown & Grant, 2005). IT governance is a subset of corporate governance, corporate governance
is the process by which organizational leaders such as board of directors use management to
guide an institution in fulfilling its cooperate mission and protect and organizations assets
missions and strategy to be successful (Improving Strategic Alignment: A Case Study, 2015).
19
Chapter 2
Literature Review
This literature view covers IT governance and the effects of IT governance on hospital
network operations. The value of technology is not just in its possession; organizations need to
effectively govern IT resources for business success (Lanka, 2015). Information technology has
become an indispensable aspect of running business in the 21st century; organizations need to
have reliable IT departments that can cater to business needs and that are aligned to the business
governance (Bianchi & Sousa, 2016; Lanka, 2015). Due to the ever-increasing dependence on
information technology by almost all organizations, the heightened risk of IT failure and miss
contributed to the ITG framework such as the Information Systems Audit and Control
Association (ISACA) and Information Technology Governance Institute (ITGI), some of the
well-known ITG best practices are COBIT (Control Objectives for Information and Related
solution lies between fine-tuning organizational structures, process and relational mechanisms of
an organization (Jairak & Praneetpolgrang, 2013). In health care, Health Information Systems
(HIS) have the potential to enhance productivity, lower costs, reduce medical errors and reduce
human resources strain in the health care industry (Yang et al., 2013; Rice, 2015), suggested that
HIS systems are increasingly becoming pivotal to the delivery of patient care because HIS
systems health care providers conveniently collect, organize and analyze patient information.
20
The following sections will highlight the historical literature, current literature and researchers
The list below is a list of some of the keyword’s searchers used by the researcher to
search the literature during the research literature review. The researcher used the University of
Phoenix online library to search for the content, other online libraries such as Academia.edu and
case study"
11. "constant comparative data analysis" AND "Case Study" AND "IT Governance”
21
14. "IT governance" and "performance management”
17. Governance
18. IT governance
22
37. Effective IT governance
40. Triangulation
Historical Content
The aim of the historical context of section paper is to provide a historical context of
Information Technology Governance (ITG) and the benefits of ITG in environments that heavily
depend on Information Technology (IT) such as hospital computer networks in the healthcare
industry, the health care industry uses ITG to standardize and optimizes processes to enjoy a
competitive advantage that comes from effective and well-controlled IT practices. Although
ITG is a broad field generally categorized into IT decision domains such as: (a) IT Infrastructure,
(b) IT architecture, (c) Business Application Needs, (d) IT Investment, and (e)Prioritization
Decisions and IT principles (Weill & Woodham, 2005; Köbler et al., 2010). The focus of this
IT governance is a specific field of corporate governance which rose from the backdrop
of the increased importance of IT in enterprises and businesses today (Köbler et al., 2010). By
the beginning of the 21st century, many organizations heavily relied on information technology
threats that arose from poor or weak controls. As a result, IT governance rose from the need to
minimize information security risks and poor IT controls (Abu-Khadra et al., 2012). The attack
on the world trade center on September 11, 2001, raised both government and private sector
23
et al., 2003). Turel and Bart (2014), also noted that the collapse of large corporations such as
Enron and WorldCom that primarily resulted from the lack of good ITG controls to protect large
corporations such as Enron from cooperate fraud led to a new reality that Information security
governance quickly became a top management issue (Lainhart IV, 2000). Organizational leaders
increased their involvement in IT matters, and various studies suggested that that board member
oversight had the potential to influence organizational performance (Turel & Bart, 2014;
Lainhart IV, 2000). Heightened information security risks and legal requirements to secure
enterprise information systems such as mandated by the Sarbanes-Oxley act in 2002 gave rise to
IT governance frameworks such as the Control Objectives for Information and Related
Technology (COBIT) maturity model and the Information Technology Infrastructure Library
The other reason that led to the rise of ITG is that IT is highly integrated and co-evolves
with business, many top executives could no longer ignore or simply delegate what IT does,
resources as a means to increase organizational performances led many business leaders to pay
more attention to IT activities as a way to gain and maintain a competitive advantage (Turel &
Bart, 2014). ITG describes the decision making roles and responsibilities among the different
stakeholders in an organization; ITG also defines the rights of decision-makers, processes, and
monitoring of decision making (Peterson, 2004b; Weill, 2004). ITG enables organizations to
24
In the past two decades, the government in the United States of America faced a
challenge of moving hospitals and physicians into the digital error; hospital leaders and
physicians needed to start viewing Health Information systems as a mainstream technology and
as part and parcel of the medical practice before the digital transition could occur (Blumenthal,
2010). The digital divide in the health care industry was due primarily to the fact that the health
care industry was underfunded, which led to challenges such as poor patient information privacy
(Cotter, 2007). Because the health care industry was underfunded (Cotter, 2007) and behind the
curve when it came to the adoption of information technology for business operations (Zhang et
al., 2013), the federal government in the United States of America led efforts for the adoption of
HIS systems to effectively manage electronic patient records, the adoption of electronic records
management systems led to benefits such as quality, efficiency, and provider satisfaction in the
The need to digitize the healthcare industry led to another set of challenges, the rise in
complexity and sophistication of the IT capability in hospitals, increased IT complexity led to the
increased importance of IT governance in the health care industry (Bradley et al., 2012). The rise
(Köbler et al., 2010; Hoerbst, Hackl, Blomer, & Ammenwerth, 2011) observed that in order for
health care providers to remain competitive and cost-effective, they needed to innovate, invest in
technology and govern IT effectively using best practices such as the Information Technology
Infrastructure Library (ITIL). ITIL is a collection of best practices for IT operations first
developed by the British government 20 years ago (Worthen & Framingham, 2007), ITIL offers
guidelines that are most suitable for enterprise IT operations and ITG (Marques, Oliveira, Dias,
25
The other dimension that led to the birth of ITG was the need for CIO to show their
relevance to the CEO, Ellen Pearlman (2004) argued that IT leaders such as the CIOs needed to
prove their relevance to the Chief Executive Officers (CEOs) of the organization through
valuable business contribution such as securing and effectively managing IT department and IT
assets, effective governance of IT assets led to a partnership with the business and enabling
goals(Lainhart IV, 2000). However, according to Buchwald, Urbach, & Ahlemann (2014), the
challenge that many organizations faced is that the leadership skills needed to offer IT
governance in many organizations that rely on technology were found lacking. The lack of good
IT leadership was compounded with the rising demand for IT leaders to secure organizational
that critical decisions are consistent with an organizations vision, values, and strategy; IT
governance is crucial for ensuring that IT-related decisions match companywide objectives
(Jeanne & Peter, 2004) also known as IT alignment with business goals mission and object. Most
firms that registered economic success in the past two decades succeed because of their ability to
leverage IT investments (Weill & Ross, 2005; Weill & Woodham, 2005). Just like IT
governance is crucial for the success of many businesses, IT governance is crucial for the success
The historical context of this paper has illustrated the historical background of ITG; it
was noted that the lack of ITG in organizations could have led to scandals, financial scandals
such as the case of Enron heightened information security risks and the need for CIOs to prove
their worth to the business led to heightened scrutiny of cooperate governance and IT governance
26
as a sub-set of cooperate governance. Just like ITG was crucial for the success of many
corporations in the past twenty years, ITG is essential in the health care industry when it comes
to effectively managing hospitals. We will now look at the current context of IT governance in
Current Content
(ITG) and the benefits of ITG in environments that heavily depend on Information Technology
(IT) such as hospital computer networks in the healthcare industry. The health care industry uses
ITG to standardize and optimizes processes in order to enjoy a competitive advantage that comes
from effective and well-controlled IT practices. Due to the pervasive dependence on IT in almost
all sectors, organizations and society as a whole has raised concerns about ITG (Sergio, B;
organizations to meet organizational challenges and create business value, many organizations
Shanudin, 2015). The other challenge that decision-makers face is justifying the cost of IT to
business because, in many cases, it is not evident that IT investments improve an organization's
performance (Ilmudeen & Bao, 2018). The two combined challenges about how to effectively
create value and how to optimize IT investments highlights why effective ITG is essential for the
success of organizations.
As previously noted in the historical context section about the origins of ITG, ITG
resulted from the corporate failures of large corporations in the 1990s that highlighted that
corporate failures reached beyond poor and week corporate governance but that there was week
IT controls and practices that needed to be reformed as part of the efforts to reform and regulate
27
cooperate governance (Ako-Nai & Singh, 2019). The collapse of large corporations such as
Enron and WorldCom that mainly resulted from the lack of good ITG controls to protect large
corporations such as Enron from cooperate fraud led to a new reality that Information security
risks could no longer be ignored by the cooperate and government leaders (Turel & Bart, 2014).
Organizational leaders increased their involvement in IT matters, and various studies suggested
that that board member oversight had the potential to influence organizational performance
(Turel & Bart, 2014). In recent years, the rise of strategic management of IT resources as a
means to increase organizational performances has led many business leaders to pay closer
attention to IT activities as a way to gain and maintain a competitive advantage (Turel & Bart,
2014). The lack of good IT leadership was compounded with the rising demand for IT leaders to
secure organizational assets (Silic & Back, 2014). ITG plays a critical role in securing an
organizations data, especially in sectors such as health care (Mbonihankuye et al., 2019).
In the past five years, IT governance has made it possible for organizations to generate
value and maintain a competitive advantage (Altemimi & Mohamad Shanudin, 2015; Selig,
2016), also noted that in recent years, organizations have increasingly become dependent on IT
because IT is an integral part of a business and business operations, as such organizations must
pay special attention to how IT is governed in their organization by the use of comprehensive IT
governance frameworks. In some instances, CIO innovation can be attributed to good ITG and
good IT strategies (Liebe et al., 2017). CIO innovation following ITG best practices enhances an
Businesses that operate in a knowledge economy operate in highly volatile and uncertain
28
to achieve business objectives, the real increase in business value demands that business and
technology managers work in tandem (Lombardi et al., 2016). The relationship between IT-
based synergy’s and corporate based synergies reduce the tension between IT and business and
lead to an alignment that contributes to business success (Kude et al., 2018). The success of IT
Information Management (PIM) (Liebe et al., 2018), PIM is a subset of ITG. Another key driver
of IT governance has been the consumerization of IT, the consumerization of IT is mostly driven
by the ever-changing demands of customers, and organizational leaders now require more
control of IT practices (Wayne Gregory et al., 2018). Poor governance and control of IT
operations have often led to the failure of IT projects and implementation and effective IT
operations in organizations that heavily rely on IT for day-to-day businesses operations (Ako-Nai
Just like any industry, the health care industry has significantly benefited from
information technology and the benefits of IT and good ITG practices. In the health care
industry, HIT and communications systems are indispensable together with the administrative
support structures that support health information systems (Thye et al., 2017). In a qualitative
case study by Islam (2015), it was discovered that the use of Information technology such as the
internet and electronic devices to manage patient records contribute significantly to enhancing
health service transparency, and a reduction in corruption in the health care industry, which lead
to improved health care. Good ITG generally drives HIT innovation, well-structured
Innovation, as observed in other sectors. Hospital executives that adopt IT governance are likely
to choose IT projects that will contribute to organizational sustainability and projects that will
29
positively add value to an organizations stake holders such as employees and customers (Ako-
Nai & Singh, 2019), good information management systems enable good decision making in
hospitals and allow hospitals to remain agile and competitive (Gordon, 2010).
Although ITG is essential for the success of many organizations, in a study conducted in
14 German hospitals, it was discovered that CEOs that are less IT savvy were less inclined to
trust their CIOs and were less willing to invest in newer technology and innovations compared to
CEOs that were IT savvy (Thye et al., 2018). The goal for decision-makers in organizations is to
increase IT awareness; as business leaders such as CEOs become more aware of the benefits of
In this section, the researcher reviewed and presented how the current literature of ITG
contributes to the success of all sectors with a specific focus on the health sector. It was noted
that the lack of ITG in organizations could have led to scandals such the financial scandals in the
1990s that led to heightened information security risks and the need for CIOs to prove their
worth to the business that resulted from increased scrutiny of cooperate governance and IT
governance. In the last five years, ITG has increasingly become relevant for companies in
maintaining a competitive advantage. Just like ITG was crucial for the success of many
corporations in the past twenty years, ITG is vital in the health care industry when it comes to
corporate governance, as posited by Joslin & Müller (2016), corporate governance is the system
used to control and direct companies (Yusof, 2016). According to C. T. Clarke and Branson
(2016), corporate governance is concerned with maintaining a balance between economic and
30
social goals, between individual and communal goals in a way that sought to optimize
resources.
economics, stakeholder theory, shareholder theory and resource dependency theory. Christopher
(2010) also noted that corporate governance principles are informed by theories such as agency
theory, as such one of the foundations of corporate governance is agency theory as noted by
(Christopher, 2010; Donaldson & Davis, 1991). The epistemological background of agency
theory is rooted in economics and has for decades been used by scholars across several
disciplines such as organizational behavior, law, marketing, health care and accounting
(Bendickson et al., 2016) Agency theory has its roots in the work of a German sociologist Max
Weber, agency theory is based on the concept of risk-sharing between two parties, the two
parties are the principal and agent (Bendickson et al., 2016), the principal are the business
owners or shareholders and the agents are the managers of the business, in agency theory, one
party acts on behalf of another (Shapiro, 2005), in this case the managers of a business are agents
Although agency theory is not sufficient to explain corporate governance (Yusof, 2016),
this research used agency theory as the underpinning theory for cooperate governance.
Furthermore, agency theory is used as the guiding principle between business owners such as
shareholders and their agents, the managers (Christopher, 2010; Joslin & Müller, 2016). The
agents represent the principals in their business transactions, the more aligned the agents to the
principal's interests, the lesser the communication gap and discord between principals and agents
31
manager the agent through the use of policies and the use of measuring and monitoring measures
issued by the board of directors used as a form of corporate governance to measure whether IT
managers are delivering the promised value for the business (Posthumus & Von Solms, 2008).
Using agency theory, many hospitals in the United States are governed by governing boards that
continuously seek to improve the quality of patient care (Jiang et al., 2012).
Corporate governance is used to formulate the rules under which the agents operate to
satisfy the principals(owners of the business) interests (Donaldson & Davis, 1991). IT
with corporate governance (Ferguson et al., 2013). IT governance seeks to align IT practices
with an organization’s strategy, vision, and mission (Posthumus & Von Solms, 2008). Aligning
IT governance to corporate governance could minimize agency loss and creates effective IT
operations (Ferguson et al., 2013). Since IT governance practices are derived from corporate
understand ITG. IT managers as agents, seek to maximize the value of the principal's investment
through exercising good corporate stewardship and agency (Donaldson & Davis, 1991; Joslin &
Müller, 2016). IT governance aims at developing structures and processes used by the
organization to direct and control the enterprise to add value to the business and balance the risks
associated with IT processes in an organization (Ferguson et al., 2013). Dawson et al. (2016)
posited that IT governance is a broader concept that goes beyond the effective and efficient
supply of IT services and products. The supply of IT services and products is the primary
an organization to meet both current and future demands of the business as well as the needs of
the businesses customers, IT governance therefore is concerned with instituting controls over IT
32
management to create value and sustain benefits (Dawson et al., 2016). Due to the rising
costs, run away IT costs, and sometimes the ultimate extinction of the IT department (Ali &
Green, 2012). Due to the importance of the effective operation of an IT department, it is in the
best interest of an organization such as a hospital to ensure that IT departments and network
According to Mueller et al. (2008), enterprise IT governance drives and sets the goals that
concerned with the leadership and organizational structures, process, and relational mechanism
the ensures that an organization’s IT systems serve the strategic and sustainability goals of an
business operation. Although Clarke and Branson (2012) argued that good corporate governance
organization. Doherty et al. (2012) argued that entrepreneurs, investors, and corporations lack
the ability to craft governance that can quickly respond to changes in technology, the
competition, and customer needs. The lack of adequate IT governance may lead to poor
which affects the speed and quality of services delivered to an organization's customers such as
patients at a hospital.
33
Although many firms enjoy above-average industry returns due to good IT governance
practices (Weill & Woodham, 2005; Weill, 2004), in the health care industry, poor Corporate
governance has led to information system failures resulting from health care system failures in
organizations that lack of good corporate governance (Delaney, 2015). In some instances, poor
corporate and IT governance has led to network outages, delayed network improvement projects,
and insecure networks that could translate into poor patient care (Delaney, 2015). In
environments such as the health care industry, it is crucial that hospital administrators effectively
manage ITG for improved and reliable patient care in hospitals. Hospital network operations are
at the heart of the effective delivery of communication pathways and the security of data at
and hospitals, current literature indicated little to no literature concerning the effects of IT
Methodology Literature
In this section, the researcher covers some of the methods that were used by researchers
in previous research work related to this research and how this research will contribute to the
sampling. Qualitative research primarily deals with words and numbers (Stenman, 2019). This
study sought to understand the effect ITG has on network operations in environments such as
hospitals, the researcher identified categories and themes that emerged from talking to IT
processes on network operations at a hospital. Using a case study helped the researcher
understand the effect of IT governance on network operations through processes such as the
34
Qualitative research designs may take forms such as narrative, phenomenology, ground
theory, ethnography, and case study (Creswell, 2009). However, despite the quality work
produced by many qualitative research efforts, qualitative researchers continue to be critiqued for
lack of scholarly rigor (Gioia, Corley, & Hamilton, 2013; Daniel, 2018). Maintaining research
qualitative instruments, there are three major validity items as identified by (Heale & Twycross,
2015; J. W. Creswell, 2014) the three items are: Content validity, construct validity and criterion
validity. Using content validity guidelines, researchers may seek to implement research
instruments that accurately measure all aspects of the research constructs, such as the time it
takes to implement IT services and solutions in an organization. Researchers may use construct
interest in a given research study. Lastly, researchers may use criterion validity to determine the
extent to which the research instruments are related to other research instruments that measure
Positivists and interpretivists research paradigms have divergent views of how research
results may be evaluated; positivists use validity, reliability, and generalizability, while
interpretivists may find generalizability of little value when applied to peoples lived experiences
(Carcary, 2009). Although qualitative research is not inferior to quantitative research, qualitative
research has been criticized for decades for its lack of scientific rigor compared to quantitative
research (Casey & Murphy, 2009), to this extent, qualitative researchers should seek to conduct
and report research findings with the highest possible quality (Casey & Murphy, 2009).
Quantitative researchers showcase their quality of work through rigor and validity, while
qualitative researchers enhance the quality of their work by showing that their work is credible
35
and trustworthy (Casey & Murphy, 2009). The trustworthiness of a qualitative research is a
concept that refers to the degree of confidence and interpretation of data in an effort to increase
(Casey & Murphy, 2009; Connelly, 2016). Carcary (2009), further posited that qualitative
an audit trail; an audit trail allows users to audit the events, influences, and actions of the
researcher.
Daniel (2018), recommended four dimensions that researchers can use to demonstrate
qualitative research rigor, the four dimensions are Trustworthiness, Auditability, Credibility, and
Transferability or TACT. The TACT framework and approach complementary to the approach
Langtree, Birks, & Biedermann (2019), using the TACT framework helps researchers to provide
a better process for undertaking and reporting outcomes of qualitative research and for exploring
different dimensions of rigor (Ben,2018). Both approaches suggested by Daniel (2018)) and
Langtree et al. (2019) can help qualitative researchers explore different dimensions for assessing
demonstrate a level of research rigor when conducting qualitative research. Research rigor is
objectivity, reliability, and validity in qualitative research is not an easy task (Barusch et al.,
2011b). Demonstrating research rigor in qualitative research may not be easy to achieve mainly
36
based on the researcher’s perceived reality of the lived experiences of the research subjects
(Daniel, 2018). Qualitative research paradigms are primarily founded on relativism and
prepositionally or standpoint of the researcher and the role of community in research, voice,
reflexivity, reciprocity, and fluidity between the researcher and researched (Barusch et al.,
2011a). Because knowledge building and formation of qualitative research primarily emerge
from relationship building between the researcher and the researched and the perceived reality of
the researched (Wa-Mbaleka, 2017), critics of qualitative research are led to question the
relationships that form the context in which qualitative research work is developed and may call
into question the credibility, reliability, and validity of a given research (Barusch et al., 2011a).
To establish the credibility of a given study, qualitative researchers can generate confidence in
their qualitative research through the use of methods such as prolonged engagement during data
types and sources, peer debriefing, negative case analysis, and member checking(Barusch et al.,
2011a; Wa-Mbaleka, 2017), suggested that researchers could strengthen their researcher through:
(1) Making a strong case for qualitative research in the title, abstract and keywords; (2) Stating
the relevance of the research in the introduction; and (3) Starting qualitative research with a clear
research question.
A combination of Content validity, construct validity, and criterion validity and TACT
framework could be used as tools to build confidence in skeptics that may not readily accept
qualitative case studies as a valid research method. Although providing rigor or trustability in
qualitative research is necessary, research rigor is not sufficient for ensuring high-quality
research, qualitative researcher rigor that does not translate to good research, good research must
37
also be evaluated on the basis of its relevance to the profession and its potential impact to social
Despite the fact that case studies face criticism for lack of rigor, case studies have been
widely used to provide management fields with some of the most insightful findings about
management as a discipline (Ellinger & McWhorter, 2016). Creswell, Stake, Meriam and Yin are
considered to be key methodologists of case study research and have provided procedures to
follow when conducting qualitative case study research (Yazan & De Vasconcelos, 2016), case
studies are used to explore a phenomenon of interest (Ellinger & McWhorter, 2016), case studies
are used across paradigms, disciplines that require a careful examination of a phenomenon under
investigation (VanWynsberghe & Khan, 2007; Yazan & De Vasconcelos, 2016). Case studies
are used to help develop an understanding of a problem or process; in this case, Case study
helped the researcher understand the effect that Information Technology governance (ITG) has
on hospital network operation in the Western United States of America (Alpi & Evans, 2019;
Case studies may be used to collect evidence using multiple tools sources such as
interviews, observation, document review, and physical artifacts (Jennifer, 2000; Yazan & De
Vasconcelos, 2016); in this study, the interviews were used as the main source of case study
evidence. Case study research heavily depends on the researcher's ability to ask good questions
(Jennifer, 2000). The purpose of interviewing is to allow a researcher to enter into the interview
participant's perspective (Jennifer, 2000). Interviews are necessary when a researcher cannot
observe the behavior or phenomenon of a study but may also be used in combination with other
researcher used interviews as one of the three tools used for data collection.
38
Qualitative researchers often uses purposive samples as a strategy to increase
selecting individuals, groups and organizations that will provide the most information about a
specific research phenomenon (Devers & Frankel, 2000), a purposive sample is a process of
participants with rich experiences about a research phenomenon (Knechel, 2019). Although
qualitative researchers may use as many participants as possible until a point of saturation is
reached (Knechel, 2019), in this study, the researcher chose a purposive sample of 11 interview
participants. Mason ( 2010), posited that there is a point of diminishing returns that researchers
need to be aware of. More data in qualitative research does not necessarily lead to more
because qualitative research is all about sense making of a social phenomenon as opposed to
creating generalizations based on frequencies that occur in sample data. Existing literature
suggests that there are no clear guidelines about how many participants and interviews a
researcher needs to conduct before reaching the point of saturation or simply a point where no
new information can be gathered from the research participants (Guest, Bunce, & Johnson, 2006;
Young & Casey, 2019). Paradoxically, qualitative researchers often have to make a decision
about the anticipated sample size of their study before data collection starts for resource planning
and for research approval purposes (Young & Casey, 2019). In an empirical research conducted
by Young & Casey (2019), to determine the point at which data collection and analysis produces
little or no change to the codebook, transcripts reviewed from previous studies revealed that 73%
of codes were identified in the first six interviews and 92% with in the first 12 interviews, Guest
et al. (2006), suggested that 12 to 16 participants is when a point of saturation was reached,
39
Francis et al. ( 2010) reached a point of saturation after 10 interviews. However, when
conducting research in cross-cultural groups and homogeneous groups, the number could range
between 20 to 40 before a point of saturation is reached (Young & Casey, 2019). The researcher
As illustrated by Guest et al. (2006), Young and Casey (2019), Francis et al. (2010) and
many other scholars, establishing a minimum sample size is an elusive topic which may come
down to two things 1) “the researcher has had it all” and 2) “the researcher understanding it all”
(Young & Casey, 2019), before the point of saturation is reached. Some studies may reach a
point of saturation with just a few samples while others may not (Young & Casey, 2019).
In a case study about Maternal Healthcare Services in the Ketu South Municipality,
Ghana by Amu and Nyarko (2019), the researchers used a purposeful case study to purposively
select participants because the target population had a higher chance of providing the
information need about Mental Health care services, the selected participants would help the
researchers to understand there research problem better. Ako-Nai & Singh (2019), used a
purposive sample method to identify and assess the aspects of IT governance implemented by 23
Amu & Nyarko (2019), suggested that the sample size followed the principle of thematic
saturation; participants may be interviewed until no new themes are generated from the
participants. There are no hard numbers about what constitutes a qualitative research sample
size, some scholars suggest 12-20, some suggest between 10 to 100 participants (Tuckett, 2004),
qualitative researchers tend to rely on small samples with the aim of studying a phenomenon in-
depth and detail. Purposeful samples using a small number of participants that can satisfy the
40
Qualitative researchers may also use flexible research designs that change as the research
progresses (Tuckett, 2004) up to a point where the researcher feels like they have reached a point
of data saturation, a point where no new information can be gathered from the research
participants (Guest et al., 2006; Young & Casey, 2019) or a point of diminishing return. Devers
& Frankel (2000), suggested that qualitative research is similar to a rough sketch design to be
filled in by the researcher as the study proceeds after the main research question is defined and
resources secured for the research, qualitative research can be likened to an abstract drawing,
qualitative researchers can make the research more concrete by developing a sampling frame that
will be used to answer the research question, developing a sampling frame takes into account
identifying specific sites, objects, and a commitment of participants in the study(Devers &
Frankel, 2000). In a study conducted by Best et al. (2018), where a purposive sample of senior-
level managers such as board members, executive directors, funder and academics were to
selected as participants. This research used a purposive sample of the CTO, IT directors, service
management managers, IT network engineers and Change advisory board (CAB) members as
The benefits of purposive samples is that purposive samples are selected due to a
predetermined criterion, and data may be collected until a point of saturation is reached (Guest et
al., 2006). The advantage of a purposeful sample, which is that the research participants are
hand-picked, is also a weakness of case studies, as such, the findings of a case study are subject
to criticism for the lack of bias (Knechel, 2019), purposive samples largely depend on the
called into question by critics of qualitative research because qualitative research has been
criticized for decades for its lack of scientific rigor compared to quantitative research (Casey &
41
Murphy, 2009). Qualitative researchers should seek to conduct and report research findings with
the highest possible quality (Casey & Murphy, 2009). After sampling strategies to be used have
been defined, researchers must now turn their attention to the strategy for choosing the most
include every participant in a study, researchers use sampling mechanisms such as random
researcher should endeavor to avoid or mitigate the level and impact of sampling error simply
defined as the difference between the sample and population that it is meant to represent the
sampling bias defined as the systematic enrollment of participants who are either over or under
stratified random sampling, cluster sampling, and systematic sampling are considered ideal in
quantitative research , non-probabilistic sampling such as convenient sampling and snow balling
sampling are used in qualitative research because qualitative researchers look for individuals
with reach experiences that can meaningfully contribute to the phenomenon under study
recruiting research participants through referrals; one research participant refers to another who
in turn, refers to another (Geddes et al., 2018) until the researcher reaches a point of data
investigation who may be hard to find due to low numbers of potential participants and are
42
hidden, for example, research about participants that fit a particular sexual orientation (Browne,
2005).
researchers, snowballing sampling is prone to faltering and failure (Geddes et al., 2018). As a
mitigation measure to the likely failure of snowball sampling, researchers can use alternative
the researcher is encouraged to look further and cast the net much wider and shallower drawing
on both strong and weak ties in the process, a wide variety of research participants are gained
using a horizontal networking approach as opposed to drilling down vertically through social
Fiss(2015), suggested that cases are historically used to study organizations and
organizational process, cases of study limit boundaries of a real-world phenomenon to time and
space (Fiss, 2015). Research preparation should begin with a good research question and
proposition, good research questions may be followed by a good research design as one of the
preliminary decisions that may need to be made before evidence collection begins (Jennifer,
2000), qualitative researchers also need to be careful when articulating their research design to
show how their research design demonstrates academic research rigor (Jennifer, 2000).
decisions that need to be made before researchers start collecting data are (1). Defining the
research framework, this can be done through conducting a literature review and constructing a
theoretical framework; (2). Identifying a research problem and building a research question or,
crafting and sharpening research questions; and (3). After formulating a good research question
43
(s), researchers should begin by identifying the population or the entire collection of the cases
that the researcher is interested in (Knechel, 2019), the researcher should then create a criteria for
including participants who have experienced an event, and identify the sample size. Sampling
may include the selection of a subset of the case study that should be included in the study
(Knechel, 2019), and finally, how researchers can know when a point of participant and data
Selecting the case and selecting the sample (Ebneyamini & Sadeghi Moghadam, 2018),
need to be made relative to the types and sources of evidence (Plümper et al., 2019). Paton
(2015) posited that defining the boundaries of a case study such as how many sites will be part of
the study and how many people will be in the study is another crucial phase of defining the
boundaries of a case study, Paton (2015), further recommended about 15 people that should be
part of a study in the case of case study research, research can be single or multiple case studies
The primary advantage of using case study and a purposeful sample to understand a
phenomenon such as the role that the effect of IT governance on network operations at a hospital
in the Western United States of America is the opportunities for researchers to get a holistic view
of the process being studied from participants that are likely to meaningfully contribute to the
phenomena under inquiry (Ebneyamini & Sadeghi Moghadam, 2018) because case studies help
researcher gain an in-depth understanding of a specific social phenomenon. After the key
preliminary decisions were made, such as selecting a case, and the research question was
defined, the researcher turned to the sampling and evidence collection methods to be used.
44
Conclusions
Both historical and current literature review suggests that Good corporate governance
translates to good IT governance, IT departments that adhere to business needs and that are
aligned to the business needs of an organization, the process of creating reliable IT departments
requires good IT governance (Bianchi & Sousa, 2016). Good ITG are likely to lead to well
managed Health Information Systems (HIS), well maintained HIS, have the potential to enhance
productivity, lower costs, reduce medical errors and reduce human resources strain in the health
care industry (Yang, Kankanhalli, Ng, & Lim, 2013). Although good corporate and IT
governance is critical for the success of many of organizations, good corporate governance, and
ITG for network operations is particularly essential for the success of health care organizations,
IT governance is often found lacking for IT network operations, this research explored the effect
that ITG has on network operation and the role ITG for network operations in hospitals can have
on patient care.
Chapter Summary
In this chapter, the researchers has reviewed both germinal and seminal literature bout IT
governance and why it is essential to align IT governance to corporate governance for the
success of an organization (Peterson, 2004a; Turel & Bart, 2014). IT governance helps
(Altemimi & Mohamad Shanudin, 2015; Selig (2016). One of the key underpinning theories of
IT governance is agency theory; agency theory is one of the underpinning theories of corporate
organization should be aligned with corporate governance practices, goals, mission, and strategy.
Finally this chapter reviewed case studies and how case studies are suitable for studying
45
organizations and organizational processes (Fiss, 2015). This study used an exploratory case
study using purposive sample participants such as the CTO, IT directors and network engineers
that would meaningly contribute to the research phenomenon; case studies have been used to
hospital in the Western United States of America. Chapter 3 focused on research methodology.
46
Chapter 3
Research Methodology
As previously noted in chapters 1 and 2, the purpose of this simple exploratory case study
was to explore the effect that IT governance (ITG) has on network operations at a hospital in the
Western United States of America. This chapter reviews an exploratory case study and the data
collection methods used to collect data about IT governance's perceived effects on network
operations. The researcher used a triangulation method to compare and contrast evidence from
three data sources: interviews, document review, and observation. A case study research method
was used because case studies are commonly used to understand organizations and
organizational processes. Chapter three also presents the main research question of the research
"What is the relationship between IT governance and hospital network operations" and sub-
research questions used to investigate further the perceived effect of IT governance on hospital
capture the perceptions. The purposive sample was used to explore research participant's
perceived views about the role of IT governance in network operations. All research participants
were required to read and sign an informed consent form; the informed consent form allowed the
researcher to collect data from research participants. After the research participants signed the
informed consent form, the research participants were asked to scan the informed consent form
interviews, document review, and observation. The data analysis process was conducted using an
iterative process that continued throughout the data collection process and after the data
collection process. Additionally, after the data collection process, the researcher began intense
47
data analysis by bringing together all the collected information from sources such as interviews,
field notes from observation, and IT governance documents into a single case study database.
Data from interviews, IT governance documents, and observation notes were imported into a
computer-aided design and analysis software MAXQDA Analytics Pro 2020 for Mac OS, release
20.3.0.
themes from the data collected from interviews transcripts, observation field notes, and IT
governance documents. Using MAXQDA Analytics Pro 2020 for Mac OS, release 20.3.0, the
researcher started the data analysis by reviewing, reading, re-reading, developed a coding
scheme to help identify emerging themes from the data and how the emerging themes answered
This study was an exploratory case study that explored the effects of IT governance on
network operations at a hospital. Case methods are used as research methods of choice to study
complex real-life phenomena (Bhatta, 2018). This study used a case study method to answer how
Alpi and Evans (2019) noted that case studies are qualitative research designs used to
single our multiple bound systems over time using in-depth data collection involving various
sources of information. Hyett et al. (2014a) posited that a qualitative case study explores a real-
life contemporary bounded system. Yin (2018) suggested that case studies may be used if the
researcher sought to answer: (a) "how" or "why" questions of a social phenomenon; (b) the
researcher has little or no control over the behavioral events of the research; and (c) the focus of
48
the study is mostly contemporary as opposed to being historical. Case study evidence can be
collected from interviews, observation, document review, and physical artifacts(Alpi & Evans,
2019). A case study, especially a single case study is bounded because case studies focus on a
single entity (Coso Strong & Sekayi, 2018; Jensen & Rodgers, 2001). Hyett et al. (2014)
contended that case study research is an investigation and analysis for single or multiple cases to
capture the object of the study's complexity (Hyett et al., 2014a). Case study is a design of
inquiry that can be applied to many fields, especially in which a researcher develops and in-depth
(Creswell, John W.; Creswell, 2018). Although case studies cannot be used for generalization in
social research, case studies are used to study human behavior because they are down-to-earth
and attention-holding (Stake, 1978). As suggested by (Alpi and Evans, 2019; Hyett et al. 2014;
Creswell, John W.; Creswell, 2018; Coso Strong & Sekayi, 2018) the meaning of a bounded
system in a case study is derived from the characteristic of cases study designs. Case studies are
institution (Stake, 1978) , time-bound, for example, a year or six months as the period of study.
Case boundaries are kept in focus to determine what is in scope and what is out of the scope of
department as a case, describe how the IT department works, point out some themes that emerge
from talking to IT employees during the data collection period. Using a case study approach, a
department and how the IT department works, and the impact an IT department has on an
organization. In qualitative case studies, researchers seek to study a phenomenon within its
49
context (Farquhar et al., 2020); a case study can also be defined as an empirical inquiry that
investigates a contemporary phenomenon in-depth and within a real-life context (Farquhar et al.,
2020; Bhatta, 2018). Yin (2017), posited that the main focus of a case study is usually concrete
policy, institutional practices, and organizational events such as decision making within a
defined context and boundaries. Case boundaries are conditions that fall within the boundaries of
the case in a case study such as time period of the study, social groups that are part of the study,
organizations, and geographic locations of the study (Yin, 2018). One example of case
boundaries is the example of project scope, similar to out-of-scope projects, and scope creep in a
project is the concept of cased study boundaries. If case study boundaries are not well defined,
such as who will be studied, the location of the study and the time frame of the study, case study
Research Questions
The researcher relied on the three methods of data inquiry for triangulation. Triangulation
is generally a concept used to measure the distance between two points and the relative position
explain using different data sources in qualitative research methods such as case studies
(Farquhar et al., 2020b, Morse, 2015). The researcher used document triangulation using sources
Interviews, document review and observations conducted by the researcher were guided by the
50
SQ 1: How is IT governance of network operations used to deliver value to the Hospital?
SQ 2: How is IT governance of network operations used for strategic alignment to the Hospital's
management?
SQ 5: How is IT governance of network operations at the Hospital used for risk management?
A research population is the superset or larger universe of what the researcher wishes to
study(Gentles, Charles, Ploeg, & McKibbon, 2015), and the sample is the representative subset
of the superset of what the researcher wishes to study. The goal in both qualitative and
quantitative studies is to select a sample that would most appropriately help answer the research
question(Meltzoff, J., & Cooper, 2018). In qualitative research, a sample-sized between 10-30
participants interviewed were also part of the change advisory body (CAB). CAB meetings were
reviewed Included IT governance documents and articles retrieved the hospitals IT governance
online portal. (Emerson; 2015; Gentles, Charles, Ploeg, & Ann McKibbon, 2015) defined
sampling as the acts, processes, or techniques used to select a representative part of a population
is the selection of specific data sources from which data that answers a research question is
51
collected (Gentles, Charles, Ploeg, & Ann McKibbon, 2015); sampling decisions are highly
be used (Meltzoff, J., & Cooper, 2018). Random samples tend to represent their parent
population reasonably well, and the entire community has an equal chance of being included in
the research (Meltzoff, J., & Cooper, 2018). However, in qualitative research, nonprobabilistic
sampling methods such as purposive samples may be used to select research participants (Yin,
2018; Meltzoff, J., & Cooper, 2018), although the definition of purposeful sampling is fraught
with ambiguity and a lack of clarity as observed by (Gentles, Charles, Ploeg, & Ann McKibbon,
2015), purposeful sample is where participants are selected based on what the researchers
determine as the most suitable candidates to answer the research question (Meltzoff, J., &
Cooper, 2018), purposeful samples are used to select information-rich cases. Information rich
cases could be comprised of individuals that are knowledgeable and experienced about a
research phenomenon (Palinkas et al., 2015). This study used a purposeful sample of current IT
employees' who are part of the IT governance body, the IT employees were comprised of
Network Engineers, IT managers, IT directors, the Chief Technical Officer (CTO) and Service
desk leadership team in the IT department. This group of participants were purposefully selected
because of their roles and knowledge in the IT department and their roles in respect to IT
governance at a hospital in the Western United States of America. The researcher worked with
the leadership team at the hospital responsible for network operations at the hospital to
purposefully select participants that could most appropriately help answer the research question.
The employees interviewed included but not limited to: Network Engineers, IT managers,
IT directors, the Chief Technical Officer (CTO) and Service desk leadership. The study also
52
explored the perceived realities of the sample IT employees about how IT governance processes
and practices impact IT network operations at a hospital in the Western United States of
interviews using a Microsoft collaboration tool called Microsoft Teams. Microsoft Teams was
used to conduct interviews and change advisory board meetings (CAB) during the month of
January 2021, the researcher attended three CAB meetings for the purpose of observation in
addition to the 11 interviews conducted. Document review and observation was used to
collaborate findings from interview data to validate the ITG processes and their effects on the
hospitals network operations during the research period. The main reason for conducting
interviews, document review, and observations to increase the credibility of the findings by
corroborating evidence from multiple sources about the effect ITG implementation has on
Network operations of a hospital such as a hospital in the Western United States of America.
Research participation was strictly confidential; the interviewees and their responses were
Researchers should ensure that they seek participant consent, ensure research
consent provides a level of accountability and responsibility throughout the research process
(Williams & Pigeot, 2017). Informed consent is used to determine the self-determination of
individual research participants and their willingness to participate in research (Miller &
Boulton, 2007). Miller and Boulton (2007), defined informed consent as a concept that defines
what is regarded as a level of the appropriate relationship between the researcher and research
participant. Informed consent is when informed participants make their wish known to
53
participate in a study (Williams & Pigeot, 2017; Miller and Boulton, 2007). Confidentiality in
qualitative research is a tool used for the management of data protection and privacy of research
participants (Williams & Pigeot, 2017), the goal of confidentiality is to prevent harm associated
with research participants sharing of identifiable research data (Yu, 2008). During qualitative
research, researchers are likely to run into an issue such as deductive disclosure or internal
confidentiality; deductive disclosure happens when individual traits and characteristics are
identifiable in the research report through deduction by the reader (Kaiser, 2009). To protect
research participants from unwarranted disclosure, researchers should protect the privacy of
information that research participants share about themselves form intrusion; privacy can be of
two forms, privacy of the person and information privacy (Woogara, 2005). The research
participants signed an informed consent form before attending an interview session. The
informed consent form was sent to the participants by email; the informed consent form was
then signed by the research participants, scanned and sent back by email to the researcher
Research data is kept secure by following the University of Phoenix and institutional review
board research guidelines on confidentiality. The recorded research participant interviews and
observation notes are stored on a locally encrypted and password-protect hard drive on the
researcher's computer. Both local copies and iCloud copies are encrypted; file transfer to the
researcher’s iCloud account uses end-to-end encryption of local and in-transit data. Redundant
kept on the researcher's iCloud drive for at least three years after the interviews are collected.
The protected files are only accessible to the researcher using two-fact authentication technology
to ensure added security. Personally, identifiable research participant data is kept at a minim. For
54
example, personally identifiable information has been removed from the transcripts and replaced
with pseudonyms for identifiers after interviews were transcribed and validated by the research
participant; the pseudonym list will be kept in separate password protected. Personally,
identifiable information and raw data from interviews is stored in a different password-protected
file. The data will be kept for three (3) years. The research interview and observation transcript
data will be destroyed by deleting the files from the researcher's local hard drive and redundant
copies from the researcher's iCloud account. Audio recordings from the interviews will be stored
until the interviews have been recorded and validated by the research participants within three to
six months. Both interview and observation audio recordings will be destroyed by file deletion of
the audio recording. Audio files will also be destroyed by deleting any media that may contain
the participant's audio record. The researcher's interview field notes will be destroyed by
shredding after three years from the research field notes collection date. The researcher obtained
data access and permission from the Hospital that granted the researcher permission to conduct
interviews, observations, and document review. See Appendix A for the Informed Consent Form.
Instrumentation
Data collection requires directly probing research participants for rich information and
description and clarification of their lived experiences (Polkinghorne, 2005), in this study, the
researcher used an exploratory single case study to investigate and collect evidence about the
observations, and document analysis to collect evidence because interviewing, observations, and
document analysis are the key sources of evidence in qualitative research (Chenail, 2011;
Polkinghorne, 2005). As part of the data collection process, one of the objectives of scientific
research is to attain trustability by ensuring that the research process is valid and reliable through
55
its data collection methods (Louise & Alison, 1994). The sections below illustrate why
interviews, observations and document review were used as research instruments for this study.
Instrumentation: Interviews
In this study, semi-structured interviews were used because of two main reasons. The
first reason is that semi-structured interviews are well suited for the exploration of the perception
of opinions of the respondents in a research phenomenon. The second reason is that it is almost
impossible to use standardized questionnaires in case studies due to the varied educational and
attempt to standardize stimulus and assume that respondents share the same vocabulary and that
every respondent's words carry the same meaning (Louise & Alison, 1994). However, evidence
collection methods such as questionnaires tend to take into account the fact that not every word
carries the same meaning to every respondent; semi-structured interviews increase reliability and
validity through the equivalence of meaning across participant's responses (Louise & Alison,
research participants do not speak the same language as the researcher, semi-structured
interviews have benefits such as the researcher's ability to probe respondents to clarify their
responses and benefits such as increasing social interaction with respondents that is necessary for
building rapport between a researcher and respondents (Louise & Alison, 1994).
Using semi-structured interviews, a researcher can rearrange the interview, clarify the
questions, and increase the engagement of the research participants. Researchers using
qualitative semi-structured interviews should also be aware that semi-structured interviews are
only an excellent tool depending on the researcher's ability to manage and analyze verbal
conversations effectively. Therefore interpersonal skills such as humility, humor are needed to
56
both establish rapport but also to establish trust with participants (Newton, 2010). Semi-
structured interviews were be used because interviews are a superior form of data collection in
Interviews can be used build raptor and an environment where participants can feel comfortable
sharing the needed information in a research phenomenon (O'Keeffe, Buytaert, Mijic, Brozovic,
& Sinha, 2016). The researcher used semi-structured interviews to clarify information during the
interview or information from other sources, such as document review and observation. The
researcher audio recorded interviews in addition to taking notes to record participant responses
and observations.
Instrumentation: Observation
Observation evidence is often a vital tool for providing additional information about the studied
topic (Yin, 2018). Observation is used for studying individual behavior; the researcher used a
non-participant observation method for this research to understand how IT governance affects
observed three critical IT governance meetings. The meetings attended were change advisory
(CAB) meetings. The researcher attended CAB meetings to observe the IGT process's
researcher's findings from the three observation meetings helped to validate and collaborate some
57
Instrumentation: Document review
Document review or document analysis can also be used as the primary tool of data
collection or as a secondary type of data collection; document analysis can be used to provide a
historical context of the research. Documents and artifacts are ready sources of qualitative data
for a qualitative researcher (Yazan, 2015); document artifacts used in this research were online
content collected from the hospital’s IT service management website. The researcher reviewed
management website. The IT service management website had process documents and policies
such as (a)IT service management definitions; (b) Change Management Process for Standard
Change; (c) Change Management Process for Normal Change; (d) Change Management Process
for Emergency; (e) Change Management Policy; (f) Release Management Process; (g) Release
Management Policy; (h) Service Level Management Policy; (i) Service level management
process; (j) Incident management process; (k) Configuration management polity (l) change
management process; (m) Configuration management process; (n) Asset Management Policy;
and (o) Service Level Management Policy. The IT governance documents provided content
relevant to topics ITG and the possible effect that the IT governance processes and policies have
delivery and how ITG regulates how services are rendered to the Hospital.
Pilot Study
A field test or pilot study may be conducted to determine if the research topic is feasible
and that the data collection instruments such as interview questions are likely to gather the
relevant information that inform the research; field test may also be done to determine if the data
collection tools are reliable (Creswell, John W.; Creswell, 2018). The researcher did not conduct
58
a pilot study due to Covid 19 related restrictions that led to limited access to the site and research
participants. The researcher also had to accommodate that the IT team members to be
interviewed were under pressure to build new Covid 19 testing sites and other Covid 19 related
projects. Additionally, the researcher was advised by management at the Hospital that the
research participants did not have ample time to engage in a preliminary pilot study and then the
actual research. Therefore, the researcher relied on the three methods of data inquiry for
three, triangulation compares several data types and sources: peer debriefing, negative case
analysis. Member checking of data sources was also used to show the research's content validity.
The researcher used document triangulation using sources such as document review, interviews,
and observation.
the use of thick descriptions in chapter 4 research findings that readers from other contexts can
relate to. Transferability was also achieved using semi-structured interviews, document review of
IT governance process, and observation of IT governance processes such as the change advisory
body. The three methods were used to explore how stakeholders at a hospital in the Western
United States of America feel about network operations' IT governance processes. The findings
from one hospital are likely to apply to other hospital network operations in United States of
America or any other country. Using semi-structured interviews, document review, and
observation helped to triangulate both research data collection and analysis. The researcher used
59
information the researcher would get from using a combination of interviews, document review
of their study (Fusch et al., 2018). One of the ways to achieve credibility and transferability is
through triangulation of data from different data sources. Triangulation using semi-structured
processes such as the change advisory body meetings was used to explore how stakeholders at a
hospital in the Western United States of America feel about the IT governance processes for
document review, and observation was also used in the data analysis process. To establish the
credibility of this study, the researcher used semi-structured interviews, document review, and
observation because of the depth of the information the researcher could get from using a
al., 2018). The paragraphs below illustrate why qualitative researchers must establish credibility
credibility; one of the benefits of the qualitative research process is that qualitative research is
flexible as the researcher can adjust the research process as they see fit for a given scenario
(Cypress, 2017). Qualitative research is not value-free because qualitative researchers bring their
own biases to the research process (Fusch et al., 2018) . The researcher's bias and the kind of
flexibility that qualitative research offer calls into question the research validity of the research
findings since the researcher is the main instrument of the research (Cypress, 2017; Fusch,
Fusch, & Ness, 2018). Proper qualitative research must, therefore, demonstrate research rigor,
60
reliability, and validity (Barusch et al., 2011a; Thomas & Magilvy, 2011). Quantitative research
rigor is equivalent to reliability and validity in quantitative research (Thomas & Magilvy, 2011),
qualitative research rigor can be demonstrated through the researcher's ability to show
designs, in both quantitative and qualitative instruments, there are three major validity items as
confidence in their qualitative research through the use of methods such, prolonged engagement
several data types and sources to provide deeper insights and meeting (J. B. Brown et al., 2015),
peer debriefing, negative case analysis, and member checking. (Barusch et al., 2011a; Wa-
Mbaleka, 2017), suggested that researchers could strengthen their researcher through (1) Making
a strong case for qualitative research in the title, abstract, and keywords; (2). Stating the
relevance of the research in the introduction; and (3) Starting qualitative research with a clear
research question. Cutcliffe and McKenna (1999), maintained that qualitative researchers could
categorization and coding process of a transcript as a method to guard against the researcher's
bias. In addition to using colleagues to participate in the coding and theme development process,
research participants or member checking may also be used to validate research findings
(Candela, 2019). Interviewees were asked to review their interview transcripts and some of the
emerging themes from the interviews as a measure of reducing distortions, inaccuracies and
61
Complementary to allowing other experts to participate in the coding process and
research participants participating in the data validation process. Triangulation was used as a
mechanism for achieving validity and confidence in the findings of the study (Medlin, 2012),
Farquhar et al. (2020), postulated that triangulation contributes to both internal and external
information and findings (Stavros & Westberg, 2009), triangulation is used as a tool to mitigate
the researchers bias by triangulating multiple sources of data to extrapolate meaning from data
using multiple realities or viewpoints (Fusch et al., 2018). Triangulation is particularly a good
tool in qualitative case study research because triangulation contributes to research validity
through the convergence of findings from multiple sources (Farquhar et al., 2020c), as a
validation strategy for qualitative research, triangulation is not restricted to the use of only one
method, theory and data source (Santos et al., 2020). Triangulation may consist of three main
research conducted by Cooper, Stavros, and Dobele (2019), about the domains of influence
interviews, netnographic (netnography a form of ethnography that examines online cultures and
life) examination were used to triangulate case study data. In a study that sought to understand
marketing, interviews, participant observation, and document review were used as data sources
to triangulate a diversity of research data (Stavros & Westberg, 2009). Based on the sample
studies (Medlin, 2012; Stavros & Westberg, 2009; Farquhar, Michels, & Robson, 2020), the
common three methods used for triangulation in case studies are interviews, document review,
and observation. Therefore, for the reasons cited in this section, the triangulation of qualitative
62
data from interviews, document review, and observation provided the best path to establishing
credibility. The next section will focus on the value of transferability in qualitative research.
research; transferability is a qualitative research construct that suggests that the findings from
one study and context could offer applicable lessons in another context (Daniel, 2018),
theme and to provide validation of the findings from various sources (Stavros & Westberg,
2009), using various data sources increased transferability of the of the findings of a qualitative
study (Stavros & Westberg, 2009). To show that transferability has been exercised by a
researcher, the researcher should show how the content of interviews, the behaviors, and
observed events are generally representative of the lived experiences of participants and if such
representation could be used in other contexts (Daniel, 2018). Although it is almost impossible to
guarantee transferability of research findings from one context to another, qualitative researchers
are encouraged to use thick descriptions of themes as a strategy to allow readers to compare the
instances of a phenomenon described in a research report to their own situations and contexts
(Shenton, 2004). The researcher used thick descriptions of themes in the research report to allow
readers to extrapolate themes that may be applicable to their own findings. The researcher also
encourages future studies to use multiple case studies or quantitative research methods to
operations in multiple hospitals in the Western United States of America and the United States,
such efforts will increase the ability to transfer findings from one hospital to another.
63
Data Collection
The sections below illustrate how the researcher collected data using interviews,
observations, and document reviews. The researcher used interviews, observations, and
As noted in chapter 1 and in this chapter, the data collection process was conducted by
collecting and triangulating data from multiple sources such as semi-structured interviews,
document review, and observation. Data were primarily collected using semi-structured
interviews from a purposive sample of 11 interview participants. A purposive sample was used
because purposive samples are intentionally used to select participants and data that enrich the
findings of a particular study (Marton, 2013). A purposive samples is also known as judgment
sampling where participants are deliberately chosen due to their qualities and rich experiences
(Etikan, 2016; Higginbottom, 2004). The purposive sample using a maximum variation sample
(MVS) was used because using a purposive MVS allows the researcher to select participants
with a wide range of experience (Etikan, 2016). Using MVS the researcher interviewed
participants whose IT experiences ranged from 3 years in the company to over thirty years in the
firewall engineers, IT directors and the CTO. Using the MVS approached help the researcher
gain greater insights into the research phenomenon. Research participants included in this study
64
The researcher worked with the IT leadership at the hospital to identify and handpick
research participants that were likely to contribute to the study's purpose. After the participants
had been identified, the researcher sent recruitment emails to the chosen research participants;
the recruitment emails included a sample interview protocol and informed consent form attached
in appendix A and B of this paper. Each research participant was requested to sign the informed
consent form before participating in the 30-45 minutes interview. As per the university of
phoenix IRB requirements, the researcher obtained a signed Premises, Recruitment, and Name
(PRN) use permission form document that allowed the researcher to collect data at the hospital's
IT department in the Western United States of America. All interviews were conducted in
January 2021. The researcher reached a point of saturation by the 9th interview participant.
Although scheduled and conducted on separate days through the month of January 2021,
Interviews and observations were conducted during the same period. See appendix B for the
interviews.
Microsoft Teams. The researcher attended three IT CAB meetings to observe the hospital's
governance body responsible for approving and reviewing network operations-related changes
made by the IT team. Except for holidays that fall on Mondays, CAB meetings are held once
each Monday. The cab meetings observed were held in January 2021. The specific CAB
meetings observed were held on Jan 5th, Jan 12th, and Jan 25th. The CAB meeting held on Jan
4th lasted for about 26 minutes; the CAB meeting held on Jan 12th lasted for about 32 minutes;
the CAB meeting held on Jan 25th lasted for about 23 minutes. Each CAB meeting discussed
65
changes scheduled for the week and the possible impact the IT changes on the network or IT
environment could have on the hospital. The searcher audio recorded the CAB Teams meetings
that were later transcribed using an online tool otter.ai. See appendix C for the protocol
document used to observe The Effect of IT Governance (ITG) on Hospital Network Operations.
The researcher conducted a document review from the IT service management web
portal, where all IT governance policy documents and processes are stored. Document review
was conducted as the last step in the data collection process to validate and collaborate some of
the perceived realities of IT governance by IT leaders and IT staff in the IT department at the
hospital. The researcher searched the hospital's IT service management page using keywords
such as IT governance, asset management, change process, and service management. The search
criteria yielded IT governance documents such as: (a)IT service management definitions; (b)
Change Management Process for Standard Change; (c) Change Management Process for Normal
Change; (d) Change Management Process for Emergency; (e) Change Management Policy; (f)
Release Management Process; (g) Release Management Policy; (h) Service Level Management
Policy; (i) Service level management process; (j) Incident management process; (k)
management process; (n) Asset Management Policy; and (o) Service Level Management Policy.
The document review process was conducted during February and March 2021. At the
conclusion of the data collection, the research started intensive data analysis discussed in the
section below.
66
Data Analysis
This section reviews how interview data were recorded, transcribed, and analyzed. This
section also examines how document and observation evidence was analyzed. Data from
interviews, observation, and document review was used to identify evidence that supports or
answers the research question and opposing views from the evidence collected (Yin, 2018).The
key to qualitative research analysis is mastering the art of reflexivity and data iteration as the
researcher reviews, analyzes, and revisits with analyzed data over and over to discover new and
emerging themes from the data and how those themes inform the researcher's research
phenomenon (Srivastava & Hopwood, 2009). Through constant comparison and iteration, the
researcher compared and revisited data from interview transcripts, observations and document
review to discover emerging themes about the perceived realities of hospital's IT employees
about the effects of IT governance on network operations. During the data analysis, 26 categories
emerged, and five major themes emerged from the 26 categories. The five major themes are
discussed in chapter 4.
The researcher followed a data analysis approach and framework consistent with
previous scholars. Many scholars recommend that data analysis start as soon as the first data
element is collected (Rowley, 2012). The data analysis process should then continue in an
iterative process, starting with organizing the data set, getting acquainted with the data,
classifying, coding, and interpreting the data see also (O’Kane et al., 2021; Rowley, 2012).
O’Kane et al. further suggested the data analysis process should be conducted in a reliable and
findings' trustworthiness, the researcher used constant comparison and triangulation as a strategy
67
to draw meaning from multiple sources by analyzing confirming or opposing themes from
interviews, document reviews, and observations (Yin, 2017; Yazan & De Vasconcelos, 2016).
In this case study, the researcher investigated evidence collected about IT governance
such as: (a) How IT governance delivers value to the Hospital; (b) How IT governance leads to
strategic alignment of IT network operations to the Hospital's goals and missions; (c) How IT
resource management; and (d); IT governance and risk management; and (6) What IT
recommended that data analysis should focus on three main questions, the questions are: (a) what
are the data telling me?; (b) what is it that I want to know from the data?; and (c) What are the
dialectical relationships between what the data is telling me with what I want to know? Lester et
al.(2020) suggested data analysis in qualitative case studies is used to develop a more profound
writing, creating categories, and themes. Therefore, data analysis is a meaning-making process
qualitative and quantitative evidence to address the initial proposition of a study (Yazan & De
Vasconcelos, 2016). Yin (2017) further suggested that qualitative researchers can follow four
general strategies to analyze qualitative evidence. The general strategies are: (a) relying on the
theoretical proposition of the researcher, (b) working with data from the ground up following an
inductive approach, (c) developing a case description; and (d) examining plausible rival
68
Specifically, the researcher used two main approaches of data analysis. The first approach
was working data from the ground up, working the data from the ground up is an inductive
approach of data analysis that assigns codes to the data, and each code represents an abstraction
or concept of interest (Yin, 2018). The themes represent the researchers answers to the research
question, the research context, and theoretical framework (Roberts et al., 2019). The second
approach used is the constant comparative data analysis proposed initially by Glaser and Strauss
(Sharma et al., 2019, see also Gephart, 2003;), constant comparison can be used to discover
relationships among categories and themes (Sharma et al., 2019). In this case study, constant
comparison was used to compare data across interviews, document reviews and observations.
To start the analysis process, after interviews are conducted, interviews must be first
transcribed before the data can be analyzed (Nascimento & Steinbruch, 2019). Inappropriate or
inadequate preparation of transcripts from the audio to digital recordings can delay or negatively
affect the data analysis process (McLellan et al., 2003). Transcription is used in qualitative
research to show evidence about a certain phenomenon that constitutes a certain interest in a
study; the way transcription is conducted largely shaped by the researcher's institutional culture,
academic environment, and background (Nascimento & Steinbruch, 2019). In this study, the
researcher used data transcription technology otter.ai for voice recognition software (VRS) to
transcribe the interviews. Transcribing the interviews using otter.ai was a strategy used to ease
and increase the data transcription process's speed for audio recordings as recommended by
Matheson (2007). The transcripts from data recordings were later used for analysis by
categorizing and develop emerging themes from the data. The sections below illustrate how the
researcher conducted data analysis for interviews, observation, and document reviews
69
Data Analysis: Interviews
In this research, the researcher transcribed the interview data using an online tool otter.ai,
the transcribed interviews were uploaded to MAXQDA Analytics Pro 2020 for Mac OS, release
20.3.0. The researcher used MAXQDA to generated codes, patterns, and themes from the
interview transcripts. O’Kane et al. (2021) suggested that although computer aided qualitative
analysis and design (CAQDAS) do not perform data analysis independent of the researcher,
CAQDAS tools play a significant role in supporting researcher efforts in analyzing and
presenting data analysis in a trustworthy manner. The researcher used MAXQDA as a qualitative
analysis tool to store, code, analyze and drive themes from the collected research data. Data in
MAXQDA constituted the research case record. The case record was organized into subfolders
such as interviews, document review and observation. Organizing the data in a structured
recorded enabled the researcher to easily access, review and analyze the data.
within an inquiry through a process of continually hunting for themes and concepts that emerge
from the collected data (Srivastava & Hopwood, 2009; Yin, 2017). The researcher used a
ground-up strategy as suggested by Yin (2017), to allow themes to emerge from the data.
Patterns and themes were allowed to emerge from the data based on what the researcher wants to
know from the data guided by the researcher's theoretical framework; the researcher's subjective
perspective; and the researcher ontological and epistemological perspective (Srivastava &
Hopwood, 2009).
The researcher also focused on examining and categorizing data, the process of
examining and categorizing data is commonly referred to as qualitative data coding (Castleberry
& Nolen, 2018), a code in qualitative research is a word or short phrase that symbolizes salient,
70
essence-capturing, and or evocative attributes for a proposition of language-based or visual data;
coded data could consist of interview transcripts, observation notes, journal analysis, documents,
drawings, and artifacts, emails correspondences and much more. It is through the coding process
that raw data is converted into meaningful and usable data through the identification of themes,
concepts, and ideas that are related to each other (Castleberry & Nolen, 2018). Coding is not a
linear process but an iterative and reflective process (Srivastava & Hopwood, 2009). The
researcher used an interactive approach to code themes and sub-themes that emerged from the
data from the beginning of the interview data collection process to the end of the interview data
collection process. Interviews were analyzed for information about (a) How IT governance
delivers value to the Hospital; (b) How IT governance leads to strategic alignment of IT network
operations to the Hospital's goals and missions; (c) How IT governance leads to performance
management of network operations; (d) IT governance and IT resource management; and (e); IT
governance and risk management; (f) What IT governance means in an organizational context.
Five main themes emerged from the interview data analysis process. Details about the interview
The researcher uploaded observation transcripts to MAXQDA for data categorization and
analysis for emerging themes. After interview transcripts had been analyzed, the researcher
analyzed observation data and document review. Observation is a data collection process
describing events, behaviors, and artifacts in a social setting study (Kawulich, 2005).
Observation allows the researcher to learn about participant's activities in a natural environment;
observations may be used to check the nonverbal expression of feeling and observe events that
participants may not be willing to share during an interview (Kawulich, 2005). The researcher
71
used a ground-up strategy suggested by Yin (2017) to analyze the data for categorizing and
themes that emerged from the data. The analysis process also used the constant comparison
process to compare and confirm categories and emergent themes from interview data and
document review. The CAB meetings findings were consistent with the IT policies and
processed defined by the hospital’s IT governance body. Observation transcripts were analyzed
for: (a) How IT governance delivers value to the Hospital; (b) How IT governance leads to
strategic alignment of IT network operations to the Hospital's goals and missions; (c) How IT
resource management; and (e); IT governance and risk management; (f) What IT governance
means in an organizational context. The main emerging themes from observation data analysis
The researcher conducted document review analysis extracted from the IT service
interview and observation data analysis. The researcher uploaded all collected data governance
documents such as: (a)IT service management definitions; (b) Change Management Process for
Standard Change; (c) Change Management Process for Normal Change; (d) Change
Management Process for Emergency; (e) Change Management Policy; (f) Release Management
Process; (g) Release Management Policy; (h) Service Level Management Policy; (i) Service
level management process; (j) Incident management process; (k) Configuration management
polity (l) change management process; (m) Configuration management process; (n) Asset
Management Policy; and (o) Service Level Management Policy to MAXQDA. The researcher
reviewed IT governance supporting documents for patterns and themes that emerged about how:
72
(a) How IT governance delivers value to the Hospital; (b) How IT governance leads to strategic
alignment of IT network operations to the Hospital's goals and missions; (c) How IT governance
management; and (e); IT governance and risk management; (f) What IT governance means in an
organizational context. The emerging themes from the document review were consistent with the
findings from interviews and observation. Details about the document review findings and
Chapter Summary
This chapter has presented an exploratory case study as the data collection method that
was used to collect data using interviews, document review, and observation as the main
instruments of data collection. The case study approach was used because case studies are
Chapter three also presented the main research question of the research "What is the relationship
between IT governance and hospital network operations" and sub research questions. A
purposeful sample of 11 IT employees and hospital administrators were used as the target sample
for interviews. All research participants were required to read and sign an informed consent
form that allowed the researcher to collect their data. Credibility and transferability were
established by triangulating data sources such as interviews, document review, and observation.
The data analysis process followed and an iterative process from the beginning of the data
collection process to the end of data collection and analysis process. The researcher developed a
coding system that was used to identify emerging themes from the data and how the emerging
themes address the research question. Chapter 4 discusses the analysis and results.
73
Chapter 4
This study was an exploratory qualitative single case study that sought to understand
essential network governance and network operations stakeholder’s perceptions of the use of IT
governance (ITG) and the relationship of ITG to critical health care infrastructures such as
hospital information technology network operations. The study also explored the IT
government's perceived effect on network operations at a Hospital in the Western United States
Hospital administrators, and other hospital stakeholders about the significant contributions that
IT governance could have on hospital network operations. Additionally, the study contributes to
IT governance to improve network operation's alignment with the hospital's strategic goals and
missions. This chapter describes the analysis process and the study results of this study using a
Research Questions
The main research question was, "What is the relationship between IT governance and
hospital network operations?" The researcher asked five sub-research questions to understand the
effects of ITG on network operations in a hospital in the Western United States of America.
Listed below is the list of five sub-questions used by the researcher to guide the research:
SQ 2: How is IT governance of network operations used for strategic alignment to the Hospital's
74
SQ 4: How is IT governance of network operations at the Hospital used for resource
management?
SQ 5: How is IT governance of network operations at the Hospital used for risk management?
This chapter builds on the first three chapters, the introduction, literature review, and
research methodology to analyze and present the results of this study. Chapter 4 also serve as a
transitionary chapter to the findings and conclusions in chapter 5. This chapter presents an
inductive analytical process used to code, develop categories, and emerging themes from the
data. Furthermore, this chapter presents the data collection process with sections such as the
informed consent, discussion of the data analysis phases, research participant demographics, the
Data Collection
The sections below provide a detailed discussion of the informed consent and data
collection process used in this study. Additionally, this section reviews the actual data collection
As suggested by Williams and Pigeot (2017), all research participants should read and
sign an informed consent form before participating in the data collection process. Moreover, all
researchers should ensure that they seek participant consent, ensure research participant's
provides a level of accountability and responsibility throughout the research process. The
informed consent form was sent to the participants by email; the research participants signed the
informed consent form, scanned the form and sent back the form by email to the researcher.
75
The collected research data was kept secure by following the University of Phoenix and
participant interviews are stored on a locally encrypted and password-protect hard drive on the
researcher's computer. Both local copies and iCloud copies are encrypted, and the file transfer to
the researcher's iCloud account uses end-to-end encryption of local and in-transit data.
iCloud drive for at least three years after the interviews are collected. The protected files are
accessible to the researcher using two-fact authentication technology to ensure added security.
personally identifiable information has been removed from the transcripts and replaced with
identification numbers (ID) 1-11 for identifiers after interviews were transcribed and validated
by the research participants. The participant ID list is kept in a separate password-protected file.
Personally, identifiable information and raw data from interviews are stored in a different
password-protected file. The data will be kept for three (3) years. The research transcript data
will be destroyed by deleting the files from the researcher's local hard drive and redundant copies
from the researcher's iCloud account. Audio recordings from the interviews will be kept until the
interviews have been recorded and validated by the research participants within three to six
months. The audio recordings will be destroyed by file deletion. The researcher will destroy
interview hard copy field notes by shredding them after three years from the research date. Field
notes collected; and electronic copies will be destroyed by file deletion. The researcher obtained
data access and permission from the Hospital that granted the researcher permission to conduct
76
The Data collection process
The data collection process was conducted using data triangulation from multiple sources
such as semi-structured interviews, document reviews, and observation. Data were primarily
The researcher used purposive sampling because purposive samples are intentionally used to
select participants and data that enrich the findings of a particular study (Marton, 2013). A
purposive sample is also known as judgment sampling where participants are deliberately chosen
due to their qualities and rich experiences (Etikan, 2016; Higginbottom, 2004). The purposive
sample, using a maximum variation sample (MVS) was used because, a purposive MVS allows
the researcher to select participants with a wide range of experience ( Etikan, 2016), using MVS
the researcher interviewed participants whose IT experiences ranged from 3 year in the company
to over thirty years in the organization. Research participants included IT service managers,
network engineers, firewall engineers, IT directors, and the Chief Technical Officer (CTO).
Using the MVS approach help the researcher gain greater insights into the research phenomenon.
The researcher worked with the Hospital's IT leadership to identify and handpick research
participants that were likely to contribute to the study's purpose. After the participants had been
identified, the researcher sent recruitment emails to the research participants. The recruitment
emails included a sample interview protocol and informed consent form attached in appendixes
A and B of this paper. After signing an informed consent form, the interviewees participated in a
30–45-minute interview. As per the university of phoenix IRB requirements, the researcher
obtained a signed Premises, Recruitment, and Name (PRN) use permission form document that
allowed the researcher to collect data at the Hospital's IT department in Western United States of
77
America. The recruitment process, interview, and observation process spanned ten months (May
13, 2020, through February 28, 2021). The interviews and observations were all scheduled for
January 2021 based on the participant's availability. The collection of documents for document
Although scheduled and conducted on separate days through January 2021, Interviews
and observations were conducted during the same period. The researcher reached a point of
saturation by the 9th interview participant. The researcher attended three IT CAB meetings to
observe the Hospital's governance body's IT governance process to approve and review network
operations-related changes made by the IT team. After the scheduled interviews and observation
sessions, the researcher performed a preliminary document review and downloaded documents
relevant to the research. Document collection was conducted as the last step in the data collection
process. The collected documents helped validate and collaborate interview participant's
perceptions of IT governance's effect on network operations. The sections below illustrate how
the researcher collected data using interviews, observation, and document reviews
Data were primarily collected using semi-structured interviews from a purposive sample
of 11 interview participants. A purposive sample was used because purposive samples are
intentionally used to select participants and data that enrich the findings of a particular study
(Marton, 2013). Using MVS the researcher interviewed participants whose IT experiences
ranged from 3 years in the company to over thirty years in the organization, research participants
included service management managers, network engineers, firewall engineers, IT directors and
the CTO. Using the MVS approached help the researcher gain greater insights into the research
78
phenomenon. Research participants included in this study were chosen because of their
The researcher worked with the IT leadership at the hospital to identify and handpick
research participants that were likely to contribute to the study's purpose. After the participants
had been identified, the researcher sent recruitment emails to the chosen research participants;
the recruitment emails included a sample interview protocol and informed consent form attached
in appendix A and B of this paper. Each research participant was requested to sign the informed
consent form before participating in the 30-45 minutes interviews. All interviews were
conducted in January 2021. The researcher reached a point of saturation by the 9th interview
participant. Although scheduled and conducted on separate days through the month of January
2021, interviews and observations were conducted during the same period. The researcher also
used Microsoft Teams as the communication tool of chose by the hospital to schedule and
conduct interview meetings. Interview meetings were double recorded using the researcher’s
iPhone application Voice Recorder and a handheld audio recorder. Audio data were uploaded to
Due to Covid-19 related restrictions and guidelines about social distancing, the researcher
conducted observations using Microsoft Teams. The researcher attended three IT CAB meetings
to observe the hospital's governance body responsible for approving and reviewing network
operations-related changes made by the IT team. The cab meetings observed were held in
January 2021. The specific CAB meetings observed were held on Jan 5th, Jan 12th, and Jan 25th.
The CAB meeting held on Jan 4th lasted for about 26 minutes; the CAB meeting held on Jan
12th lasted for about 32 minutes; the CAB meeting held on Jan 25th lasted for about 23 minutes.
79
Each CAB meeting discussed changes scheduled for the week and the possible impact the IT
changes on the network or IT environment could have on the hospital. The searcher audio
recorded the CAB Teams meetings that were later transcribed using an online tool otter.ai
The researcher conducted document reviews from the IT service management web portal,
where all IT governance policy documents and processes are stored. Document reviews were
conducted to validate and collaborate findings from interviews and observations about IT
governance's perceived realities by IT leaders and IT staff in the hospital's IT department. The
researcher searched the hospital's IT service management page using keywords such as IT
governance, asset management, change process, and service management. The search criteria
yielded IT governance documents such as: (a) IT service management definitions; (b) Change
Management Process for Standard Change; (c) Change Management Process for Normal
Change; (d) Change Management Process for Emergency; (e) Change Management Policy; (f)
Release Management Process; (g) Release Management Policy; (h) Service Level Management
Policy; (i) Service level management process; (j) Incident management process; (k)
management process; (n) Asset Management Policy; and (o) Service Level Management Policy.
The document review process occurred during February and March 2021. The ITG related
documents were downloaded and saved as word files; the word files were uploaded to
Demographics
The researcher interviewed 11 interview participants; except for one participant, all
research participants were white males over the age of 18, all interview participants voluntarily
80
participated in the interview process. The study participants included IT service managers,
network engineers, firewall engineers, IT directors, and the CTO in charge of hospital network
operations. Table 4.1 below shows the participant's demographics. The participant's names have
been anonymized using participant ID 1-11 to maintain the participant's privacy and anonymity.
Using a purposeful sample selection as the research design method allowed the researcher to
select sample participants that would accurately represent and talk about IT governance
practices.
Table 4.1
81
From the Table 4.1 above, the majority of participants were all male and white. All
interview participants were full time employees of the Hospital. No contractors were included in
this study.
Pilot Study
The researcher did not conduct a pilot study due to Covid 19 related restrictions that led
to limited access to the site and research participants. The researcher also had to accommodate
that the IT team members to be interviewed were under pressure to build new Covid 19 testing
sites and other Covid 19 related projects. Additionally, the researcher was advised by
management at the Hospital that the research participants did not have ample time to engage in a
preliminary pilot study and then the actual research. Therefore, the researcher relied on the three
methods of data inquiry for triangulation to improve the study finding’s credibility. As
previously mentioned in chapter three, triangulation compares several data types and sources:
peer debriefing, negative case analysis. Member checking of data sources was also used to show
the research's content validity. The researcher used document triangulation using sources such as
Data Analysis
Intensive formal data analysis began after the researcher collected and uploaded all the
data from interview transcripts, observation field notes, and IT governance documents, into a
computer-aided design and analysis software (CADAS) MAXQDA Analytics Pro 2020 for Mac
OS, release 20.3.0. The research data was uploaded to MAXQDA to create a case record and
database that made it easy to search on keywords during the coding process. The researcher
started the analysis process of interview transcripts, observation field notes, and IT governance
documents by reviewing, reading, re-reading, coding the data, and engaging in a constant
82
comparison process to generate categories and themes. The categories and themes generated
from the research data provided valuable insights and answers to the research questions.
Before uploading the transcripts to MAXQDA Analytics Pro 2020 for Mac OS, release
20.3.0, the researcher engaged in an audio transcription process. The researcher used an online
transcription software, otter.ai, to transcribe the interviews and observations from audio to text.
The research interview transcripts are only accessible to the researcher. After transcribing the
interviews and observation recordings, the researcher exported the transcribed text from otter.ai
to MAXQDA for coding and analysis. The researcher created a case study database of interview
transcripts, field notes recorded from observations, and IT governance documents. The records in
MAXQDA became the researcher's case record. The collected IT governance documents,
interviews, and observation transcripts were chronologically organized into folders to facilitate
easy access and retrieval. The researcher also uploaded the interview and observations audio
recordings to MAXQDA attached to the text transcripts to re-read during the coding and analysis
process. The following sub-sections illustrate the specific coding data analysis processes used for
each of the primary data collection instruments. In addition to the findings presented in Table
4.2, this section further illustrates the data analysis for the results collected from a sample of 11
IT employees using interviews, observation of change advisory meetings (CAB), and document
reviews. This section concludes with some of the research participants' rich descriptions from the
The researcher started the data analysis process by reviewing and re-reading the data,
coding the data, and engaging in constant comparison to generate codes, categories, and themes
from the data using MAXQDA. The researcher coded the data using several coding methods
83
such as open coding and NVivo coding methods, as shown in Table 4.2. The researcher used
first-level coding and the second-level coding technique to refine the raw first-level codes. The
researcher then used axial coding to correlate meaning from different principles. The researcher
coded keywords using temporary constructs. Finally, the researcher developed a list of the brief
first-order constructs and second-order constructs that summarized important categories into
Table 4.2
3. Enabling of IT processes
enterprise
5. IT agility
2. ITG bridges the gap between business operations and Technical operations alignment between the
84
Categories Emerging Themes
4. Makes sure changes do not pause any risk or harm to the patients risks
As illustrated in Table 4.2, the researcher determined how categories connect to the
themes using a constant comparison method. The coding, category generation, and theme
mapping process took several weeks using a combination of both MAXQDA Analytics Pro 2020
for Mac OS, release 20.3.0, and an online mind genius software to help with mapping and theme
virtualization. The researcher reviewed and compared interview findings, observations, and
85
document reviews to identify emerging themes through data triangulation. The emergent themes
will be discussed in the results section of this chapter. Figure 4.1 is a word cloud that illustrates
the codes used, categories, and emergent themes from the study:
Figure 4.1. The codes, categories and emergent themes of the study.
and five major themes emerged from the study, as shown in table 4.2 and summarized in table
4.3. Out of 532 codes generated from the data using the MAXQDA auto coding feature, open
86
coding, and axial coding. The researcher used app.mindgenius.com to map all the generated
codes into categories, as illustrated in figure 4.2. Table 4.3 shows the emergent types from the
case study. Table 4.3 illustrates the emergent themes from interviews
Table 4.3
Theme ID Theme
The ITG value creation process leads to IT
1
agility for the Hospital’s IT network operations.
ITG is used for strategic alignment between the
2 Hospital’s governance practices and IT Network
operations.
IT governance is used to measure performance of
3
IT Network operations.
IT governance is used as a configuration
4
management tool to manage IT assets.
ITG is used for risk management and risk
5
mitigation for IT related risks.
87
Figure 4.2. Showing a map of emergent categories and themes of the study
88
The visual map in figure 2 illustrates the final stages of data categorization and data
mapping process followed by the researcher to categorize the five emerging themes of IT
Data analysis started as soon as the first interview was collected; however, intense data
analysis was conducted in February 20201. The transcribed interviews were uploaded to
MAXQDA Analytics Pro 2020 for Mac OS, release 20.3.0. The researcher used MAXQDA as a
qualitative analysis tool to store, code, analyze, and drive themes from the collected research
data. Data in MAXQDA constituted the research case record. The case record was organized into
subfolders such as interviews, document review, and observation. Organizing the data in a
structured record enabled the researcher to access, review quickly, and analyze it.
the hospital through a process of continually hunting for themes and concepts that emerge from
the collected data. The researcher used a ground-up data analysis strategy to allow themes to
emerge from the data. Patterns and themes were allowed to emerge from the data guided by the
researcher's questions. The researcher also focused on examining and categorizing data. The
coded data consisted of interview transcripts. Through the coding process, raw data was
converted into meaningful and usable data by identifying themes, concepts, and ideas related to
each other. Because coding is a nonlinear, iterative, and reflective process, the researcher used an
interactive approach to code themes and sub-themes that emerged from the data from the
beginning of the interview data collection process to the end of the interview data collection
process. Interviews were analyzed for information about (a) How IT governance delivers value
to the Hospital; (b) How IT governance leads to strategic alignment of IT network operations to
89
the Hospital's goals and missions; (c) How IT governance leads to performance management of
network operations; (d) IT governance and IT resource management; and (e); IT governance and
risk management; (f) What IT governance means in an organizational context. Five main themes
emerged from the interview data analysis process. Details about the interview findings and
The researcher uploaded observation transcripts to MAXQDA for data categorization and
analysis for emerging themes. The observation allowed the researcher to learn about participant's
IT governance activities using Microsoft team. Similar to the interview data analysis process, the
researcher used a ground-up strategy to analyze the data for categories and themes emerging
from the data. The analysis process also used the constant comparison process to compare and
confirm categories and emergent themes between interviews, document review, and observation
transcripts. The observation findings were consistent with the hospital’s IT governance body's IT
policies and processes. Observation transcripts were analyzed for: (a) How IT governance
delivers value to the Hospital; (b) How IT governance leads to strategic alignment of IT network
operations to the Hospital's goals and missions; (c) How IT governance leads to performance
management of network operations; (d) IT governance and IT resource management; and (e); IT
governance and risk management; (f) What IT governance means in an organizational context.
Intense data analysis was conducted in February 2021. The main emerging themes from
Intense document reviews were conducted in February and March 2021. The researcher
conducted document review analysis extracted from the IT service management documents
90
found on the Hospital’s IT service management portal in addition to interview and observation
data analysis. The researcher uploaded all collected data governance documents such as: (a) IT
service management definitions; (b) Change Management Process for Standard Change; (c)
Change Management Process for Normal Change; (d) Change Management Process for
Emergency; (e) Change Management Policy; (f) Release Management Process; (g) Release
Management Policy; (h) Service Level Management Policy; (i) Service level management
process; (j) Incident management process; (k) Configuration management polity (l) change
management process; (m) Configuration management process; (n) Asset Management Policy;
and (o) Service Level Management Policy to MAXQDA. The researcher reviewed IT
governance supporting documents for patterns and themes that emerged about how: (a) How IT
governance delivers value to the Hospital; (b) How IT governance leads to strategic alignment of
IT network operations to the Hospital's goals and missions; (c) How IT governance leads to
management; and (e); IT governance and risk management; (f) What IT governance means in an
organizational context. The emerging themes from the document review were consistent with the
findings from interviews and observation. Details about the document review findings and
Results
The interview questions asked allowed the participants to explain how they perceived the
phenomenon of IT governance at the Hospital in their own words. As illustrated in table 4.3, the
five major emerging themes were: (a) The ITG value creation process leads to IT agility for the
Hospital's IT network operations; (b) ITG is used for strategic alignment between the Hospital's
governance practices and IT Network operations; (c) IT governance is used to measure the
91
performance of IT Network operations; (d) IT governance is used as a configuration
management tool to manage IT assets; (e) ITG is used for risk management and risk mitigation
for IT-related risks. The rest of this chapter delves into relevant interview participant findings,
observations, and document review. Figure 4.3 shows the emergent themes generated using
MAXQDA. The emergent themes generated from interviews, observations, and document
review analysis.
This section shows the relevant results that emerged from interview participants,
document observations, and document reviews. The relevant results presented in this section
follow the structure of the research questions that guided the study.
This question was asked to elicit Network Operations engineer's and leaders' perceptions
about how ITG delivers value through the Hospital's network operations Team.
92
Although there were some opposing views about the effects of IT governance at the
Hospital, many interview participants seemed to suggest that IT governance provides room for
an effective response to business needs by enabling and supporting effective IT process, provide
network operations visibility to the business, provide stability and rigor to IT operations,
prioritization of actives and funding of business operations across the enterprise. Overall, IT
governance leads to stability. The participant responses below illustrate some of the opposing
views about IT governance expressed by the participants. Some of the opposing views came
Participants 2 observed that some departments are very resistant to change. As a result,
the ITG change approval process sometimes impedes progress and leads to constant negotiation
with stakeholders before changes can be performed on the network. The ongoing negotiation is
usually because different departments experience different impacts depending on the magnitude
of the change; thus, some departments are more resistant to a network change than others.
Participant 9 seemed to agree with participant 2 by saying that some changes may need to be
scheduled for a later date depending on what is going on in the Hospital's critical units. The risk
benefits analysis drives the change approval process. Assessing all risks before network changes
Contrary to the views expressed by participants 2 and 9, that suggests that IT could
impede progress or become a roadblock to IT agility, participants 2,4, 9, and 10 argued that ITG
enables IT processes and clears roadblocks that prevent IT operations from being successful and
agile. Participant 4 emphatically stated that IT governance enables IT and could not think of a
clears road blocks and provides finding needed to invest in the continuous improvement of IT
93
services at the hospital. Participant 2 agreed with participant 4 by stating that IT governance
brings value to the hospital by vetting reviewing network changes that could negatively affect
patient care. The goal of network operations is to have constant uptime or near uptime.
Additionally, participant 9 suggested that IT governance helps the network team focus and
prioritize the most critical activities to meet the hospital's goals and mission. Furthermore,
participant 10 noted that the network team understands why there are strict guidelines for
network changes and that the network team feels supported by the IT governance and leadership
team.
Participant 1 noted that IT governance brings visibility to the change process. The change
process is used to track network changes to minimize downtime that could impact patient care.
Participants 1 and 6 further noted that the ITG process at the hospital provides stability and rigor
by regulating modifications on the network to reduce the impact on the Hospital. Participant 11's
observations helped to bridge the gap between the opposing and supporting views of IT
helps network engineers to implement improved products and services. Participant 4 maintained
IT agility is still possible with the Hospital's current IT governance practices. IT agility is
achieved by understanding the Hospital's strategic needs and devising plans to implement the
Participants 7, 8, and 9 made observations about the value of a service catalog in the ITG
process. All service in the IT service catalog depends on the network. Participants 7 and 8 noted
that service level agreements are used to make the customers happy. Participant 3 summed up the
role that ITG plays to deliver value by saying that the network team is the Internet Service
94
Provider (ISP) of the Hospital and a partner in providing all critical network services needed for
As illustrated in this section, despite some opposing views about the effect IT
governance has on the Hospital, IT leadership and IT teams feel like the IT governance process
in place is a strong relationship with the Hospital's leadership, the strong IT governance
relationship with the Hospital allows the network operations team to operate effectively and
The interview participant responses about how ITG seeks to create value are consistent
with the researcher's findings in the CAB meetings attended by the researcher; many CAB
members asked questions that sought to understand the value that the network's changes were
adding to the business. As an example, in the CAB meeting conducted on Jan 25th, 2021. CAB
members discussed the value of upgrading network devices and applications to the latest
releases. The CAB's Vetting process is a value creation process that ensures that all changes add
that service level management policies are used to manage the quality of services offered by IT
network operations to the Hospital. For example, the service level management policy states that
"Service Level Management (SLM) establishes service targets, monitors to ensure targets are
met, and ensures that current and future IT services are delivered at agreed levels. (Service Level
Management Policy)". The change management process is used to ensure standard changes are
preapproved by the CAB; normal and emergency changes also require approval by the CAB. In
95
addition to change management and service level management. ITG documents also illustrated
the service release management process followed by the hospital. IT service release management
is another value creation process played by ITG at the hospital2. The following section reviews
Many of the interview participants suggested that ITG creates a strong link with the
Hospital through strategic alignment, stability, and rigor. The Hospital's IT network operations
are run with the Hospital's strategic goals and mission in mind. Participants also noted that ITG
is used to improve decision-making, defining the IT department's vision and defining the IT
strategy for all IT operations aligned with the Hospital's goals and interests. Participants 1, 4, 8,
10, and 11 noted that IT governance is credited for offering perspective, stability, rigor,
performance management, and risk management. Participant 9 indicated that ITG is used to
maintaining the stability of network operations. Participant 1 postulated that the Hospital's ITG
processes provide stability and rigor by regulating activities such as network changes to reduce
the Hospital's impact resulting from network change. Participant 11 attributed IT success to the
vision, strategy, and IT process, and best practices implemented to the network the IT
Participant 8 affirmed that having a strong governance group is critical for IT network
4, 5, 8, and 11, IGT leaders at the Hospital, such as the CTO provide an organizational structure
standard across IT organization consistent with the IT needs of the hospital. Participant 2 noted
96
that IT governance is used to set out the ground rules for IT operations. As an example, it is
through ITG that changes on the network are approved. Such processes help to safeguard
patients who are a majority of end-users of IT services at the Hospital. The Hospital can deliver
through strategic planning and gap analysis. The IT department aligns with the Hospital's
strategic goals and missions by identifying the goals and objectives needed to achieve as an IT
group to meet the organizational strategy, goals, and objectives. After conducting a gap analysis
to determine the IT organization's current and future desired state. The IT department focuses on
what needs to be done through IT projects and tasks to attain the Hospital's future desired state.
and the hospitals' leadership goals and missions. Such a relationship helps IT network operations
relationship between IT network operations and the hospital governance groups has led to a very
stable network that produces reliable IT services for the organization. The strong relationship
between IT and business is achieved by the right decision-making processes such as funding and
implementing reliable IT architecture to support the hospitals growing needs and changing
network that produces great value for the organization." Participant 6 indicated that IT
governance is the tool that helps the network team, such as network engineers, to understand the
Although some participants such as participant 3 suggested that Network operations are
removed from the direction and vision of the organization and that at operational level, they did
97
not see any alignment between their daily operations and IT governance as network engineers.
Most participants believe that ITG strikes a pretty good balance between control and allowing
network engineer autonomy. As an example, participant 7 noted that they did not feel like IT
governance was overly restrictive. Instead, ITG was used at the Hospital for a known purpose.
As pointed out by participant 4 noted, the sole purpose of IT governance at the Hospital was to
One of the critical discussions observed was about the issue of license compliance. One
of the changes presented in CAB of Jan 12th, 2021, was removing some Java application
installations from the IT environment for compliance purposes. Here is what one CAB member
stated “So this is basically, as a result of Oracle's licensing. We need to remove all of our Java
instances from our environment so that we could be in compliance since we're not purchasing
your licensing. And if users need a Java solution, they can just go to our software portal to
download Amazon Zeto”. The ITG observation about release management of licenses is
consistent with the finding from interview participants about the hospital’s need to run IT
network operations with the hospital's strategic goals and mission in mind.
The service management policy and change management policies state that compliance
with regulatory requirements should be followed when applicable, especially in instances that
include the Health Insurance Portability and Accountability Act (HIPAA). The service
management policy further states that “Audits should be conducted to assess whether SLAs and
OLAs have been created and are being maintained in compliance with policies and procedures
and ensure that relevant measuring and reporting are being provided to determine if agreed
98
service levels are being met”. IT governance policies, therefore, seek to align IT activities with
federal regulations such as HIPAA. ITG policies such as the incident management policy are
used to record and manage incidents on the network. Incidents are managed with the goal of
minimizing the impact on the network and quickly restore services that the hospital depends on
for operations. The next section looks at performance measures as a tool for IT governance.
This question was asked to explore Network Operations engineers and IT leadership
perceptions about how ITG manages performance operations for IT network operations.
Performance measure at the Hospital is based on activities that have to take place
between the current and future states of the organization. The activities between the current and
future states have to demonstrate progress to the desired future state. Participant 4 noted that
performing a gap analysis also helps the organizations determine the organization's current state
and where the organization wants to be. Participant 4 further stated that it is through the gap
analysis process that the organization defines how the future desired state is to be achieved.
Performance measure demonstrates how progress is achieved along the path to the future state.
performance management at the operational level using key performance indicators such as
network health. Network health is measure using tools and dashboards to report on the network's
activities. Participant 1 noted that other performance indicators include monitoring network
utilization statistics, incident ticket resolution times, and problem tickets. As part of a
performance measure, participant 8 observed that they measure such activities as incident
management, mean time to repair rate, customer satisfaction rates, and much more. The network
99
operations team monitors network utilization on network links. Measuring network utilizations is
used to understand the utilization of the network environment better. Performance measures
such as network utilization statistics are used to inform IT decision-makers about where
participant 1 noted that ongoing governance of (a) monitoring data, (b) logging data, (c)
monitoring trouble tickets, and (d) user performance concerns; through the ticketing system
provide performance data influential to spending decisions. Significant spending decisions may
A common observation noted by participants 1 and 8 is that knowing how the network is
used is one example that ITG uses to measure performance and determine architectural and
operational changes. Using data from the network, the IT team can quantify the increase in the
use of some core services and the need for additional resources such as hiring more full-time
Project management and asset management are also used as performance indicators.
Participant 9 noted that the project management team is used to manage and report on large
network projects. Project management reports such as project completion rates are used to
measure IT performance. For example, a high and successful project completion rate is viewed
as a good performance indicator. Another performance indicator used by the ITG at the Hospital
is asset management using the configuration management database (CMDB). Although there are
several CMDB used at the Hospital, participant 2 noted that asset management using the CMDB
Furthermore, as noted by participants 1, 10, and 11, service level management is also
used as a performance management tool. It was noted that the IT department has service level
100
agreements (SLAs) with some departments that heavily depend on IT for business operations.
Participant 7 mentioned that service level agreements are used to make sure the customers are
happy.
advisory meetings attended by the researcher did not address IT governance performance
measures. Therefore, there are no key findings about IT performance that the researcher can
report on.
establishes service targets, monitors to ensure targets are met, and ensures that current and future
IT services are delivered at agreed levels (Service Level Management Policy)”. The service
management process is also used to measure performance based on defined and existing Service
Levels Agreements (SLAs) and Operational Level Agreements (OLAs) agreements (SLA). All
network services have measurable service targets outlined in the SLA. All IT services including
network related services are audited annually for relevance. Services that do not meet agreed
upon SLA develop Service improvement Plans (SIP) with the customer. SIPs are used for
continued service improvement. The next section reviews IT governance as a tool for resource
management.
management?
101
SQ 4: Relevant results from interview data analysis
determine why somebody has a device such as a laptop and know why somebody requested a
laptop and what kind of data resides on that laptop. Asset management is also used as an IT
governance tool to allocate IT assets in a way that is consistent with the Hospitals goals and
missions. Consistent with the responsibility of ITG, managing how resources are deployed and
why they are delayed, participant 11 further suggested that ITG also looks at the aspect of
translating the cost-effectiveness of IT services, such as making sure the organization has just the
right IT resources and solutions for the Hospital's needs. For example, participant 4 observed that
the ITG leadership team is constantly measuring how network resources such as bandwidth are
utilized and reviewing the network architecture to meet the Hospital's high-level needs.
Participants 1 and 11 noted that Asset Management is used for monitoring and managing
information about items that must be tracked because of financial or regulatory requirements.
Participant 1 further noted that the Hospital has an asset manager. The asset manager is
responsible for managing the asset management life cycle of all assets at the Hospital. However,
Participant 4 noted that assets or resource management is delegated to IT operations, and it is not
usually an aspect that IT governance is concerned with. Participant 4 further pointed out that the
only time ITG focuses on asset management is when there is a need for a significant strategic
change that could impact the organization. Asset management was generally viewed as an
operational issue as the ITG leadership team rarely discusses asset management issues. Effective
IT resource management starts with the vendor's adequate vetting to select the best and most
reliable solution. Selecting the most cost-effective and reliable solutions translates into an
excellent end-user experience at the Hospital; as noted by participant 2, the Hospital uses an RFP
102
process to procure new IT services. Participant 2 further noted that the RFP process is utilized to
ensure that money is well spent and not wasted by getting the best IT services.
asset management. Under the umbrella of ITG, IT leaders seek to establish a return on
investment for new deployments. Furthermore, participant 3 observed that asset management is
the tool used to keep information on purchase dates and replacement costs of assets. Effective
resource management helps the IT Network operations team to manage their asset's life cycle
The hospital's IT CAB meetings confirmed interview participant's perceptions that the
change advisory body (CAB) is responsible for controlling changes that affect IT operations.
Therefore, the CAB provides an oversight role as stewards to changes made on all IT assets. The
role of controlling changes made on IT assets is a critical role for risk management further
Document reviews revealed that the CMDB is used for both performance management
and asset management. Using a CMDB is one of the ways the hospital manages IT resources and
assets. The Configuration management process states that configuration management is used to
identify and manage information about configuration items or significant IT service items. In the
document review of the configuration management policy, the policy further states that "The
Hospital uses a Service Asset and configuration management (SACM) process to manage assets
(SACM) process. Furthermore, the configuration management policy states that the CMDB's role
103
is tracking information about items considered significant In-service delivery and may include
asset information. Participant views were consistent with the existing policy and processes about
asset management using the CMDB. The last and final section of this chapter is findings of how
management?
Participant 7 noted that risk management is one of IT governance's core functions and
one function that IT governance does best. The sole purpose of IT governance at the Hospital is
to manage and mitigate network change-related risks that could negatively affect patient care.
Participant 7’s observation is consistent with the Hospital's change management policy that
states that change Management's objective is to control changes that affect the Hospital's
operations logically and methodically to reduce adverse risks and maintain a stable environment.
Participant 7 further noted that the higher the risk level paused by a proposed network change,
Participant 1 noted that all network improvement project initiatives must consider the
risks that network changes are likely to pause to patients. Participant 1 further stated that new IT
solutions are set to ensure that the defined IT security measures are followed. Participant 1 also
noted that when deploying critical hospital applications, the solution architects ensure
appropriate redundancy and disaster recovery is built into the new solutions.
Participant 11 observed that IT governance is used to vet new ideas and changes that
require changing the direction of services offered through architecture committees and the
change control process. New services are vetted to understand why a given solution needs to be
104
implemented. Changes with significant impacts to the Hospital are evaluated against the overall
organizational strategy, such as network security. Participant 2 stressed that all new systems
observed a risk group within the security team responsible for vetting all new systems' safety.
Furthermore, as suggested by participant 6, ITG encourages industry best practices such as ITIL
and enforcement of the security team's policies to mitigate and manage risks.
also responsible for Risk management at a strategic level. Participant 4 noted that risk
patient safety. IT practitioners at the Hospital seek to minimize IT operations' impact on patient
care, as was emphasized by participant 10. Participant 10 further noted. The whole objective of
the change advisory body is to manage or mitigate risks to hospital operations. Therefore, the
change advisory body (CAB) asked questions about the risk level or a specific change during
CAB meetings. The researcher validated the risk management and risk validation process during
the three CAB meetings observed during the data collection process.
Although there are strategic risks and compliance initiatives, as noted by participant 8,
the Hospital's IT department tends to be reactionary to security risks and events. Participant 8
further indicated that Hospital's IT governance and security management team should be
proactive in mitigating security events. Participant 8 also noted that one of the reasons why the
Hospital ends up in a reactionary mode is due to the funding model. Many strategic initiatives
already have funding allocated, whereas unplanned security does not have funds allocated.
However, Participant 4 noted that the hospital has a risk management insurance policy.
105
SQ 5: Relevant results from observation data analysis
The researcher observed that risk management and risk mitigation is all that the change
advisory body (CAB) does. Risk management is performed by regulating preapproving standard
changes, reviewing, and approving normal and emergency changes. This observation is
consistent with the views of research participants about the hospital's risk management process.
Existing documents about the hospital's change management processes also confirm the role of
All change management documents reviewed revealed that one of the change
management processes’ roles is to mitigate risks by providing oversight over network operations
changes. For example, the emergency change management policy states that the objective of
change management is to control changes that affect the hospital's operations. CAB follows
change and service management policies and processes to provides oversight for change
Management by reviewing and approving changes that could impact the health of the network
Chapter Summary
This Chapter explained the inductive analytical process used to code, develop categories,
and emerging themes. Furthermore, Chapter 4 presented the data collection process with sections
such as the informed consent, discussion of the data analysis phases, research participant
demographics. Chapter 4 presented a detailed data analysis method used to analyze data from
interviews, observation and document review. Finally, chapter 5 presented the results of the data
analysis process. Chapter 5 presents the Conclusions and Recommendations based on the five
106
Chapter 5
Organizations can survive through the 21st century by adopting processes of constant
2017). Research suggests that Information Technology Governance (ITG) ranks as one of the top
al., 2020). Just like good corporate governance leads to corporate success, so too good IT
governance leads to organizational success (Jeanne & Peter, 2004). Organizations that have
effective IT governance reported 20% more profitable bottom lines than organizations that do not
have IT governance (Weill & Ross, 2005). Organizations have an incentive to effectively run IT
operations because many organizations depend on IT for value creation and business success.
Decision-makers at the board level of an organization are faced with the need to make
sound IT-related decisions (Huygh & De Haes, 2019). Companies cannot remain innovative and
innovation and for maintaining a competitive advantage. Organizational practices and skills are
needed to manage an organizations IT assets and operations. The achievement of business values
heavily depends on IT governance (Huygh & De Haes, 2019). Using corporate governance
bodies such as IT governance, effective IT operations can be well managed (Van Grembergen,
mechanisms that enable IT and business to succeed (Huygh & De Haes, 2019). Caluwe and De
Haes (2019) further noted that IT governance is used for integrating IT strategy with an
organizational system to minimize enterprise IT-related risks and optimize IT investments. The
107
ever-increasing dependence of hospitals on IT calls for the effective management of IT assets in
hospital environments IT governance is used in hospitals to cut costs and offer innovative
This exploratory qualitative single case study sought to understand essential network
hospital network operations. The study also explored IT governance's perceived impact on
network operations at a Hospital in the Western United States of America. This study (a)
administrators, and other hospital stakeholders about the significant contributions that IT
governance could have on hospital network operations. (b) The research findings also contribute
implement IT governance as a way to improve the alignment of network operations with the
strategic, goals, and missions of the hospital. This chapter describes the analysis process and the
Research Questions
The main research question was “What is the relationship between IT governance and
hospital network operations?” based on the literature review, five sub-research questions were
developed and asked to help the researcher understand the effects of ITG on network operations
at a hospital in the Western United States of America. The following sub-questions were used to
SQ 2: How is IT governance of network operations used for strategic alignment to the Hospital's
108
SQ 3: How is IT governance of network operations used for performance management?
management?
SQ 5: How is IT governance of network operations at the Hospital used for risk management?
This chapter builds on the first three chapters, the introduction, literature review, and
methods used to collect the data to analyze and present the findings. Chapter 4 also serve as a
transitionary chapter to the findings and conclusions in chapter 5. This chapter presents an
inductive analytical process used to code, develop categories, and emerging themes.
Furthermore, this chapter presents the data collection process with sections such as the informed
consent, discussion of the data analysis phases, research participant demographics, the data
Discussion of Findings
The findings in this section are drawn from the 11 reach participant responses,
observation of 3 change advisory board (CAB) meetings, and document review of documents
retrieved from the hospital's IT service management page. The findings illustrate the perceived
America. The interview participants were IT service management managers, network engineers,
firewall engineers, IT directors and the Chief Information Technology Officer (CTO). Semi-
structured interviews were used to collect participant responses. Additionally, the researcher
used document reviews and observation to validate the interview findings. Research participant
The intense data analysis process started after the research data were uploaded to
MAXQDA Analytics Pro 2020 for Mac OS, release 20.3.0. Data was uploaded to MAXQDA to
109
create a case record and database that made it easy to search on keywords during the coding
process. The researcher started the analysis process by reviewing, reading, re-reading, coding the
data, and engaging in a constant comparison process to generate categories and themes from
interview transcripts, observation transcripts, and IT governance process and policy documents.
The categories and themes generated from the research data provided valuable insights and
answers to the research question. The data findings in chapter 4 were used to draw conclusions
and recommendations by comparing and contrasting the study results to the existing literature.
Conclusions and recommendations will be drawn from the emerging five emerging themes of
1. The ITG value creation process leads to IT agility for the hospital's IT network
operations.
2. ITG is used for strategic alignment between the hospital's governance practices and IT
Network operations.
5. ITG is used for risk management and risk mitigation for IT-related risks.
The next section presents the implications for each of the five-sub research question
asked and the emerging themes from each of five research questions from the 11 participants.
Table 5.1 shows the relationship between the five emerging research sub-questions and the
110
Table 5.1
R1. How is IT governance of network The ITG value creation process leads to
operations used to deliver value to the IT agility for the Hospital’s IT network
hospital? operations.
operations at the Hospital used for resource IT governance is used to manage IT assets
operations at the Hospital used for risk ITG is used for risk management and risk
Most findings in this study were consistent with the findings in the literature. The section
below will compare and contrast the study findings with existing current literature on the effects
of IT governance in organizations.
111
Comparing and contrasting study findings with existing literature.
Theme 1. The ITG value creation process leads to IT agility for the hospital's IT network
operations. Most participants seemed to agree that IT governance creates value to the business
through the IT department's services. Vidmar et al. ( 2021) suggested that policymakers can use
innovation. In most organizations, the IT department constitutes one of the most significant
portions of most firm investments. IT departments are increasingly the critical driver for strategic
initiatives in organizations. Therefore, there is a growing need for many businesses to see a
The value creation process is mainly attributable to best practices such as IT service
management (ITSM) as a tool to effectively deliver IT services (Winkler & Wulf, 2019).
methods that use flattened organizational structures, smooth information flow, effective team
management for decision making, devolution of authority, and using participative management
styles, among others (Couto et al., 2015). The emergent findings from theme 1 about the role of
IT governance of network operations at the hospital in the value creation process are consistent
Theme 2. The IT governance process is used for strategic alignment between the
hospital's governance practices and IT Network operations. Many participants suggested that
there is a strong relationship between IT governance and the business. Research shows that IT
112
alignment with business is critical for the decision-making process and the efficient
the IT organizations' alignment with the business leads to business success (Chau et al., 2020).
Patterson (2020) observed that it is almost impossible to separate business and IT strategies
only create value if aligned with the business strategy. New initiatives at the Hospital are
reviewed and approved by the ITG leadership team, as noted by research participant 1.
Participant 4 indicated that IT governance clears any roadblocks that may impede IT success. As
a foundation for IT architecture, the IT department at the hospital designs solutions that serve the
hospital's needs.
Network operations. Theme 3 is consistent with research findings that show that firms with
effective IT project governance and project success or completion rate exists (Sirisomboonsuk et
al., 2018). Project completion rates are one of the key performance indicators of the efficient use
profitability, cost reduction, and the ability to enhance the organization's competitive advantage
to optimize business workflows. Optimizing business work follows could result in maximizing
business benefits (Dumitriu & Popescu, 2020). Consequently, performance measures should be
113
Theme 4. IT governance is used to manage IT assets using configuration management
tools. Many IT network operational failures are attributable to poor asset management; IT
failures that compromise IT assets' functional integrity and availability tend to be harmful to a
firm because such failures may compromise the confidentially of a firm's data assets (Langer,
2017). One of the relationships between IT governance and corporate governance is exercising
good stewardship through effective asset management (Juiz et al., 2015). Information technology
al., 2018). Furthermore, IT resources at the hospital are managed using the configuration
management database. Consistent with the role of ITG in asset management as noted by
(Gërvalla et al., 2018; Langer, 2017; Juiz et al., 2015), several research participants pointed out
despite the existence of several configuration management data bases (CMDB), asset
management using CMDBs was a key component of IT service management at the Hospital.
Theme 5. Information technology governance is used for risk management and risk
mitigation for IT-related risks. Many participants suggested that risk management is the primary
goal of IT governance. Theme 5 is consistent with existing literature that suggests that IT
governance is used as a tool to manage both IT-related operational risks and business-related
risks as firms continue to face IT-related operational risks (Rubino et al., 2017). Additionally,
internal control of IT operations is the foundation of IT governance. Managers use ITG as a tool
to manage risks effectively and as a tool to manage internal business controls (Rubino et al.,
many organizations such as hospitals. Vincent et al. (2017) noted that IT risk management's
maturity is higher when the CIO reports to the CEO. Additionally, IT risk management practices
maturity mediates the relationship between IT governance and IT risk management practices
114
(Edirisinghe Vincent & Pinsker, 2020). IT-related risks can be managed and mitigated by raising
awareness among IT managers about IT-related risks (Edirisinghe Vincent & Pinsker, 2020).
Limitations
The first limitation is that this study was a qualitative single case study and the findings
are limited to one major hospital in the Western United States of America. Generalizing the
conclusions from this study might be hard to apply in other hospital environments. The second
limitation was that study was conducted during the Covid 19 pandemic. Due to health experts
and government-mandated restrictions, the researcher could not interact with research
participants in a face-to-face interview process. The third limitations is that although most
research participants in the purposive sample were conversant with IT governance practices at
the hospital, some of the participants were not well-versed in how IT governance is implemented
and how their day-to-day efforts align with the Hospital's goals and missions through IT
governance. Participants that were not conversant with the IT governance practices could not
This section includes recommendations for each of the five emerging themes.
Theme 1 recommendation. The ITG value creation process leads to IT agility for the
enabler of IT services and a strong partner with the business, a few participants suggested that
they sometimes viewed ITG as a roadblock that could impede the IT departments' agility or did
not see IT governance's role in their day-to-day operations. The recommendation is that CTO and
the IT governance group train or retrain the IT operations team about the benefits of IT
governance and how their roles contribute to the value creation and value delivery of IT services
115
to the Hospital. IT leadership at the Hospital could provide all IT network operations employees
with IT best practice training such as Information Technology Infrastructure Library version 4
(ITILV4) and Control Objectives for Information and Related Technology version 5 (COBIT 5).
Such training would provide IT network operations employees with a holistic view of the role of
alignment between the hospital's governance practices and IT Network operations. Similar to the
observations made in theme 1, many employees expressed their appreciation for IT governance
and IT governance's role in aligning IT operations with the business. However, some employees
had a hard time seeing the alignment and benefits of aligning IT network operations to the
Hospital's strategic goals and missions. Similar to the recommendations noted in theme 1,
retaining the employees and constantly communicating with employees about the role and value
of network operations alignment to the organization's business goals will help improve the
performance of IT Network operations. Almost all participants did not seem to articulate how
ITG is used for performance management. The lack of clear performance measures may result in
poor execution of the IT delivery process. It could impact the quality of services delivered by the
network operations team to the Hospital. The researcher recommends that the hospital
tool used to measure how the IT department aligns and focuses its people on the organizations'
strategic goals. The BSC helps an organization view the organization's performance from both a
financial and non-financial perspective (Lawrence & Gratton, 2016). The balanced scorecard can
116
also be used to measure structure, cost, productivity, and quality of IT operations (Valchkov &
Valchkova, 2018).
configuration management tools. Some key participants noted that assets or resource
concerned with. Some participants further noted that ITG is strictly focused on IT strategy.
However, the literature on IT governance suggests that One of the relationships between IT
governance and corporate governance is exercising good stewardship through effective asset
management (Juiz et al., 2015). IT governance supports a business by identifying and managing
the IT governance team is that more time and resources are dedicated to the stewardship and
management and risk mitigation for IT-related risks. Despite the existence of strategic risk and
compliance initiatives at the hospital, some participants noted that the hospital's IT department
tends to be reactionary to security risks and events. Yet, the hospital should be proactive when it
comes to mitigating security events. The hospital's reactionary stance on IT risks was attributed
to a lack of budget to deal with security events as they occur. As observed by Selig (2016), one
of the responsibilities is that ITG is responsible for managing risks and contingencies
from security incidents. The researcher recommends that the hospital's strategic leadership team
117
ensures that cybersecurity efforts are well funded to respond to emerging information security
risks proactively. Table 5.2 presents a summary of the emerging themes and recommendations.
Table 5.2
Hospital.
ITG is used for risk management and risk The hospital's strategic leadership team
mitigation for IT related risks. ensures that cybersecurity efforts are well
118
funded to respond to emerging
Since this study was a single exploratory case study, future studies may conduct a multi
case study. A multi case study may be conducted to include other hospitals to help validate the
external validity of this research findings. The findings in this study may further be explored by
3. An action research method to develop specific actions that should be implemented for
Chapter Summary
Chapter five presented the study's conclusions and recommendations based on the
researcher's findings from chapter 5. The key conclusions based on the study's emergent themes
were: (a) The ITG value creation process leads to IT agility for the Hospital's IT network
operations; (b) ITG is used for strategic alignment between the Hospital's governance practices
and IT Network operations; (c) IT governance is used to measure the performance of IT Network
tools, and (c) ITG is used for risk management and risk mitigation for IT related risks. The five
119
key recommendations are: (a) Training and retraining employees in IT best practices such as
COBIT 5 and ITIL V5 to raise awareness about the ITG value delivery process; (b) Constant
communications about ITG, training and retraining employees in IT best practices such as
COBIT 5 and ITIL V5 will help improve the perception of IT governance and IT governance at
the Hospital; (c) Implement a balanced scorecard (BSC) as a performance management tool; (d)
ITG should dedicate more time and resources to the stewardship and accountability of IT assets
at the Hospital; and (e) The Hospital's strategic leadership team ensures that cybersecurity efforts
A previously noted, the findings in this study may further be explored by using other
3. An action research method to develop specific actions that should be implemented for
Further exploration could be dedicated to developing training modules that can help
improve IT governance alignment with the Hospital's goals and objectives. Additionally, further
research could be conducted using a mixed-method approach with multiple cases. The findings
for the study can help improve the applicability of the study findings to a larger environment.
The study contributed to the body of knowledge that effective IT governance leads to (a)
an improved ITG value creation process. An improved value creation process leads to IT agility
120
for the Hospital's IT network operations; (b) ITG plays a critical role in the strategic alignment
between the Hospital's governance practices and IT Network operations; (c) IT governance can
manage IT assets using a configuration management tools, and (e) ITG is used for risk
The practical application of IT governance best practices such as COBIT and ITIL will
enable the hospital's IT network operations to improve IT services continuously. The Hospital's
operations service delivery using a balanced scorecard. Additionally, the Hospital IT leadership
team will need to continually communicate what they are doing to the IT team to raise awareness
and alignment of IT network operations alignment with the hospital's goals and missions.
Finally, the researcher recommends that the hospital's IT department implement the COBIT
maturity level.
121
References
Abu-Khadra, H. A., Chan, J. O., & Pavelka, D. D. (2012). Communications of the IIMA
http://scholarworks.lib.csusb.edu/ciima%0Ahttp://scholarworks.lib.csusb.edu/ciima/vol12/is
s2/6
Ahmad, N., Amer, N. T., Qutaifan, F., & Alhilali, A. (2013a). Technology adoption model and a
Ahmad, N., Amer, N. T., Qutaifan, F., & Alhilali, A. (2013b). Technology adoption model and a
Ako-Nai, A., & Singh, A. M. (2019). Information technology governance framework for
12. https://doi.org/10.4102/sajim.v21i1.1010
Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: An
https://doi.org/10.1007/s10796-009-9183-y
Alpi, K. M., & Evans, J. J. (2019). Distinguishing case study as a research method from case
reports as a publication type. Journal of the Medical Library Association, 107(1), 1–5.
https://doi.org/10.5195/jmla.2019.615
122
Altemimi, M. A. H., & Mohamad Shanudin, Z. (2015). IT Governance Landscape: Toward
https://doi.org/10.19085/journal.sijbpg021102
Amu, H., & Nyarko, S. H. (2019). Satisfaction with Maternal Healthcare Services in the Ketu
2019. https://doi.org/10.1155/2019/2516469
Asgarkhani, M., Cater-Steel, A., Toleman, M., & Ally, M. (2017). Failed IT projects: Is poor IT
Barusch, A., Gringeri, C., & George, M. (2011a). Rigor in qualitative social work research: A
review of strategies used in published articles. Social Work Research, 35(1), 11–19.
https://doi.org/10.1093/swr/35.1.11
Barusch, A., Gringeri, C., & George, M. (2011b). Rigor in qualitative social work research: A
review of strategies used in published articles. Social Work Research, 35(1), 11–19.
https://doi.org/10.1093/swr/35.1.11
Baxter Pamela, & Jack, S. (1990). Qualitative case study methodology: study design and
https://nsuworks.nova.edu/tqr/vol13/iss4/2
BUSINESS AND IT MANAGERS. Journal of Military and Strategic Studies, 17(4), 1–20.
123
Bendickson, J., Muldoon, J., Liguori, E. W., & Davis, P. E. (2016). Agency theory: background
https://doi.org/10.1108/JMH-06-2016-0028
Benz, M., & Chatterjee, D. (2020). Calculated risk? A cybersecurity evaluation tool for SMEs.
Best, A., Berland, A., Greenhalgh, T., Bourgeault, I. L., Saul, J. E., & Barker, B. (2018).
Networks as systems: A case study of the World Health Organisation’s Global Health
https://doi.org/10.1108/JHOM-06-2017-0129
Bhatta, T. P. (2018). Case Study Research, Philosophical Position and Theory Building: A
https://doi.org/10.3126/dsaj.v12i0.22182
Blumenthal, D. (2010). Guiding the health information technology agenda. Interviewed by David
Boddy, C. R. (2016). Sample size for qualitative research. Qualitative Market Research, 19(4),
426–432. https://doi.org/10.1108/QMR-06-2016-0053
Bowen, P. L., Cheung, M. Y. D., & Rohde, F. H. (2007). Enhancing IT governance practices: A
124
Bradley, R. V., Byrd, T. A., Pridmore, J. L., Thrasher, E., Pratt, R. M. E., & Mbarika, V. W. A.
https://doi.org/10.1057/jit.2012.3
Brewer, E. W., Torrisi-Steele, G., & Wang, V. X. (2015). Survey Research. International
https://doi.org/10.4018/IJAVET.2015100106
Brown, A. E., & Grant, G. G. (2005). Framing the Frameworks: A Review of IT Governance
https://doi.org/10.17705/1cais.01538
Brown, J. B., Ryan, B. L., Thorpe, C., Markle, E. K. R., Hon, B. A., & Glazier, R. H. (2015).
33(3), 193–202.
women. International Journal of Social Research Methodology: Theory and Practice, 8(1),
47–60. https://doi.org/10.1080/1364557032000081663
Buchwald, A., Urbach, N., & Ahlemann, F. (2014). Business value through controlled IT:
Buntin, M. B., Burke, M. F., Hoaglin, M. C., & Blumenthal, D. (2011). The benefits of health
125
Caluwe, L., & De Haes, S. (2019). Board Level IT Governance: A Scoping Review to Set the
https://doi.org/10.1080/10580530.2019.1620505
Candela, A. G. (2019). Exploring the function of member checking. Qualitative Report, 24(3),
619–628.
Carcary, M. (2009). The research audit trial - enhancing trustworthiness in qualitative inquiry.
Casey, D., & Murphy, K. (2009). Methods and Meanings: Credibility and Trustworthiness of
https://doi.org/10.7748/nr2009.07.16.4.40.c7160
Castleberry, A., & Nolen, A. (2018). Thematic analysis of qualitative research data: Is it as easy
https://doi.org/10.1016/j.cptl.2018.03.019
Chau, D. C. K., Ngai, E. W. T., Gerow, J. E., & Thatcher, J. B. (2020). The Effects of Business-
https://doi.org/10.25300/misq/2020/12165
Chenail, R. J. (2011). Interviewing the Investigator_ Strategies for Addressing Instrume. The
http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1051&context=tqr/%0Ahttps://nsuwo
rks.nova.edu/tqr/vol16/iss1/16
126
Christopher, J. (2010). Corporate governance-A multi-theoretical approach to recognizing the
Clarke, C. T., & Branson, D. (2016). The SAGE Handbook of Corporate Governance
Clarke, T., & Branson, D. M. (2012). The SAGE handbook of corporate governance. The SAGE
435–436.
Cooper, T., Stavros, C., & Dobele, A. R. (2019). Domains of influence: exploring negative
sentiment in social media. Journal of Product and Brand Management, 28(5), 684–699.
https://doi.org/10.1108/JPBM-03-2018-1820
Coso Strong, A., & Sekayi, D. (2018). Exercising professional autonomy: Doctoral students’
preparation for academic careers. Studies in Graduate and Postdoctoral Education, 9(2),
243–258. https://doi.org/10.1108/SGPE-D-18-00005
Cotter, C. M. (2007). Making the case for a clinical information system: The chief information
https://doi.org/10.1016/j.jcrc.2007.01.005
Couto, E. S., Lopes, M. F. C., & Sousa, R. D. (2015). Can IS/IT Governance Contribute for
https://doi.org/10.1016/j.procs.2015.08.565
127
Creswell, John W.; Creswell, D. J. (2018). Research Design: Qualitative, quantitative and Mixe
https://doi.org/10.1017/CBO9781107415324.004
https://www.academia.edu/39374010/John_W._Creswell_Research_Design_Qualitative_Q
uantitative_and_Mixed_Methods_Approaches_SAGE_Publications_Inc_2013_
Cunningham, J. A., Menter, M., & Young, C. (2017). A review of qualitative case methods
trends and themes used in technology transfer research. Journal of Technology Transfer,
Cutcliffe, J. R., & McKenna, H. P. (1999). Establishing the credibility of qualitative research
https://doi.org/10.1046/j.1365-2648.1999.01090.x
Daniel, B. K. (2018). Empirical verification of the “TACT” framework for teaching rigour in
https://doi.org/10.1108/QRJ-D-17-00012
128
Dawson, G. S., Denford, J. S., Williams, C. K., Preston, D., & Desouza, K. C. (2016). An
Examination of Effective IT Governance in the Public Sector Using the Legal View of
https://doi.org/10.1080/07421222.2016.1267533
Devers, K. J., & Frankel, R. M. (2000). Study design in Qualitative research - 2: Sampling and
https://doi.org/10.1080/13576280050074543
Doherty, N. F., Ashurst, C., & Peppard, J. (2012). Factors affecting the successful realisation of
benefits from systems development projects: Findings from three case studies. Journal of
Donaldson, L., & Davis, J. H. (1991). Stewardship Theory or Agency Theory: Australian
https://doi.org/10.1177/031289629101600103
https://doi.org/10.1016/j.promfg.2020.05.011
Ebneyamini, S., & Sadeghi Moghadam, M. R. (2018). Toward Developing a Framework for
11. https://doi.org/10.1177/1609406918817954
129
Edirisinghe Vincent, N., & Pinsker, R. (2020). IT risk management: interrelationships based on
Ellen Pearlman. (2004). Welcome to the Crossroads ; The choice of whether to be strategic to
your business or become a glorified plumber is easy . The path is. Insight, C I O Vol, New
Ellinger, A. D., & McWhorter, R. (2016). Qualitative Case Study Research as Empirical Inquiry.
https://doi.org/10.4018/ijavet.2016070101
Emerson, R. W. (2015). Convenience sampling, random sampling, and snowball sampling: How
does sampling affect the validity of research? Journal of Visual Impairment and Blindness,
https://doi.org/10.11648/j.ajtas.20160501.11
Falchi de Magalhães, F. L., Gaspar, M. A., Luciano, E. M., & Napolitano, D. M. R. (2020).
Farquhar, J., Michels, N., & Robson, J. (2020a). Triangulation in industrial qualitative case study
https://doi.org/10.1016/j.indmarman.2020.02.001
130
Farquhar, J., Michels, N., & Robson, J. (2020b). Triangulation in industrial qualitative case study
research: Widening the scope. Industrial Marketing Management, 87(October 2018), 160–
170. https://doi.org/10.1016/j.indmarman.2020.02.001
Farquhar, J., Michels, N., & Robson, J. (2020c). Triangulation in industrial qualitative case study
https://doi.org/10.1016/j.indmarman.2020.02.001
Fawcett, T. N., Holloway, A., & Rhynas, S. (2015). If I have seen further it is by standing on the
shoulders of giants: Finding a voice, a positive future for nursing. Journal of Advanced
Ferguson, C., Green, P., Vaswani, R., & Wu, G. (2013). Determinants of Effective Information
https://doi.org/10.1111/j.1099-1123.2012.00458.x
https://doi.org/10.3102/0013189X016007016
Fiss, P. C. (2015). The SAGE Handbook of Case-Based Methods 25 . Case Studies and the
http://dx.doi.org/10.4135/9781446249413.n26 Print
Francis, J. J., Johnston, M., Robertson, C., Glidewell, L., Entwistle, V., Eccles, M. P., &
https://doi.org/10.1080/08870440903194015
131
Fusch, P., Fusch, G. E., & Ness, L. R. (2018). Denzin’s Paradigm Shift: Revisiting Triangulation
https://doi.org/10.5590/josc.2018.10.1.02
Geddes, A., Parker, C., & Scott, S. (2018). When the snowball fails to roll and the use of
Gentles, S. J., Charles, C., Ploeg, J., & Ann McKibbon, K. (2015). Sampling in qualitative
research: Insights from an overview of the methods literature. Qualitative Report, 20(11),
1772–1789.
Gentles, S. J., Charles, C., Ploeg, J., & McKibbon, A. K. (2015). Insights from an overview of
https://nsuworks.nova.edu/tqr/vol20/iss11/5%0Ahttps://cpb-us-
e1.wpmucdn.com/sites.nova.edu/dist/a/4/files/2016/01/Gentles_Sampling-2016-01-
16.ppt.pdf
Gephart, R. P. (2003). Grounded Theory and the Integration of Qualitative and Quantitative
9144(03)02007-1
Gerdewal, M. T., & Seçim, H. (2014). A Business Communication Design for Information
http://search.ebscohost.com/login.aspx?direct=true&db=bsu&AN=110258089&lang=es
132
Gërvalla, M., Preniqi, N., & Kopacek, P. (2018). IT infrastructure library (ITIL) framework
https://doi.org/10.1016/j.ifacol.2018.11.283
Gioia, D. A., Corley, K. G., & Hamilton, A. L. (2013). Seeking Qualitative Rigor in Inductive
Research: Notes on the Gioia Methodology. Organizational Research Methods, 16(1), 15–
31. https://doi.org/10.1177/1094428112452151
Gordon, L. T. (2010). Better data through IT governance. Hospitals & Health Networks, 1(2),
38–40. https://doi.org/10.4018/jitbag.2010040102
Guest, G., Bunce, A., & Johnson, L. (2006). How Many Interviews Are Enough?: An
Experiment with Data Saturation and Variability. Field Methods, 18(1), 59–82.
https://doi.org/10.1177/1525822X05279903
Haanappel, S., Drost, R., Harmsen, F., Brinkkemper, S., & Versendaal, J. M. (2011). A
http://sh.st/st/787f28ed3e745c14417e4aec27303038/http://www.cs.uu.nl/research/techreps/r
epo/CS-2011/2011-006.pdf
Journal, 5, 1–4.
Hawkins, K. W., Alhajjaj, S., & Kelley, S. S. (2003). Using CobiT to secure information assets.
http://proquest.umi.com.library.capella.edu/pqdweb?did=353250971&Fmt=7&clientId=627
63&RQT=309&VName=PQD
133
Heale, R., & Twycross, A. (2015). Validity and reliability in quantitative studies. Evidence-
Héroux, S., & Fortin, A. (2018). The moderating role of IT-business alignment in the
https://doi.org/10.4018/IRMJ.2015100102
Hoerbst, A., Hackl, W. O., Blomer, R., & Ammenwerth, E. (2011). The status of IT service
Huygh, T., & De Haes, S. (2019). Investigating IT Governance through the Viable System
https://doi.org/10.1080/10580530.2019.1589672
Hyett, N., Kenny, A., & Dickson-Swift, V. (2014a). Methodology or method a critical review of
qualitative case study reports. International Journal of Qualitative Studies on Health and
Hyett, N., Kenny, A., & Dickson-Swift, V. (2014b). Methodology or method a critical review of
qualitative case study reports. International Journal of Qualitative Studies on Health and
134
Ilmudeen, A., & Bao, Y. (2018). Mediating role of managing information technology and its
impact on firm performance: Insight from China. Industrial Management and Data Systems,
https://doi.org/10.1108/IJHCQA-01-2015-0016
Jairak, K., & Praneetpolgrang, P. (2013). Applying IT governance balanced scorecard and
https://doi.org/10.1108/IMCS-08-2012-0036
Jamali, D., Hallal, M., & Abdallah, H. (2010). Corporate governance and corporate social
responsibility: Evidence from the healthcare sector. Corporate Governance, 10(5), 590–
602. https://doi.org/10.1108/14720701011085562
Jeanne, R., & Peter, W. (2004). Recipe for Good Governance ; MIT research has found that good
IT governance leads to better return on assets for companies. But what makes for good
http://wv9lq5ld3p.search.serialssolutions.com.library.capella.edu/?ctx_ver=Z39.88-
2004&ctx_enc=info:ofi/enc:UTF-
8&rfr_id=info:sid/ProQ%253Aabiglobal&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.gen
re=article&rft.jtitle=CIO&rft.atitle=Recipe+for+Good+Gover
Jennifer, R. (2000). Using Case Studies in Research. Management Research News, 16–27.
Jensen, J. L., & Rodgers, R. (2001). Cumulating the intellectual gold of case study research.
135
Jiang, H. J., Lockee, C., & Fraser, I. (2012). Enhancing board oversight on quality of hospital
care: An agency theory perspective. Health Care Management Review, 37(2), 144–153.
https://doi.org/10.1097/HMR.0b013e3182224237
Joslin, R., & Müller, R. (2016). The relationship between project governance and project
https://doi.org/10.1016/j.ijproman.2016.01.008
Juiz, B. Y. C., Toomey, M., & Govern, T. O. (2015). [Juiz, Toomen] To Govern IT, or Not to
Knechel, N. (2019). What’s in a Sample? Why Selecting the Right Research Participants
https://doi.org/10.1016/j.jen.2019.01.020
Ko, D., & Fink, D. (2010). Information technology governance: An evaluation of the theory-
https://doi.org/10.1108/14720701011085616
Köbler, F., Fähling, J., Krcmar, H., & Leimeister, J. M. (2010). IT Governance and Types of IT
Decision Makers in German Hospitals. Business & Information Systems Engineering, 2(6),
359–370. https://doi.org/10.1007/s12599-010-0132-6
136
Kude, T., Lazic, M., Heinzl, A., & Neff, A. (2018). Achieving IT-based synergies through
Lacity, M. C., & Janson, M. A. (1994). Understanding qualitative data: A framework of text
https://doi.org/10.1080/07421222.1994.11518043
0053(200007/08)11:5<33::aid-jcaf6>3.3.co;2-l
https://doi.org/10.3109/10731199409117662
Langtree, T., Birks, M., & Biedermann, N. (2019). Separating “fact” from fiction: Strategies to
https://doi.org/10.17169/fqs-20.2.3196
Lawrence, P. C., & Gratton, S. (2016). Scorecard Sustainability: Discovering the Inflection
https://doi.org/10.1002/jcaf
137
Lester, J. N., Cho, Y., & Lochmiller, C. R. (2020). Learning to Do Qualitative Data Analysis: A
https://doi.org/10.1177/1534484320903890
Liebe, J. D., Esdar, M., Jahn, F., & Hübner, U. (2018). Ready for HIT innovations? Developing a
Liebe, J. D., Esdar, M., Thye, J., & Hübner, U. (2017). Antecedents of CIOs’ innovation
Lombardi, R., Del Giudice, M., Caputo, A., Evangelista, F., & Russo, G. (2016). Governance
and Assessment Insights in Information Technology: The Val IT Model. Journal of the
https://doi.org/https://link.springer.com/journal/volumesAndIssues/13132
Louise, B. K., & Alison, W. (1994). Collecting data using a semi-structured interview: a
Marques, A., Oliveira, T., Dias, S., & Martins, M. (2011). Medical records system adoption in
Marquis, H. (2006). What it is and what it isn ’ t : Business Communications Review, 36(12), 49–
54.
Marton, A. (2013). Purposive selection and the quality of qualitative is research. International
138
Mason, M. (2010). Sample size and saturation in PhD studies using qualitative interviews.
Matheson, J. L. (2007). The Voice Transcription Technique : Use of Voice Recognition Software
to Transcribe Digital Interview Data in Qualitative. The Qualitative Report, 12(4), 547–560.
Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare Data Security
1–7. https://doi.org/10.1155/2019/1927495
McLellan, E., MaCqueen, K. M., & Neidig, J. L. (2003). Beyond the Qualitative Interview: Data
https://doi.org/10.1177/1525822X02239573
https://doi.org/10.1108/08858621211257275
Meltzoff, J., & Cooper, H. (2018). The sample (2nd ed.). American Psychological Association,
Miller, T., & Boulton, M. (2007). Changing constructions of informed consent: Qualitative
research and complex social worlds. Social Science and Medicine, 65(11), 2199–2211.
https://doi.org/10.1016/j.socscimed.2007.08.009
Monat, J. P. (2006). IT finds its calling: Leading corporate productivity. IT Professional, 8(3),
18. https://doi.org/10.1109/MITP.2006.68
139
Morse, J. M. (2015). Critical Analysis of Strategies for Determining Rigor in Qualitative Inquiry.
https://doi.org/10.1177/1049732315588501
Mueller, L., Magee, M., Marounek, P., & Phillipson, A. (2008). IBM IT Governance Approach:
1–132. ibm.com/redbooks
Nascimento, L. da S., & Steinbruch, F. K. (2019). “The interviews were transcribed”, but how?
https://doi.org/10.1108/RAUSP-05-2019-0092
Nfuka, E. N., & Rusu, L. (2011). The effect of critical success factors on IT governance
performance. In Industrial Management and Data Systems (Vol. 111, Issue 9).
https://doi.org/10.1108/02635571111182773
O’Kane, P., Smith, A., & Lerman, M. P. (2021). Building Transparency and Trustworthiness in
https://doi.org/10.1177/1094428119865016
140
O’Keeffe, J., Buytaert, W., Mijic, A., Brozovic, N., & Sinha, R. (2016). The use of semi-
structured interviews for the characterisation of farmer irrigation practices. Hydrology and
Onwuegbuzie, A. J., Frels, R. K., & Hwang, E. (2016). Mapping Saldaňa’s Coding Methods onto
https://doi.org/10.5296/jei.v2i1.8931
Palinkas, L. A., Horwitz, S. M., Green, C. A., Wisdom, J. P., Duan, N., & Hoagwood, K. (2015).
Purposeful Sampling for Qualitative Data Collection and Analysis in Mixed Method
Implementation Research. Administration and Policy in Mental Health and Mental Health
Pardis, S. T., Sofian, S., & Abdullah, D. F. (2016). An integrative proposed model of corporate
Pathak, S., Krishnaswamy, V., & Sharma, M. (2019). Impact of IT practices and business value
https://doi.org/10.4102/sajbm.v51i1.365
141
Peterson, R. (2004b). Crafting information technology governance. Information Systems
Plümper, T., Troeger, V. E., & Neumayer, E. (2019). Case selection and causal inferences in
https://doi.org/10.1371/journal.pone.0219727
0167.52.2.137
Posthumus, S., & Von Solms, R. (2008). Agency Theory: Can it be used to strengthen IT
https://doi.org/10.1007/978-0-387-09699-5_46
Reynolds, P., & Yetton, P. (2015). Aligning business and IT strategies in multi-business
https://doi.org/10.1057/jit.2015.1
com.oasis.unisa.ac.za/docview/1749812458/fulltextPDF/CDF29F4599A3443APQ/25?acco
untid=14648
Roberts, K., Dowell, A., & Nie, J. B. (2019). Attempting rigour and replicability in thematic
analysis of qualitative research data; A case study of codebook development. BMC Medical
142
Rowley, J. (2012). Conducting research interviews. Management Research Review, 35(3–4),
260–271. https://doi.org/10.1108/01409171211210154
Rubino, M., Vitolla, F., & Garzoni, A. (2017). The impact of an IT governance framework on
https://doi.org/10.1108/RMJ-03-2016-0007
Salah, S., Rahim, A., & Carretero, J. A. (2010). Total company-wide management system: Case
Saldaña, J. (2016). The Coding Manual for Qualitative Researchers (No. 14). In Sage: Vol.
Santos, K. da S., Ribeiro, M. C., de Queiroga, D. E. U., da Silva, I. A. P., & Ferreira, S. M. S.
81232020252.12302018
Deploy and Sustain for Improved Effectiveness. Journal of International Technology &
https://search.ebscohost.com/login.aspx?direct=true&AuthType=shib&db=bth&AN=12240
0158&site=ehost-live&scope=site&custid=uphoenix
13(5), 43–57.
https://search.proquest.com/docview/2209456802/fulltextPDF/EF88ED3DEA6F4803PQ/1?
accountid=35812
143
Shapiro, S. P. (2005). Agency Theory. Annual Review of Sociology, 31(1), 263–284.
https://doi.org/10.1146/annurev.soc.31.041304.122159
Sharma, S. K., Sengupta, A., & Panja, S. C. (2019). Grounded Theory: A Method of Research
Silic, M., & Back, A. (2014). Information security: Critical review and future directions for
https://doi.org/10.1108/IMCS-05-2013-0041
Sirisomboonsuk, P., Gu, V. C., Cao, R. Q., & Burns, J. R. (2018). Relationships between project
https://doi.org/10.1016/j.ijproman.2017.10.003
Srivastava, P., & Hopwood, N. (2009). A Practical Iterative Framework for Qualitative Data
https://doi.org/10.1177/160940690900800107
Stake, R. E. (1978). The Case Study Method in Social Inquiry. Educational Researcher, 7(2), 5–
8. https://doi.org/10.3102/0013189X007002005
Stavros, C., & Westberg, K. (2009). Using triangulation and multiple case studies to advance
https://doi.org/10.1108/13522750910963827
144
Stenman, E. (2019). Strong Employer Brands and Employee Advocacy in Social Media:
Subsermsri, P., Jairak, K., & Praneetpolgrang, P. (2015). Information technology governance
0188
Tagesson, T., & Collin, S. O. Y. (2016). Corporate governance influencing compliance with the
Teo, W., Abd Manaf, A., & Choong, P. (2013). Practitioner Factors in Information Technology
https://doi.org/10.5171/2013.167294
Thomas, E., & Magilvy, J. K. (2011). Qualitative Rigor or Research Validity in Qualitative
https://doi.org/10.1111/j.1744-6155.2011.00283.x
Thye, J., Hübner, U., Hüsers, J., & Babitsch, B. (2017). IT decision making in German Hospitals
- Do CEOs open the black box? Studies in Health Technology and Informatics, 243, 112–
116. https://doi.org/10.3233/978-1-61499-808-2-112
145
Thye, J., Hübner, U., Weiß, J. P., Teuteberg, F., Hüsers, J., Liebe, J. D., & Babitsch, B. (2018).
Hospital CEOs need health IT knowledge and trust in CIOs: Insights rom a qualitative
https://doi.org/10.3233/978-1-61499-858-7-40
Tuckett, A. G. (2004). Qualitative research sampling: the very real complexities. Nurse
Turel, O., & Bart, C. (2014). Board-level IT governance and organizational performance.
https://doi.org/10.1057/ejis.2012.61
Warehouses: a Case Study From the Winter Sports Equipment Industry. Proceedings in
Van Grembergen, W. (2007). Introduction to the Minitrack “IT Governance and its
VanWynsberghe, R., & Khan, S. (2007). Redefining Case Study. International Journal of
Vidmar, D., Marolt, M., & Pucihar, A. (2021). Information technology for business
Vincent, N. E., Higgs, J. L., & Pinsker, R. E. (2017). IT governance and the maturity of IT risk
https://doi.org/10.2308/isys-51365
146
Wa-Mbaleka, S. (2017). Fostering Quality in Qualitative Research: A List of Practical
https://doi.org/10.1016/j.jss.2018.12.024
Wayne Gregory, R., Kaganer, E., Henfridsson, O., & Jean Ruch, T. (2018). IT
https://www.misq.org/skin/frontend/default/misq/pdf/appendices/2018/V42I4Appendices/1
0_13703_RA_GregoryKaganerAppendices.pdf
Weill, P. (2004). Don’t just lead, govern: How top-performing firms govern IT. MIS Quarterly
Weill, P., & Ross, J. (2005). A matrixed approach to designing IT governance. MIT Sloan
Weill, P., & Woodham, R. (2005). Don’t Just Lead, Govern: Implementing Effective IT
Wilkin, C. L., Couchman, P. K., Sohal, A., & Zutshi, A. (2016). Exploring differences between
https://doi.org/10.1016/j.accinf.2016.07.002
Williams, G., & Pigeot, I. (2017). Consent and confidentiality in the light of recent demands for
147
Winkler, T. J., & Wulf, J. (2019). Effectiveness of IT Service Management Capability: Value
Woogara, J. (2005). Patients’ Privacy of the Person and Human Rights. Nursing Ethics, 12(3),
273–287. https://doi.org/DOI:10.1191/0969733005ne789oa
Worthen, B., & Framingham, C. I. O. (2007). Document View ITIL Power ; Why the IT
Infrastructure Library is becoming the most popular process framework for running IT in
America , and what it can do for you . Document View Page 2 of 4. Computer, 18, 3–6.
Yang, Z., Kankanhalli, A., Ng, B. Y., & Lim, J. T. Y. (2013). Analyzing the enabling factors for
Yazan, B., & De Vasconcelos, I. C. O. (2016). Three approaches to case study methods in
https://doi.org/10.22347/2175-2753v8i22.1038
Yin, R. K. (1981). The Case Study as a Serious Research Strategy. Science Communication,
Yin, R. K. (2016). Robert K. Yin. (2014). Case Study Research Design and Methods (5th ed.).
Thousand Oaks, CA: Sage. 282 pages. The Canadian Journal of Program Evaluation,
Yin, R. K. (2018). Designing Case Studies. In Case Study Research and Applications: Design
and Methods.
Young, D. S., & Casey, E. A. (2019). An Examination of the Sufficiency of Small Qualitative
148
Yu, K. (2008). Confidentiality revisited. Journal of Academic Ethics, 6(2), 161–172.
https://doi.org/10.1007/s10805-008-9061-0
Zhang, N. J., Seblega, B., Wan, T., Unruh, L., Agiro, A., & Miao, L. (2013). Health information
technology adoption in U.S. acute care hospitals. Journal of Medical Systems, 37(2).
https://doi.org/10.1007/s10916-012-9907-2
Zhen, J., Xie, Z., & Dong, K. (2021). Impact of IT governance mechanisms on organizational
agility and the role of top management support and IT ambidexterity. International Journal
https://doi.org/10.1016/j.accinf.2021.100501
149
Appendix A:
Greetings,
My name is Jackson Ivan Isiko and I am a student at the University of Phoenix working on a
This study will use an exploratory qualitative single case study to understand stakeholders'
perceptions on the use of ITG and the relationship of ITG to critical health care infrastructures
such as hospital network operations. The study will also seek to explore how the IT governance
body and IT governance practices implemented at a hospital in the Western United States of
America affect the efficiency of IT Network Operations at a hospital in the Western United
States of America. This study will: (1) Contribute to the knowledge of professionals such as IT
managers, Network engineers, Hospital administrators, and other hospital stakeholders about the
significant contributions that IT governance could have on hospital network operations; and (2)
The research findings will contribute to the understanding of IT professionals and hospital
alignment of network operations the strategic, goals, and missions of the hospital. The findings
will be published in top information systems academic journals, such as : (1) Journal of the
Association for Information; (2) Journal of Information Technology; (3) Journal of Management
150
Systems Journal; (7) Journal of Strategic Information Systems; (8) Journal of Management
Your participation will involve participation in interviews, observation and document review of
1.One or two sessions of 45 minutes interview, research participants may also be involved in
a 1 hour’s session of document review and observation during the change advisory body
(CAB) meetings.
2. Interviews will be audio recorded and used to transcribe the interview session for each
participant.
3. If the researcher deems that the participants are not contributing to the research process,
the researcher may terminate the research participant from participation in the research
4. The participant will be part of the 10 to 20 research participants that will be part of the
study.
You can decide to be a part of this study or not. Once you start, you can withdraw from the
study at any time without any repercussions. The results of the research study may be published
but your identity will remain confidential or anonymous, and your name will not be made known
Although there may be no direct benefit to you, a possible benefit from your being part of this
study how the research findings will contribute to the understanding of IT professionals about
how to effectively implement IT governance as a way to improve their alignment to the strategic,
151
goals and mission of the of the hospital and the significant effects that IT governance could have
If you have any questions about the research study, please call me at 801-791-3883 or email me
concerns or complaints, please contact the University of Phoenix Institutional Review Board at
IRB@phoenix.edu.
1. You may decide not to be part of this study or you may want to withdraw from the study
isijackson@email.phoenix.edu
3. Jackson Ivan Isiko the researcher, has fully explained the nature of the research study
4. Before interviews are conducted, you must give permission for the researcher, Jackson
Ivan Isiko, to record them. The information from these recorded interviews will be
transcribed by Jackson Ivan Isiko, and the data will be coded to assure that your identity
is protected.
5. Data will be kept secure by following the University of Phoenix and institutional review
interviews will be stored on a locally encrypted, and password-protect hard drive on the
will be kept on the researcher's iCloud drive for at least three years after the interviews
are collected. The protected files will only be accessible to the researcher. Personally,
152
identifiable research participant data will be removed from the transcripts and replaced
with pseudonyms after interviews have been transcribed and validated by the research
participant. Personally, identifiable information and raw data from interviews will be
kept in different password protected files. The data will be kept for three (3) years. The
research transcript data will be destroyed by deleting the files from the researcher’s local
hard drive and redundant copies from the researcher's iCloud account. Audio recordings
from the interviews will be kept until the interviews have been recorded and validated by
the research participants within three to six months. That audio recording will be
destroyed by file deletion of the audio recording and destroying any media may that
contains the participant's audio record. The researcher’s interview field notes will be
destroyed by shredding after 3 years from the date of the research field notes collection.
Although not foreseen in this research, as a limit to your confidentiality, the researcher
By signing this form, you agree that you understand the nature of the study, the possible risks
and benefits to you as a participant, and how your identity will be kept confidential or
anonymous. When you sign this form, this means that you are 18 years old or older and that you
give your permission to volunteer as a participant in the study that is described here.
( ) I accept the above terms. ( ) I do not accept the above terms. (CHECK
ONE)
153
Signature of the research participant ____________________________________ Date
_____________
154
Appendix B:
Problem
The main problem is that poor information technology governance (ITG) has often led to
failed IT projects and implementation of effective IT operations in organizations that heavily rely
on IT for businesses operations(Ako-Nai & Singh, 2019). ITG governance is often found
Purpose
This study will use an exploratory qualitative single case study to understand stakeholders'
perceptions on the use of ITG and the relationship of ITG to critical health care infrastructures
such as hospital network operations. The study will also seek to explore how the IT governance
body and IT governance practices implemented at a hospital in the Western United States of
America affect the efficiency of IT Network Operations at a hospital in the Western United
States of America. This study will: 1) Contribute to the knowledge of professionals such as IT
managers, Network engineers, Hospital administrators, and other hospital stakeholders about the
significant contributions that IT governance could have on hospital network operations. 2) The
alignment of network operations the strategic, goals, and missions of the hospital.
155
Time: ______________________ Location: ___________________________
Opening: Thank you for participating in the research study entitled, The effect IT governance
(ITG) has on hospital network operations, and for participating in this one-on-one interview. I
am dual audio recording this interview to have a back-up copy in case one of the recordings
should fail. Before we begin, for the purpose of confidential identification, please state the
2. Do you willingly, of your own free choice, choose to participate in this interview?
4. Do you meet the eligibility criteria as outlined in the Preliminary Eligibility document?
8. Are you aware that you are free to withdraw from participation at any time before, during,
Thank you.
156
I will be asking you a series of open-ended discussion questions that relate to the central research
question and sub-questions. Feel free to ask questions as they arise and to elaborate on your
responses. The more detail you can provide, the better. No right or wrong answers exist. This
2. How is IT governance of network operations used for strategic alignment to the hospital’s
management?
5. How is IT governance of network operations at the hospital used for risk management?
Close: Thank you for participating today. We will meet one more time after I transcribe
the interview to allow you to review, revise, and approve the transcription.
157
Appendix C: The Effect of IT Governance (ITG) on Hospital Network Operations
Observational protocol
The researcher will be observing at 3 IT governance meetings, the researcher will observe IT
governance meeting participants for general information about what happens in IT governance
meetings without directly quoting or identifying any individuals or reporting any proprietary
company information.
Location of observation:
Date
Observed by:
Duration of observation: ___Start time_________ Finish time____ Session#_____
Topic / Category Descriptive notes Reflection
observed
How IT Governance of
network operations is
used to deliver value to
the Hospital.
How IT Governance of
network operations is
used for strategic
alignment to the
Hospital's goal and
mission.
How IT Governance of
network operations is
used for performance
management.
How IT Governance of
network operations at
the Hospital used for IT
resource management.
How IT Governance of
network operations at
the Hospital is used for
risk management.
158
How IT performance
measures are aligned
with the performance
measures used by the
organization
159
3UR4XHVW1XPEHU 28418661
$OOULJKWVUHVHUYHG
,1)250$7,2172$//86(56
7KHTXDOLW\RIWKLVUHSURGXFWLRQLVGHSHQGHQWRQWKHTXDOLW\RIWKHFRS\VXEPLWWHG
,QWKHXQOLNHO\HYHQWWKDWWKHDXWKRUGLGQRWVHQGDFRPSOHWHPDQXVFULSW
DQGWKHUHDUHPLVVLQJSDJHVWKHVHZLOOEHQRWHG$OVRLIPDWHULDOKDGWREHUHPRYHG
DQRWHZLOOLQGLFDWHWKHGHOHWLRQ
3UR4XHVW 28418661
$OO5LJKWV5HVHUYHG
7KLVZRUNLVSURWHFWHGDJDLQVWXQDXWKRUL]HGFRS\LQJXQGHU7LWOH8QLWHG6WDWHV&RGH
0LFURIRUP(GLWLRQ3UR4XHVW//&
3UR4XHVW//&
(DVW(LVHQKRZHU3DUNZD\
32%R[
$QQ$UERU0,