By Jackson Ivan Isiko: The Effect of It Governance On Hospital Network Operations: An Exploratory Case Study

THE EFFECT OF IT GOVERNANCE ON HOSPITAL NETWORK OPERATIONS: AN
EXPLORATORY CASE STUDY
by
Jackson Ivan Isiko
Copyright 2021
A Dissertation Presented in Partial Fulfillment

of the Requirements for the Degree
Doctor of Management In Organizational Leadership with a Specialization in Information
Systems
University of Phoenix
ABSTRACT
This study was an exploratory case study about the effect of IT Governance (ITG) on
hospital network operations. This study sought to understand stakeholders' perceptions on the use
of ITG and the relationship of ITG to critical health care infrastructures such as hospital IT
networks and network operations. This study explored stakeholders' perceptions by
understanding how the IT governance body and IT governance practices implemented at the
hospital affect IT Network Operations' efficiency at a hospital in the Western United States of
America. In a qualitative exploratory simple case study, the researcher triangulated evidence
from interviews, document review, and observation to reach a holistic understanding of the
impact of ITG on hospital network operations and health care services. Five major themes
emerged from this study, namely: (a) The ITG value creation process leads to IT agility for the
Hospital's IT network operations; (b) ITG is used for strategic alignment between the hospital's
governance practices and IT Network operations; (c) IT governance is used to measure the
performance of IT Network operations; (d) IT governance uses configuration management tools
to manage IT assets; (d) ITG is used for risk management and risk mitigation for IT-related risks.
The key recommendations to IT practitioners are: (a) Training and retraining employees in IT
best practices such as COBIT 5 and ITIL V5 to raise awareness about the ITG value delivery
process; (b) Constant communications about ITG can help improve the perception of IT
governance and IT governance at the hospital; (c) Implement a balanced scorecard (BSC) as a
performance management tool for IT network operations; (d) ITG should dedicate more time and
resources to the stewardship and accountability of IT assets at the hospital; and (e) The Hospital's
strategic leadership team should ensure that cybersecurity efforts are well funded to respond to
emerging information security risks effectively and proactively.
iii
DEDICATION
I dedicate this study to my loving wife Stephanie, my friend, partner, and eternal
companion. You relentlessly but patiently encouraged me to continue to the end of my doctoral
journey, especially when I felt like giving up. You and our kids endured almost a decade of me
doing homework, even while on vacation. I remember several family trips and vacations where I
stayed at the hotel or at the campground in our motor home to work on and submit my
homework while you entertained the kids. To my mother, although you passed away when I was
12 years old, you instilled in me the value of education and hard work at a very young age. To
my father, you tough me that I would be successful through handwork and commitment to
education. You also sacrificed almost everything that you had to put me through school. To
Florence Isiko, you took care of me and raised me like your own son after my mother and uncle's
passing, and I will always be grateful for your love and support. To Bill Knowlton, Tom Hatch,
Michael Loosli, you helped me with the financial backing to attain my bachelor's degree in
Information Technology. I will never forget your financial support to help me earn my
undergraduate degree. To Herbert Shades, confidant in life and business partner, you have
always supported my academic endeavors. To Kagabo Robert, I am grateful for the educational
and dialogic guidance you gave me during my doctoral journey. Finally, to my Heavenly Father,
it is through his grace and mercy that a young man from a poor African family was able to
overcome all odds to gain a doctoral degree.
iv
ACKNOWLEDGMENTS
Isaac Newton is noted to have said that “If I have seen further, it is by standing on the
shoulders of Giants” (Fawcett et al., 2015). It is on the shoulders of academic giants and church
leaders in my life that I have been able to learn and grow. To Dr. John C. Sienrukos, my
dissertation chair, Dr. Jennifer Lapin, and Dr. Donald Munday, my committee members, for your
continual feedback and guidance through the final doctoral course. To my University of Phoenix
peers, you provided unwavering support and dedication throughout my doctoral Journey.
v
TABLE OF CONTENTS
Contents…………………………………………………………………………..……………Page
List of Tables……………………………………………………………………………..............ix
List of Figures………………………………………………………………………….................x
Chapter 1: Introduction .................................................................................................................... 1
Background of the Problem ................................................................................................ 1
Problem Statement .............................................................................................................. 5
Purpose of the Study ........................................................................................................... 6
Population and Sample ....................................................................................................... 8
Significance of the Study .................................................................................................... 9
Nature of the Study ........................................................................................................... 10
Research Questions ........................................................................................................... 15
Theoretical Framework ..................................................................................................... 15
Definition of Terms........................................................................................................... 16
Assumptions, Limitations and Delimitations .................................................................... 17
Chapter Summary ............................................................................................................. 18
Chapter 2: Literature Review ......................................................................................................... 20
Title Searches and Documentation ................................................................................... 21
Historical Content ............................................................................................................. 23
Current Content ................................................................................................................. 27
vi
Theoretical Framework Literature .................................................................................... 30
Methodology Literature .................................................................................................... 34
Research Design Literature ............................................................................................... 43
Conclusions ....................................................................................................................... 45
Chapter Summary ............................................................................................................. 45
Chapter 3: Research Methodology ................................................................................................. 47
Research Method and Design Appropriateness ................................................................ 48
Population and Sample ..................................................................................................... 50
Informed Consent and Confidentiality.............................................................................. 53
Instrumentation ................................................................................................................. 55
Pilot Study......................................................................................................................... 58
Credibility and Transferability .......................................................................................... 59
Data Collection ................................................................................................................. 64
Data Analysis .................................................................................................................... 67
Chapter Summary ............................................................................................................. 73
Chapter 4: Analysis and Results .................................................................................................... 74
Data Collection ................................................................................................................. 75
vii
Demographics ................................................................................................................... 80
Pilot Study......................................................................................................................... 82
Data Analysis .................................................................................................................... 82
Results ............................................................................................................................... 91
Chapter Summary ........................................................................................................... 106
Chapter 5: Conclusions and Recommendations ........................................................................... 107
Research Questions ......................................................................................................... 108
Discussion of Findings .................................................................................................... 109
Limitations ...................................................................................................................... 115
Recommendations to Leaders and Practitioners ............................................................. 115
Recommendations for Future Research .......................................................................... 119
Chapter Summary ........................................................................................................... 119
References .................................................................................................................................... 122
Appendix A: Informed Consent Form.......................................................................................... 150
Appendix B: One-on-One IT governance Interview Protocol ..................................................... 155
Appendix C: The Effect of IT Governance (ITG) on Hospital Network Operations Observational
Protocol ........................................................................................................................................ 158
viii
LIST OF TABLES
Table 4.1: Interview Participant Demographics ............................................................................. 81
Table 4.2: Second Level Codes, Categories And Emerging Themes ............................................ 84
Table 4.3: Emergent Themes From The Study .............................................................................. 87
Table 5.1: Research Questions And Corresponding Emergent Themes ...................................... 111
ix
LIST OF FIGURES
Figure 4.1: The codes, categories and emergent themes of the study. ........................................... 86
Figure 4.2: Showing a map of emergent categories and themes of the study ............................... 87
Figure 4.3: Showing the emergent themes in MAXQDA ............................................................. 92
x
Chapter 1
Introduction
This study was an exploratory case study about the effect of IT Governance (ITG) on
hospital network operations. The research sought to understand the perception of stakeholders on
the use of ITG and the relationship of ITG to critical health care infrastructures such as hospital
IT networks and IT network operations. Understanding the effects of IT governance in hospitals
could help improve health care services through well managed Health Information Systems
(HIS) (Yang et al., 2013). In this qualitative exploratory case study, the researcher used
interviews, document review, and observation to understand the effect of IT governance on
hospital network operations and health care services by asking good research questions,
exercising good listening skills, good project and document management helped the researcher
succeed in the research. The researcher in this chapter covers: (a) the background of the problem,
(b) problem statement; (c) the purpose of the study; (d) population and sample; (e) significance
of the study; (f) nature of the study, (g) the research questions, (h) conceptual framework; (i)
definition of terms; and (j) assumptions, limitations and delimitations of the research.
Background of the Problem
Due to the ubiquity of IT in all sectors, there is an increased dependence on Information
technology and IT services in almost every organization in the 21st century (Ko & Fink, 2010).
Peterson (2004b), argued that information technology governance (ITG) had emerged as a
fundamental business imperative because the effective implementation of ITG leads to the
creation of business value and wealth. There is a relationship between IT governance and
corporate governance. Organizations should seek to strengthen those relationships for business
agility and competitiveness (Ko & Fink, 2010; Jairak & Praneetpolgrang, 2013). ITG is an
1
integral part of corporate governance; as such, ITG tends to benefit from the mature and well-
defined processes of corporate governance. ITG is likely to be well defined and implemented in
an organization by covering risk management, information security, service quality, IT asset
management and IT alignment to the corporate vision of the business (Subsermsri et al., 2015).
Research shows a positive correlation of organizational performance when organizations have
alignment between business and IT strategy (Reynolds & Yetton, 2015). The challenge however,
is that good corporate governance and IT governance is often found lacking in many
organizations (Jairak & Praneetpolgrang, 2013; Subsermsri et al., 2015). Sound corporate
governance is not only essential in the business world but critical in the health care industry
(Jamali et al., 2010). In addition to good corporate governance, CEO support for IT governance
tends to be related to the need for fascial responsibility regarding IT investments and the
alignment of IT investments to organizational goals (Wilkin et al., 2016). Although sound
corporate governance is necessary for the successful implementation of IT governance in the
health care industry, sound corporate governance is also often found lacking in the health care
industry. Because sound corporate governance is usually found lacking, IT governance as a
subcomponent of corporate governance is often found lacking as well.
IT departments in an organization are likely to succeed if they are in a position to
continuously offer cost-effective services in a timely manner (Gerdewal & Seçim, 2014), the
rising cost of IT expenditure in organizations, failed IT projects, and the negative impacts that
organizations face as a result of failed IT projects have led to an increased amount of scrutiny of
IT department and a demand for IT accountability (Phillips, 2014; Asgarkhani et al., 2017). In
addition to increased demand for IT accountability, there is increased demand by the IT industry
and compliance requirements that have forced organizations to implement best practices and
2
frameworks such as Control Objectives for Information Technology (COBIT) framework
(Phillips, 2014, Bowen et al., 2007). Information Technology Infrastructure Library (ITIL),
International Organization for Standardization (ISO), and the International Electrotechnical
Commission (IEC). Of all IT governance (ITG) frameworks, ITIL is the most adopted IT
governance framework (Nicho & Muamaar, 2016; Marquis, 2006). ITIL is a collection of best
practices for IT operations initially developed by the British government (Worthen &
Framingham, 2007). The implementation of ITIL as an IT governance framework however, can
be a long, complicated, and challenging task for many organizations and their IT departments
(Nicho & Muamaar, 2016). IT Governance is used to align IT services to strategic business
goals to improve IT services and perform continuous improvement of IT services to meet both
business and a business’s customer needs (Wautelet, 2019). The implementation of good ITG
and IT best practice frameworks call for good IT strategies. Monat (2006), posited that without
clear information technology strategies and flexible leadership styles aligned to serving
organizational needs, businesses might struggle to succeed in the 21st century. Teo, Abd Manaf,
and Choong (2013) contended that the demand for effective IT governance is on the rise as
businesses and governments continually increase their dependence on IT Network Services. Well
managed and well-governed IT functions can lead to very effective and efficient IT processes
that are responsive to business needs (Phillips, 2014).
IT success requires good corporate and IT governance practices, Clarke and Branson
(2012) argued that good corporate governance is an essential component of market integrity,
efficiency, and financial growth of an organization. However, entrepreneurs, investors, and
corporations sometimes lack the flexibility to craft governance that can quickly respond to
changes in technology, competition, and customer needs. Most organizations require a certain
3
degree of governance, including corporate governance and IT governance (Doherty et al., 2012).
Although IT governance plays a critical role in regulating how IT services are delivered to an
organization, poor implementation of IT governance processes could increase the time IT
departments and businesses take to continuously provide improved IT Network Operations and
Network Services to their customers in environments such as hospitals.
IT governance is a subset of corporate governance, corporate governance is an
organizational practice concerned with maintaining a balance between economic and social
goals, individual and communal goals in a way that is designed to optimize organizational
resources through accountability and good stewardship of an organization's resources (T. Clarke
& Branson, 2012). Researchers such as (C. T. Clarke, Branson, 2016; Phillips, 2014) suggested
that almost all organizations in the 21st century are affected by poor IT governance, which
includes services such as IT Network Services and Network Operations. To solve the IT
governance challenges faced by many organizations, best practices such as ITIL, ISO 2000, and
COBIT have been established and adopted by the IT industry to help organizations to effectively
support and govern their IT operations and services (Gerdewal & Seçim, 2014). Although best
practices such as ITIL can be used to implement ITG in an organization, best practices such as
COBIT have been used as a proxy for IT management practices and a control mechanism for
managing enterprise-wide IT practices, the COBIT framework is particularly perceived to be an
effective best practice for IT governance (Phillips, 2014). However, despite the existing IT
governance best practices such as ITIL and COBIT many organizations implement IT
governance poorly and ended up with IT governance process that are not aligned with business
goals, strategy and mission (Nicho & Muamaar, 2016), furthermore, the implementation of IT
governance best practices in many organizations has not translated into IT alignment with the
4
organizations objectives in a way that IT is used to sustain the business (Improving Strategic
Alignment: A Case Study, 2015) . Poor implementations of IT governance could result into a
miss alignment between IT practices and corporate goals (Hiekkanen et al., 2015; Phillips,
2014). The miss alignment between business and IT goals and objectives could lead to poor
service delivery of IT network services and the continuous service improvement of IT services as
a whole (Ahmad et al., 2013a). Poor IT governance could also minimizes shareholder value and
diminishes the relationship between the principal (owners of the business) and agents (managers
that run the business), as suggested by Donaldson and Davis (1991).
Problem Statement
The main problem is that poor information technology governance (ITG) has often led
to failed IT projects and implementation of effective IT operations in organizations that heavily
rely on IT for business operations (Ako-Nai & Singh, 2019). ITG governance is often found
lacking in critical healthcare IT infrastructures such as IT networks; poor IT governance could
impact the quality of IT services delivered by an IT department (Jairak & Praneetpolgrang,
2013). ITG is used to align IT services to strategic business goals in an effort to improve IT
services and perform continuous improvement of IT services to meet both business and a
business’s customer needs (Wautelet, 2019). Although ITG plays a critical role in regulating
how IT services are delivered to an organization, poorly implemented IT governance processes
could increase the time IT departments and businesses take to continuously provide improved IT
Network Operations and Network Services to their customers in environments such as hospitals.
To compound the problem of the lack of ITG in hospitals is the fact that health care
organizations are complex systems that heavily depend on good governance and multiple levels
of the governance process; corporate governance in hospitals may include Clinical governance,
5
medical governance, research governance (Delaney, 2015). Good cooperate governance in health
care works to reduce the level of discordance between the different entities within a health care
organization such as IT to improve service delivery, and patient care is critical to a hospital's
success (Delaney, 2015).
Effective ITG could mitigate the impact of network operations and service delivery of
health care services (Jairak & Praneetpolgrang, 2013; Subsermsri et al., 2015). Because
healthcare providers often deal with the lack of good corporate governance (Jairak &
Praneetpolgrang, 2013); poor corporate governance, in many cases, leads to poor ITG in hospital
environments that may lead to catastrophic health care system outages and may lead to poor
patient care. Corporate Leaders in the health care industry need to institute an effective ITG
process that will mitigate the risk of health system failures that could cause poor patient care.
The specific problem is that ITG governance is often found lacking in critical health care IT
infrastructures such as IT network operations. Yet, network operations and network
infrastructure are at the heart of the effective service delivery of health care services. This
research will seek to answer the question, what is the relationship between IT governance and
hospital network operations?
Purpose of the Study
A previously noted in the introduction of this chapter, this study used an exploratory
qualitative single case study to understand stakeholders' perceptions on the use of ITG and the
relationship of ITG to critical health care infrastructures such as hospital network operations. The
study also sought to explore how the IT governance body and IT governance practices
implemented at a hospital in the Western United States of America affect IT Network
Operations' efficiency at the hospital. This study: 1) Contributes to the knowledge of
6
professionals such as IT managers, Network engineers, Hospital administrators, and other
hospital stakeholders about the significant contributions that IT governance could have on
hospital network operations. 2) The research findings also contribute to the understanding of IT
professionals and hospital administrators about how to effectively implement IT governance as a
way to improve the alignment of network operations the strategic, goals, and missions of the
hospital.
Because many IT network services may take a long time to implement, leading to
frustrated customers, poor patient care, and lost business in settings such as a hospital, there is a
need to reexamine the role that corporate governance processes and IT governance processes
play in organizations such as hospitals in the Western United States of America. This study
examined the processes IT departments use to effectively govern IT Network Services' service
delivery and improve on existing IT Network Services at a hospital in the Western United States
of America. The findings of this research may provide important information to the hospital
board of directors, leaders such as the Chief Technical Officer (CTO), Chief Information Officer
(CIO), IT managers and hospital administrators with tools and practices on how to improve their
processes to reduce the time it takes to implement IT Network services to the business and its
customers but at the same time implement effective IT governance practices that are aligned with
the goals, mission, and strategy of the hospital.
The location of the research was at a hospital in the Western United States of America.
The research was feasible based on the researchers' proximity to the study site unit and the use of
online tools such as Microsoft Teams to conduct interviews, observations, and the hospitals' IT
governance website to conduct a document review. The three primary sources of evidence used
were interviews, observation, and document review of the existing IT governance process.
7
Population and Sample
The goal in both qualitative and quantitative studies is to select a sample that would most
appropriately help answer the research question (Meltzoff, J., & Cooper, 2018), In qualitative
research, a sample-sized between 10-30 participants among a homogeneous population is
considered adequate (Boddy, 2016). This study explored a purposive sample of 11 current IT
employees and hospital administrators responsible for IT governance and part of the change
advisory body (CAB). The employees interviewed include: The Chief Technical Officer (CTO),
IT directors, IT managers, Network Engineers, and IT service desk personnel. The study
examined how IT governance processes and practices impact IT network operations at a Hospital
in the Western United States of America. Because of the COVID 19 pandemic health
restrictions, face-to-face interviews were not possible. Interviewee participation involved
participating in 30-45 minutes semi-structured interviews using Microsoft Teams during the
month of January 2021. Document review and observation was used to collaborate findings from
interview data to validate the ITG processes used at the Hospital during the research period. The
main reason for conducting interviews and document review was to evaluate how the
implementation of ITG impacts the Network operations of a hospital in the Western United
States of America.
Participation was strictly confidential; the interviewees were assigned pseudonyms,
making it impossible to trace back to the respondents personally identifiable details. Participants
will have the right to receive a link to the dissertation which will include the study results; the
desertion may be published in academic libraries such as ProQuest and IT academic Journals
such as the Journal of Information Technology.
8
Significance of the Study
Although multiple studies have been conducted about the effects of corporate governance
and IT governance on an organization as the study by Nfuka and Rusu (2011) about the effect of
critical success factors on IT governance performance and a study by (Hiekkanen et al., 2015;
Salah, Rahim, & Carretero, 2010) about IT alignment and corporate governance in general,
current literature is silent about the effects of IT governance on hospital network operations.
The researcher used a case study of a hospital to understand hospital stakeholder perceptions
about the relationship of IT governance on network operations at the Hospital, this kind of
research had not been done before. The Goal of the study was to understand the relationship
between IT governance and the effects of IT governance on critical health care infrastructures
such as IT networks at a hospital in the Western United States of America. The findings from
this study may help hospital stakeholders implement and exercise IT governance best practices to
improve the service delivery of IT services by aligning the IT network operations department to
the goals, mission, and strategy of the organizations.
The findings in this study will also inform IT practitioners about the best way to
implement IT Governance specifically tailored to network operations; increased understanding of
how IT governance can be improved on in a hospital setting may not only improve hospital
network operations but could also lead to improved health care service delivery. The research
will contribute to the academic community by informing future researchers about some of the
benefits of effectively implementing IT governance in a hospital.
9
This research used a single exploratory case study at one Hospital in the Western United
States of America. Simple case studies tend to be subjective; more research using multiple case
studies should be conducted to examine the differences in IT governance between several
hospitals in the Western United States of America and across the nation. Quantitively and mixed
methods studies may also be undertaken across hospitals in the Western United States of
America and across the United States to further measure the impact of IT governance on hospital
network operations on health care services at hospitals in the United States. Such studies would
allow the researcher to triangulate data from different sources and environments; triangulating
data from different sources of evidence, both qualitative and quantitative, may be wholistic
enough to serve as a ground to recommend and provide the most effective IT governance best
practices for Hospital Network Operations, and the role of network operations in improving
patient care.
Nature of the Study
The research design that was used is a simple exploratory case Study. Exploratory case
studies are used to explore a phenomenon in which the interventions being used has no clear set
of outcomes (Baxter Pamela & Jack, 1990). Research instruments and research design are at the
heart of the research study; as such, researchers should endeavor to design research instruments
as flawlessly as possible regardless of the research methods in use (Brewer et al., 2015). Case
studies are qualitative research designs used to explore a time, space-bound, and context-bound
phenomenon. Case study investigators explore real-life single our multiple bound systems over
time using in-depth data collection involving multiple sources of information (Alpi & Evans,
2019; Hyett et al., 2014b) also posited that a qualitative case study explores a real-life ,
contemporary bounded system. Case study evidence can be collected from interviews,
10
observation, document review, and physical artifacts (Alpi & Evans, 2019), case studies may use
multiple sources of data to gain a nuanced view from multiple perspectives (Farquhar et al.,
2020a). A case study, especially a single case study, is bounded because case studies focus on a
single entity (Jensen & Rodgers, 2001). Hyett et al., (2014a) suggested that a case study research
is an investigation and analysis for a single or multiple cases to capture the complexity of the
object of study (Hyett et al., 2014a).
Further, a case study is a design of inquiry that can be applied to many fields, mainly in
which a researcher develops and in-depth analysis of a case such as a program, an event, activity,
or processes in an organization (Creswell & Creswell, 2018). Although case studies cannot be
used for generalization in social research, case studies are used to study human behavior because
they are down-to-earth and attention-holding (Stake, 1978). Case studies are also bounded
systems; as suggested by (Alpi and Evans 2019; Hyett et al., 2014a), the meaning of a bounded
system in a case study is derived from the characteristic of cases study designs, case studies are
context-bound or specific to a unit of study, a case can be a bounded system such as an
institution (Stake, 1978) , time-bound, for example, a year or 6 months as the period of study.
Case boundaries are kept in focus to determine what is in scope and what is out of the scope of
the study (Stake, 1978).
Case Studies may be used to develop an understanding of an organization such as an IT
department as a case (Yin, 2016), describe how the IT department works, point out some themes
that emerge from talking to IT employees throughout the data collection period. Using a case
study approach, a researcher can see how the IT department works and the impact an IT
department has on an organization.
11
Questionnaires and interviews are commonly used question-answering research
instruments in qualitative research (Rowley, 2014). Online surveys are an excellent example of
quantitative instruments (Leman, 2010). Shin (2016) used quantitative instruments such as
surveys and qualitative instruments such as interviewing on focus groups and experts to
understand how cross-platform services provide unified experiences across multiple devices that
users can use to watch content using platforms such as televisions, computers, and handheld
devices. In quantitative studies, researchers use web best tools to develop a questionnaire and
post the questionnaires online or distribute the questionnaires using email. In qualitative studies,
Face to face interviews are used, interviews may be recorded, transcribed, and coded to
determine merging themes from the interviewees. A qualitative case study was used because
qualitative case studies seek to answer the “why” and “how” questions of a research
phenomenon (Yin, 1981) and (Yin, 2016).
For anonymity purposed, the case considered for inquiry is only referred to here as a
hospital. Therefore, a hospital in the Western United States of America was considered for this
case study. Researchers may use a combination of three forms of data collection, such as
document review, interviews, and direct observations of participants (Cunningham et al., 2017).
The researcher used Microsoft Teams to conduct semi-structured interviews for the CIO, IT
directors, IT managers, Network engineers, and service management experts at the hospital.
After interviews were conducted, interviews were be first transcribed before the data
could be analyzed as recommended by Nascimento and Steinbruch (2019). Preparation of data
from audio to transcripts is usually the next logical sequence after interviews are
recorded(McLellan et al., 2003). Transcription is used in qualitative research to show evidence
about a particular phenomenon that constitutes a certain interest in a study; transcription is
12
largely shaped by the institutional culture, academic environment, and background of the
researcher (Nascimento & Steinbruch, 2019). Due to the complexity of the data transcription
process, many researcher tend to dislike the process; researchers can use data transcription
technologies such as voice recognition software (VRS) as a strategy to ease and increase the
speed of the data transcription process for audio recordings (Matheson, 2007). The researcher
generated transcripts from data recordings that were later used for further analysis by coding,
categorizing and analyzing themes that emerged from the data.
The next phase of qualitative research after collecting data is analysis and interpretation
of qualitative data; data analysis is a dialectic process of making sense of qualitative data; it is
the process generating new insights from raw data into intelligible accounts (Cunningham et al.,
2017), during research analysis researchers engage in categorization, abstraction, comparison,
dimensionalization, integration, iteration, and refutation of data (Spiggle, 1994). Qualitative
analysis is an inductive approach of understanding what is going in on within an inquiry through
a process of continually hunting for themes and concepts that emerge from the collected data,
researchers do not impose themes and concepts that should emerge out to the data prior to the
analysis of the data (Srivastava & Hopwood, 2009). Using and induction approach of data
analysis allows patterns and themes to emerge from the data based on what the researcher wants
to know from the data based on the theoretical framework of the researcher, the researcher's
subjective perspective, researcher ontological and epistemological perspective (Srivastava &
Hopwood, 2009).
The key to qualitative research analysis is mastering the art of reflexivity and data
iteration as the researchers reviews, analyze, and revisits with analyzed data over and over to
13
discover new and emerging themes from the data and how those themes inform the researchers
inquiry (Srivastava & Hopwood, 2009).
An expert data analysis process and steps for case study design suggested by Srivastava and
Hopwood (2009), recommended that data analysis should focus on three main questions the
questions are 1) what are the data telling me?, 2). What is it that I want to know from the data?
3). What are the dialectical relationships between what the data is telling me what I want to
know? Data analysis is a meaning-making process that should consist of examining,
categorizing, tabulating, testing, or recombining both qualitative and quantitative evidence to
address the initial proposition of a study (Yazan & De Vasconcelos, 2016).
During data analysis, the initial skill that qualitative researchers may need to master is the
skill of examining, categorizing commonly referred to as coding qualitative data; qualitative
researchers that wish to become proficient at doing qualitative analysis must learn to code well
and efficiently. However, it is not possible for researchers to claim final coding authority because
there is no standard approach to coding neither is coding the only way for analyzing qualitative
data (Saldaña, 2016; Onwuegbuzie, Frels, & Hwang, 2016).
A code in qualitative research is a word or short phrase that symbolizes salient, essence-
capturing, and or evocative attributes for a proposition of language-based on visual data. Coded
data could consist of interview transcripts, observation notes, journal analysis, documents,
drawings and artifacts, email correspondences and much more, coding is not a precise science,
rather it is an interpretive act (Saldaña, 2016). Coding is not a linear process but an iterative and
reflective process (Srivastava & Hopwood, 2009). Once coding has been done, it becomes easier
for researchers to tabulate test or recombine qualitative evidence to address the initial proposition
of a study.
14
Research Questions
Many case studies begin with a pilot exploratory research question, the purpose of the
pilot exploratory question is to identify the research questions or procedures to be used in the
subsequent research study (Yin, 2016; Robert, 2014). The researcher did not need to conduct an
exploratory case study to determine if the researcher had the correct research question and topic
for the research because it was clear to the researcher that the research question was feasible
based the literature reviewed.
Main research question
This research addressed the following research question (RQ):
RQ 1: What is the relationship between IT governance and hospital network operations?
Interviews, document review and observations conducted by the researcher were guided by the
following sub questions (SQ):
SQ 1: How is IT governance of network operations used to deliver value to the Hospital?
SQ 2: How is IT governance of network operations used for strategic alignment to the Hospital's
goal and mission?
SQ 3: How is IT governance of network operations used for performance management?
SQ 4: How is IT governance of network operations at the Hospital used for resource
management?
SQ 5: How is IT governance of network operations at the Hospital used for risk management?
Theoretical Framework
This research work is situated in the literature on corporate governance; as posited by
Joslin & Müller (2016), corporate governance is the system used to control and direct companies
(Yusof, 2016). IT governance works under the umbrella of corporate governance. Corporate
15
governance is situated in agency theory, stewardship theory, transaction cost economics,
stakeholder theory, shareholder theory, and resource dependency theory. Christopher (2010) also
noted that corporate governance principles are informed by theories such as agency theory; as
such, one of the foundations of corporate governance is agency theory. The epistemological
background of agency theory is rooted in economics and has for decades been used by scholars
across several disciplines such as organizational behavior, law, marketing, health care, and
accounting (Bendickson et al., 2016). Agency theory has its roots in the work of a German
sociologist Max Weber; agency theory is based on the concept of risk-sharing between two
parties; the two parties are the principal and agent (Bendickson et al., 2016), the principal is the
business owners or shareholders and the agents are the managers of the business, in agency
theory, one party acts on behalf of another (Shapiro, 2005), in this case, the managers of a
business are agents delegated to act on behalf the principal the stake holders of the business. The
main focus of agency theory is control (Asgarkhani et al., 2017), in the context of IT governance,
the principles of agency theory are used to control, direct and govern IT operations. IT
governance therefore is built on the foundation of agency theory, agency theory is one of the
guiding theories of corporate governance.
Definition of Terms
The section below defines technical terms used in this dissertation that readers might not
be familiar with. The definition of terms is used to increase understanding of the study.
Governance: It the process by which organizational leaders such as board of directors
use management to guide an institution in fulfilling its cooperate mission and protect an
organizations assets (Hamidovic, 2010)
16
IT governance: IT governance is a framework used to encourage desirable IT
implementation, accountability, and behavior in an organization (A. E. Brown & Grant, 2005).
Furthermore, ITG governance is concerned with the IT delivery of value to the business and the
mitigation of IT risks (Hamidovic, 2010).
Corporate Governance: Is how a firm is run to meet the interests of the firm’s stake
holders (Tagesson & Collin, 2016), corporate governance is used to direct and monitor the
business affairs of an organization (Pardis et al., 2016)
Agency theory: Is a theory rooted in economics where one party say an agent
(management team) represents another party principal(business owners such as stakeholder)
(Jiang et al., 2012)
ITIL: IT infrastructure Library (Hamidovic, 2010)
COBIT: Control Objectives for IT (Phillips, 2014; Lapão, 2010)
IT organizational alignment: Is the business value that IT contributes to the business in
terms of relationship and congruence.
Assumptions, Limitations and Delimitations
The researcher assumed that the research participants were be willing to share
information about IT governance during the data collection phase of the research. The researcher
also assumed that the Hospital would provide document review and access to their environment
to allow the research review and observe the IT governance process. This study is a qualitative
simple case study; qualitative findings and interpretations tend to be subjective because
researchers may make assertions about a phenomenon based on their assumptions about the
nature of text data, the researcher’s influence on text interpretation, and the validity checks used
to justify text interpretations (Lacity & Janson, 1994). Quantitative research explains research
17
findings based on facts primarily through objective measurements (Firestone, 1987). Researchers
using qualitative research use multiple techniques, and the inquiry process is flexible as the
researcher sees fit for a given scenario (Cypress, 2017), the kind of flexibility that qualitative
research calls into question the research validity of the research findings since the researcher is
sometimes the instrument of the research (Cypress, 2017). Good qualitative research must
therefore demonstrate research rigor, reliability, and validity (Barusch et al., 2011a; Thomas &
Magilvy, 2011). Quantitative research rigor is equivalent to reliability and validity in quantitative
research (Thomas & Magilvy, 2011), qualitative research rigor can be demonstrated through the
researcher's ability to show credibility, transferability, dependability, and confirmability of their
research findings (Thomas & Magilvy, 2011). Therefore, as a limitation, it is hard to demonstrate
research rigor and generalize conclusions based on a single exploratory case study conducted at
one Hospital in the Western United States of America, as previously noted in this study, simple
case studies tend to be subjective. Future research using multiple case studies should be
conducted to examine the differences in IT governance between several hospitals in the Western
United States of America and across the United States of America.
Chapter Summary
This chapter introduced an exploratory case study about the impact of IT Governance
(ITG) on hospital network operations. In this study, the researchers sought to seek to understand
the role of IT governance and the effects of IT management on critical health care infrastructures
such as IT networks. Understanding the impact of IT governance in hospitals could help
improve health care services through well managed Health Information Systems (HIS) (Yang et
al., 2013). In this qualitative explanatory simple case study, the researcher used interviews,
18
document review, and observation to understand the impact of IT governance on hospital
network operations and health care services.
Poor IT Governance tends to lead miss alignment between IT practices an organization's
missions, goals and overall strategy (Improving Strategic Alignment: A Case Study, 2015). In
this chapter, the researcher has introduced the concept of IT governance as a framework used to
encourage desirable IT implementation, accountability and behavior in an organization (A. E.
Brown & Grant, 2005). IT governance is a subset of corporate governance, corporate governance
is the process by which organizational leaders such as board of directors use management to
guide an institution in fulfilling its cooperate mission and protect and organizations assets
(Hamidovic, 2010). IT governance and IT activities need to be aligned to an organizations goals,
missions and strategy to be successful (Improving Strategic Alignment: A Case Study, 2015).
Chapter 2 will focus on the literature review of IT governance.
19
Chapter 2
Literature Review
This literature view covers IT governance and the effects of IT governance on hospital
network operations. The value of technology is not just in its possession; organizations need to
effectively govern IT resources for business success (Lanka, 2015). Information technology has
become an indispensable aspect of running business in the 21st century; organizations need to
have reliable IT departments that can cater to business needs and that are aligned to the business
needs of an organization; the process of creating reliable IT departments requires good IT
governance (Bianchi & Sousa, 2016; Lanka, 2015). Due to the ever-increasing dependence on
information technology by almost all organizations, the heightened risk of IT failure and miss
management of IT assets has led to an increased amount of IT scrutiny by business
organizations(Phillips, 2014). Although various bodies and IT governance frameworks have
contributed to the ITG framework such as the Information Systems Audit and Control
Association (ISACA) and Information Technology Governance Institute (ITGI), some of the
well-known ITG best practices are COBIT (Control Objectives for Information and Related
Technology), ITIL (Information Technology Infrastructure Library), and ISO17799: 2000
(International Standards Organization). There is no silver bullet answer to IT governance, the
solution lies between fine-tuning organizational structures, process and relational mechanisms of
an organization (Jairak & Praneetpolgrang, 2013). In health care, Health Information Systems
(HIS) have the potential to enhance productivity, lower costs, reduce medical errors and reduce
human resources strain in the health care industry (Yang et al., 2013; Rice, 2015), suggested that
HIS systems are increasingly becoming pivotal to the delivery of patient care because HIS
systems health care providers conveniently collect, organize and analyze patient information.
20
The following sections will highlight the historical literature, current literature and researchers
that have contributed to the common body of knowledge concerning IT governance.
Title Searches and Documentation
The list below is a list of some of the keyword’s searchers used by the researcher to
search the literature during the research literature review. The researcher used the University of
Phoenix online library to search for the content, other online libraries such as Academia.edu and
ERIC.ed.gov were used to search for content about IT governance:
1. "hospital governance" AND "information technology”
2. "information governance" AND ("hospital network" OR "hospital networks”)
3. “IT governance” AND ("hospital network" OR "hospital networks”) AND “A
case study"
4. “IT governance” AND (“hospital IT network" OR "hospital IT networks”)
AND “A case study"
5. "hospital governance" AND "information technology” AND “Case Study”
6. "IT governance” and "Case Study"
7. "IT governance” and "A case study"
8. Although the hospitals IT governance process were strong, IT governance at the
hospital was week when it came to measuring "outcome metrics”
9. "constant comparative data analysis" AND "Case study”
10. "constant comparative data analysis”
11. "constant comparative data analysis" AND "Case Study" AND "IT Governance”
12. "IT governance" and “Agility"
13. "IT governance" and "strategic alignment”
21
14. "IT governance" and "performance management”
15. "IT governance" and “IT resource management”
16. "IT governance" and "risk management”
17. Governance
18. IT governance
19. IT governance in hospital networks
20. IT governance in non-hospital networks
21. Health Information systems
22. IT governance for health providers is necessary
23. Corporate Governance
24. Agency theory
25. IT governance alignment to corporate governance
26. Network operations governance
27. Impact of IT governance on Network operations
28. ITIL and IT governance
29. Benefits of cooperate governance to an enterprise.
30. The challenges of IT governance to an enterprise.
31. IT governance in hospitals
32. IT best practices
33. Complexities of IT governance
34. IT governance in the 21st century
35. IT governance success stories
36. IT governance failures.
22
37. Effective IT governance
38. Effective Governance
39. Global IT governance initiatives
40. Triangulation
Historical Content
The aim of the historical context of section paper is to provide a historical context of
Information Technology Governance (ITG) and the benefits of ITG in environments that heavily
depend on Information Technology (IT) such as hospital computer networks in the healthcare
industry, the health care industry uses ITG to standardize and optimizes processes to enjoy a
competitive advantage that comes from effective and well-controlled IT practices. Although
ITG is a broad field generally categorized into IT decision domains such as: (a) IT Infrastructure,
(b) IT architecture, (c) Business Application Needs, (d) IT Investment, and (e)Prioritization
Decisions and IT principles (Weill & Woodham, 2005; Köbler et al., 2010). The focus of this
historical literature review is on IT governance for network operations in hospital environments
ITG for network operations falls under the IT architecture domain.
IT governance is a specific field of corporate governance which rose from the backdrop
of the increased importance of IT in enterprises and businesses today (Köbler et al., 2010). By
the beginning of the 21st century, many organizations heavily relied on information technology
to maintain a competitive advantage. However, many organizational information systems faced
threats that arose from poor or weak controls. As a result, IT governance rose from the need to
minimize information security risks and poor IT controls (Abu-Khadra et al., 2012). The attack
on the world trade center on September 11, 2001, raised both government and private sector
attention to securing and governing Information Technology assets of an organization(Hawkins
23
et al., 2003). Turel and Bart (2014), also noted that the collapse of large corporations such as
Enron and WorldCom that primarily resulted from the lack of good ITG controls to protect large
corporations such as Enron from cooperate fraud led to a new reality that Information security
risks could no longer be ignored by cooperate and government leaders, consequently, IT
governance quickly became a top management issue (Lainhart IV, 2000). Organizational leaders
increased their involvement in IT matters, and various studies suggested that that board member
oversight had the potential to influence organizational performance (Turel & Bart, 2014;
Lainhart IV, 2000). Heightened information security risks and legal requirements to secure
enterprise information systems such as mandated by the Sarbanes-Oxley act in 2002 gave rise to
IT governance frameworks such as the Control Objectives for Information and Related
Technology (COBIT) maturity model and the Information Technology Infrastructure Library
(ITIL) best practices (Abu-Khadra et al., 2012).
The other reason that led to the rise of ITG is that IT is highly integrated and co-evolves
with business, many top executives could no longer ignore or simply delegate what IT does,
growing scrutiny of IT operations, budgets, and contributions to a business’s competitive
advantage leads to IT governance (Peterson, 2004a). The rise of strategic management of IT
resources as a means to increase organizational performances led many business leaders to pay
more attention to IT activities as a way to gain and maintain a competitive advantage (Turel &
Bart, 2014). ITG describes the decision making roles and responsibilities among the different
stakeholders in an organization; ITG also defines the rights of decision-makers, processes, and
monitoring of decision making (Peterson, 2004b; Weill, 2004). ITG enables organizations to
align IT and business goals (Ali & Green, 2012).
24
In the past two decades, the government in the United States of America faced a
challenge of moving hospitals and physicians into the digital error; hospital leaders and
physicians needed to start viewing Health Information systems as a mainstream technology and
as part and parcel of the medical practice before the digital transition could occur (Blumenthal,
2010). The digital divide in the health care industry was due primarily to the fact that the health
care industry was underfunded, which led to challenges such as poor patient information privacy
(Cotter, 2007). Because the health care industry was underfunded (Cotter, 2007) and behind the
curve when it came to the adoption of information technology for business operations (Zhang et
al., 2013), the federal government in the United States of America led efforts for the adoption of
HIS systems to effectively manage electronic patient records, the adoption of electronic records
management systems led to benefits such as quality, efficiency, and provider satisfaction in the
health care industry (Buntin et al., 2011).
The need to digitize the healthcare industry led to another set of challenges, the rise in
complexity and sophistication of the IT capability in hospitals, increased IT complexity led to the
increased importance of IT governance in the health care industry (Bradley et al., 2012). The rise
in medical IT led to a requirement that IT managers standardized and optimized processes
(Köbler et al., 2010; Hoerbst, Hackl, Blomer, & Ammenwerth, 2011) observed that in order for
health care providers to remain competitive and cost-effective, they needed to innovate, invest in
technology and govern IT effectively using best practices such as the Information Technology
Infrastructure Library (ITIL). ITIL is a collection of best practices for IT operations first
developed by the British government 20 years ago (Worthen & Framingham, 2007), ITIL offers
guidelines that are most suitable for enterprise IT operations and ITG (Marques, Oliveira, Dias,
& Martins, 2011; Ahmad, Amer, Qutaifan, & Alhilali, 2013b).
25
The other dimension that led to the birth of ITG was the need for CIO to show their
relevance to the CEO, Ellen Pearlman (2004) argued that IT leaders such as the CIOs needed to
prove their relevance to the Chief Executive Officers (CEOs) of the organization through
valuable business contribution such as securing and effectively managing IT department and IT
assets, effective governance of IT assets led to a partnership with the business and enabling
business competitiveness by integrating IT with business strategies to attain business
goals(Lainhart IV, 2000). However, according to Buchwald, Urbach, & Ahlemann (2014), the
challenge that many organizations faced is that the leadership skills needed to offer IT
governance in many organizations that rely on technology were found lacking. The lack of good
IT leadership was compounded with the rising demand for IT leaders to secure organizational
assets (Silic & Back, 2014).
As illustrated in the preceding paragraphs, corporate governance is critical for ensuring
that critical decisions are consistent with an organizations vision, values, and strategy; IT
governance is crucial for ensuring that IT-related decisions match companywide objectives
(Jeanne & Peter, 2004) also known as IT alignment with business goals mission and object. Most
firms that registered economic success in the past two decades succeed because of their ability to
leverage IT investments (Weill & Ross, 2005; Weill & Woodham, 2005). Just like IT
governance is crucial for the success of many businesses, IT governance is crucial for the success
of Hospital operations Network operations.
The historical context of this paper has illustrated the historical background of ITG; it
was noted that the lack of ITG in organizations could have led to scandals, financial scandals
such as the case of Enron heightened information security risks and the need for CIOs to prove
their worth to the business led to heightened scrutiny of cooperate governance and IT governance
26
as a sub-set of cooperate governance. Just like ITG was crucial for the success of many
corporations in the past twenty years, ITG is essential in the health care industry when it comes
to effectively managing hospitals. We will now look at the current context of IT governance in
the past five years.
Current Content
This section is to provide the current context of Information Technology Governance
(ITG) and the benefits of ITG in environments that heavily depend on Information Technology
(IT) such as hospital computer networks in the healthcare industry. The health care industry uses
ITG to standardize and optimizes processes in order to enjoy a competitive advantage that comes
from effective and well-controlled IT practices. Due to the pervasive dependence on IT in almost
all sectors, organizations and society as a whole has raised concerns about ITG (Sergio, B;
Keungoui, K; Hyeunyoung, Y; Junseok, 2018). Although IT governance makes it possible for
organizations to meet organizational challenges and create business value, many organizations
still face challenges of how to effectively govern IT in an organization(Altemimi & Mohamad
Shanudin, 2015). The other challenge that decision-makers face is justifying the cost of IT to
business because, in many cases, it is not evident that IT investments improve an organization's
performance (Ilmudeen & Bao, 2018). The two combined challenges about how to effectively
create value and how to optimize IT investments highlights why effective ITG is essential for the
success of organizations.
As previously noted in the historical context section about the origins of ITG, ITG
resulted from the corporate failures of large corporations in the 1990s that highlighted that
corporate failures reached beyond poor and week corporate governance but that there was week
IT controls and practices that needed to be reformed as part of the efforts to reform and regulate
27
cooperate governance (Ako-Nai & Singh, 2019). The collapse of large corporations such as
Enron and WorldCom that mainly resulted from the lack of good ITG controls to protect large
corporations such as Enron from cooperate fraud led to a new reality that Information security
risks could no longer be ignored by the cooperate and government leaders (Turel & Bart, 2014).
Organizational leaders increased their involvement in IT matters, and various studies suggested
that that board member oversight had the potential to influence organizational performance
(Turel & Bart, 2014). In recent years, the rise of strategic management of IT resources as a
means to increase organizational performances has led many business leaders to pay closer
attention to IT activities as a way to gain and maintain a competitive advantage (Turel & Bart,
2014). The lack of good IT leadership was compounded with the rising demand for IT leaders to
secure organizational assets (Silic & Back, 2014). ITG plays a critical role in securing an
organizations data, especially in sectors such as health care (Mbonihankuye et al., 2019).
In the past five years, IT governance has made it possible for organizations to generate
value and maintain a competitive advantage (Altemimi & Mohamad Shanudin, 2015; Selig,
2016), also noted that in recent years, organizations have increasingly become dependent on IT
because IT is an integral part of a business and business operations, as such organizations must
pay special attention to how IT is governed in their organization by the use of comprehensive IT
governance frameworks. In some instances, CIO innovation can be attributed to good ITG and
good IT strategies (Liebe et al., 2017). CIO innovation following ITG best practices enhances an
organization's competitive advantage.
Businesses that operate in a knowledge economy operate in highly volatile and uncertain
environments, such environments require knowledge management and the effective
implementation of IT, one of the aims of corporate IT governance is to optimize IT investments
28
to achieve business objectives, the real increase in business value demands that business and
technology managers work in tandem (Lombardi et al., 2016). The relationship between IT-
based synergy’s and corporate based synergies reduce the tension between IT and business and
lead to an alignment that contributes to business success (Kude et al., 2018). The success of IT
management and business value creation could be largely attributed to Professionalisms of
Information Management (PIM) (Liebe et al., 2018), PIM is a subset of ITG. Another key driver
of IT governance has been the consumerization of IT, the consumerization of IT is mostly driven
by the ever-changing demands of customers, and organizational leaders now require more
control of IT practices (Wayne Gregory et al., 2018). Poor governance and control of IT
operations have often led to the failure of IT projects and implementation and effective IT
operations in organizations that heavily rely on IT for day-to-day businesses operations (Ako-Nai
& Singh, 2019), such as in the health care sector.
Just like any industry, the health care industry has significantly benefited from
information technology and the benefits of IT and good ITG practices. In the health care
industry, HIT and communications systems are indispensable together with the administrative
support structures that support health information systems (Thye et al., 2017). In a qualitative
case study by Islam (2015), it was discovered that the use of Information technology such as the
internet and electronic devices to manage patient records contribute significantly to enhancing
health service transparency, and a reduction in corruption in the health care industry, which lead
to improved health care. Good ITG generally drives HIT innovation, well-structured
environments with good IT strategies enhance an organization’s ability to promote IT
Innovation, as observed in other sectors. Hospital executives that adopt IT governance are likely
to choose IT projects that will contribute to organizational sustainability and projects that will
29
positively add value to an organizations stake holders such as employees and customers (Ako-
Nai & Singh, 2019), good information management systems enable good decision making in
hospitals and allow hospitals to remain agile and competitive (Gordon, 2010).
Although ITG is essential for the success of many organizations, in a study conducted in
14 German hospitals, it was discovered that CEOs that are less IT savvy were less inclined to
trust their CIOs and were less willing to invest in newer technology and innovations compared to
CEOs that were IT savvy (Thye et al., 2018). The goal for decision-makers in organizations is to
increase IT awareness; as business leaders such as CEOs become more aware of the benefits of
IT then the CEOs are more likely to support IT investments.
In this section, the researcher reviewed and presented how the current literature of ITG
contributes to the success of all sectors with a specific focus on the health sector. It was noted
that the lack of ITG in organizations could have led to scandals such the financial scandals in the
1990s that led to heightened information security risks and the need for CIOs to prove their
worth to the business that resulted from increased scrutiny of cooperate governance and IT
governance. In the last five years, ITG has increasingly become relevant for companies in
maintaining a competitive advantage. Just like ITG was crucial for the success of many
corporations in the past twenty years, ITG is vital in the health care industry when it comes to
effectively managing hospital IT networks and network operations.
Theoretical Framework Literature
As previously noted in chapter 1, this research work is situated in the literature on
corporate governance, as posited by Joslin & Müller (2016), corporate governance is the system
used to control and direct companies (Yusof, 2016). According to C. T. Clarke and Branson
(2016), corporate governance is concerned with maintaining a balance between economic and
30
social goals, between individual and communal goals in a way that sought to optimize
organizational resources through accountability and good stewardship of an organization's
resources.
Corporate governance is situated in agency theory, stewardship theory, transaction cost
economics, stakeholder theory, shareholder theory and resource dependency theory. Christopher
(2010) also noted that corporate governance principles are informed by theories such as agency
theory, as such one of the foundations of corporate governance is agency theory as noted by
(Christopher, 2010; Donaldson & Davis, 1991). The epistemological background of agency
theory is rooted in economics and has for decades been used by scholars across several
disciplines such as organizational behavior, law, marketing, health care and accounting
(Bendickson et al., 2016) Agency theory has its roots in the work of a German sociologist Max
Weber, agency theory is based on the concept of risk-sharing between two parties, the two
parties are the principal and agent (Bendickson et al., 2016), the principal are the business
owners or shareholders and the agents are the managers of the business, in agency theory, one
party acts on behalf of another (Shapiro, 2005), in this case the managers of a business are agents
delegated to act on behalf the principal.
Although agency theory is not sufficient to explain corporate governance (Yusof, 2016),
this research used agency theory as the underpinning theory for cooperate governance.
Furthermore, agency theory is used as the guiding principle between business owners such as
shareholders and their agents, the managers (Christopher, 2010; Joslin & Müller, 2016). The
agents represent the principals in their business transactions, the more aligned the agents to the
principal's interests, the lesser the communication gap and discord between principals and agents
(Christopher, 2010). In an organization, the board or principal delegates responsibilities to the
31
manager the agent through the use of policies and the use of measuring and monitoring measures
issued by the board of directors used as a form of corporate governance to measure whether IT
managers are delivering the promised value for the business (Posthumus & Von Solms, 2008).
Using agency theory, many hospitals in the United States are governed by governing boards that
continuously seek to improve the quality of patient care (Jiang et al., 2012).
Corporate governance is used to formulate the rules under which the agents operate to
satisfy the principals(owners of the business) interests (Donaldson & Davis, 1991). IT
governance is a subset of corporate governance, and IT governance practices should be aligned
with corporate governance (Ferguson et al., 2013). IT governance seeks to align IT practices
with an organization’s strategy, vision, and mission (Posthumus & Von Solms, 2008). Aligning
IT governance to corporate governance could minimize agency loss and creates effective IT
operations (Ferguson et al., 2013). Since IT governance practices are derived from corporate
governance practices, it is essential to understand corporate governance before attempting to
understand ITG. IT managers as agents, seek to maximize the value of the principal's investment
through exercising good corporate stewardship and agency (Donaldson & Davis, 1991; Joslin &
Müller, 2016). IT governance aims at developing structures and processes used by the
organization to direct and control the enterprise to add value to the business and balance the risks
associated with IT processes in an organization (Ferguson et al., 2013). Dawson et al. (2016)
posited that IT governance is a broader concept that goes beyond the effective and efficient
supply of IT services and products. The supply of IT services and products is the primary
concern of IT management guided by concentrating on transforming information technology of
an organization to meet both current and future demands of the business as well as the needs of
the businesses customers, IT governance therefore is concerned with instituting controls over IT
32
management to create value and sustain benefits (Dawson et al., 2016). Due to the rising
organizational dependence of Information Technology in organizations, many organizations now
have increased interest in IT governance (Peterson, 2004b). Organizations with poor IT
governance tend to face challenges such as information inaccuracy, inefficient IT operating
costs, run away IT costs, and sometimes the ultimate extinction of the IT department (Ali &
Green, 2012). Due to the importance of the effective operation of an IT department, it is in the
best interest of an organization such as a hospital to ensure that IT departments and network
operations are governed effectively.
According to Mueller et al. (2008), enterprise IT governance drives and sets the goals that
must be accomplished by IT governance. As a subset of corporate governance, IT governance is
concerned with the leadership and organizational structures, process, and relational mechanism
the ensures that an organization’s IT systems serve the strategic and sustainability goals of an
organization (Haanappel et al., 2011). Corporate governance encompasses IT systems, IT
infrastructure, IT communication systems, and software that organizations rely on to run
business operation. Although Clarke and Branson (2012) argued that good corporate governance
is an essential component of market integrity, efficiency, and financial growth of an
organization. Doherty et al. (2012) argued that entrepreneurs, investors, and corporations lack
the ability to craft governance that can quickly respond to changes in technology, the
competition, and customer needs. The lack of adequate IT governance may lead to poor
stewardship of IT resources, long, slow, and sometimes misaligned IT governance processes,
which affects the speed and quality of services delivered to an organization's customers such as
patients at a hospital.
33
Although many firms enjoy above-average industry returns due to good IT governance
practices (Weill & Woodham, 2005; Weill, 2004), in the health care industry, poor Corporate
governance has led to information system failures resulting from health care system failures in
organizations that lack of good corporate governance (Delaney, 2015). In some instances, poor
corporate and IT governance has led to network outages, delayed network improvement projects,
and insecure networks that could translate into poor patient care (Delaney, 2015). In
environments such as the health care industry, it is crucial that hospital administrators effectively
manage ITG for improved and reliable patient care in hospitals. Hospital network operations are
at the heart of the effective delivery of communication pathways and the security of data at
hospitals. Despite the significant research dedicated to IT governance in business cooperation’s
and hospitals, current literature indicated little to no literature concerning the effects of IT
governance on hospital network operations.
Methodology Literature
In this section, the researcher covers some of the methods that were used by researchers
in previous research work related to this research and how this research will contribute to the
body of knowledge of IT governance using similar research methods such as purposeful
sampling. Qualitative research primarily deals with words and numbers (Stenman, 2019). This
study sought to understand the effect ITG has on network operations in environments such as
hospitals, the researcher identified categories and themes that emerged from talking to IT
managers and IT employees in an IT department about their perceived effect of IT governance
processes on network operations at a hospital. Using a case study helped the researcher
understand the effect of IT governance on network operations through processes such as the
change management process.
34
Qualitative research designs may take forms such as narrative, phenomenology, ground
theory, ethnography, and case study (Creswell, 2009). However, despite the quality work
produced by many qualitative research efforts, qualitative researchers continue to be critiqued for
lack of scholarly rigor (Gioia, Corley, & Hamilton, 2013; Daniel, 2018). Maintaining research
validity is a critical component of qualitative research designs; in both quantitative and
qualitative instruments, there are three major validity items as identified by (Heale & Twycross,
2015; J. W. Creswell, 2014) the three items are: Content validity, construct validity and criterion
validity. Using content validity guidelines, researchers may seek to implement research
instruments that accurately measure all aspects of the research constructs, such as the time it
takes to implement IT services and solutions in an organization. Researchers may use construct
validity to ensure that research instruments measure hypothetical constructs or concepts of
interest in a given research study. Lastly, researchers may use criterion validity to determine the
extent to which the research instruments are related to other research instruments that measure
the same variable.
Positivists and interpretivists research paradigms have divergent views of how research
results may be evaluated; positivists use validity, reliability, and generalizability, while
interpretivists may find generalizability of little value when applied to peoples lived experiences
(Carcary, 2009). Although qualitative research is not inferior to quantitative research, qualitative
research has been criticized for decades for its lack of scientific rigor compared to quantitative
research (Casey & Murphy, 2009), to this extent, qualitative researchers should seek to conduct
and report research findings with the highest possible quality (Casey & Murphy, 2009).
Quantitative researchers showcase their quality of work through rigor and validity, while
qualitative researchers enhance the quality of their work by showing that their work is credible
35
and trustworthy (Casey & Murphy, 2009). The trustworthiness of a qualitative research is a
concept that refers to the degree of confidence and interpretation of data in an effort to increase
the quality of a research(Connelly, 2016). The trustworthiness of qualitative research is founded
on the principles of credibility, transferability, dependability, authenticity, and confirmability
(Casey & Murphy, 2009; Connelly, 2016). Carcary (2009), further posited that qualitative
researchers could enhance the confirmability aspect of trustworthiness of a study by establishing
an audit trail; an audit trail allows users to audit the events, influences, and actions of the
researcher.
Daniel (2018), recommended four dimensions that researchers can use to demonstrate
qualitative research rigor, the four dimensions are Trustworthiness, Auditability, Credibility, and
Transferability or TACT. The TACT framework and approach complementary to the approach
of verifying credibility, confirmability, dependability, and transferability as suggested by
Langtree, Birks, & Biedermann (2019), using the TACT framework helps researchers to provide
a better process for undertaking and reporting outcomes of qualitative research and for exploring
different dimensions of rigor (Ben,2018). Both approaches suggested by Daniel (2018)) and
Langtree et al. (2019) can help qualitative researchers explore different dimensions for assessing
the outcomes of a qualitative researcher.
As argued by Heale and Twycross (2015), qualitative researchers are expected to
demonstrate a level of research rigor when conducting qualitative research. Research rigor is
demonstrated through objectivity, reliability, and validity in social research; demonstrating
objectivity, reliability, and validity in qualitative research is not an easy task (Barusch et al.,
2011b). Demonstrating research rigor in qualitative research may not be easy to achieve mainly
because qualitative research assumes a constructivists approach where meaning is constructed
36
based on the researcher’s perceived reality of the lived experiences of the research subjects
(Daniel, 2018). Qualitative research paradigms are primarily founded on relativism and
prepositionally or standpoint of the researcher and the role of community in research, voice,
reflexivity, reciprocity, and fluidity between the researcher and researched (Barusch et al.,
2011a). Because knowledge building and formation of qualitative research primarily emerge
from relationship building between the researcher and the researched and the perceived reality of
the researched (Wa-Mbaleka, 2017), critics of qualitative research are led to question the
relationships that form the context in which qualitative research work is developed and may call
into question the credibility, reliability, and validity of a given research (Barusch et al., 2011a).
To establish the credibility of a given study, qualitative researchers can generate confidence in
their qualitative research through the use of methods such as prolonged engagement during data
collection, persistent observation, triangulation, which is a process of comparing several data
types and sources, peer debriefing, negative case analysis, and member checking(Barusch et al.,
2011a; Wa-Mbaleka, 2017), suggested that researchers could strengthen their researcher through:
(1) Making a strong case for qualitative research in the title, abstract and keywords; (2) Stating
the relevance of the research in the introduction; and (3) Starting qualitative research with a clear
research question.
A combination of Content validity, construct validity, and criterion validity and TACT
framework could be used as tools to build confidence in skeptics that may not readily accept
qualitative case studies as a valid research method. Although providing rigor or trustability in
qualitative research is necessary, research rigor is not sufficient for ensuring high-quality
research, qualitative researcher rigor that does not translate to good research, good research must
37
also be evaluated on the basis of its relevance to the profession and its potential impact to social
justice (Barusch et al., 2011a).
Despite the fact that case studies face criticism for lack of rigor, case studies have been
widely used to provide management fields with some of the most insightful findings about
management as a discipline (Ellinger & McWhorter, 2016). Creswell, Stake, Meriam and Yin are
considered to be key methodologists of case study research and have provided procedures to
follow when conducting qualitative case study research (Yazan & De Vasconcelos, 2016), case
studies are used to explore a phenomenon of interest (Ellinger & McWhorter, 2016), case studies
are used across paradigms, disciplines that require a careful examination of a phenomenon under
investigation (VanWynsberghe & Khan, 2007; Yazan & De Vasconcelos, 2016). Case studies
are used to help develop an understanding of a problem or process; in this case, Case study
helped the researcher understand the effect that Information Technology governance (ITG) has
on hospital network operation in the Western United States of America (Alpi & Evans, 2019;
Hyett, Kenny, and Dickson-Swift (2014a).
Case studies may be used to collect evidence using multiple tools sources such as
interviews, observation, document review, and physical artifacts (Jennifer, 2000; Yazan & De
Vasconcelos, 2016); in this study, the interviews were used as the main source of case study
evidence. Case study research heavily depends on the researcher's ability to ask good questions
(Jennifer, 2000). The purpose of interviewing is to allow a researcher to enter into the interview
participant's perspective (Jennifer, 2000). Interviews are necessary when a researcher cannot
observe the behavior or phenomenon of a study but may also be used in combination with other
qualitative evidence collection tools such as observation, as noted by Jennifer(2000). The
researcher used interviews as one of the three tools used for data collection.
38
Qualitative researchers often uses purposive samples as a strategy to increase
understanding of an individuals or groups experiences by selecting information-rich cases and
selecting individuals, groups and organizations that will provide the most information about a
specific research phenomenon (Devers & Frankel, 2000), a purposive sample is a process of
handpicking research participants (Knechel, 2019), qualitative researchers seek specific
participants with rich experiences about a research phenomenon (Knechel, 2019). Although
qualitative researchers may use as many participants as possible until a point of saturation is
reached (Knechel, 2019), in this study, the researcher chose a purposive sample of 11 interview
participants. Mason ( 2010), posited that there is a point of diminishing returns that researchers
need to be aware of. More data in qualitative research does not necessarily lead to more
information; one occurrence of data is as useful as many occurrences in qualitative research
because qualitative research is all about sense making of a social phenomenon as opposed to
creating generalizations based on frequencies that occur in sample data. Existing literature
suggests that there are no clear guidelines about how many participants and interviews a
researcher needs to conduct before reaching the point of saturation or simply a point where no
new information can be gathered from the research participants (Guest, Bunce, & Johnson, 2006;
Young & Casey, 2019). Paradoxically, qualitative researchers often have to make a decision
about the anticipated sample size of their study before data collection starts for resource planning
and for research approval purposes (Young & Casey, 2019). In an empirical research conducted
by Young & Casey (2019), to determine the point at which data collection and analysis produces
little or no change to the codebook, transcripts reviewed from previous studies revealed that 73%
of codes were identified in the first six interviews and 92% with in the first 12 interviews, Guest
et al. (2006), suggested that 12 to 16 participants is when a point of saturation was reached,
39
Francis et al. ( 2010) reached a point of saturation after 10 interviews. However, when
conducting research in cross-cultural groups and homogeneous groups, the number could range
between 20 to 40 before a point of saturation is reached (Young & Casey, 2019). The researcher
reached a point of saturation on the 9th interviewee participant.
As illustrated by Guest et al. (2006), Young and Casey (2019), Francis et al. (2010) and
many other scholars, establishing a minimum sample size is an elusive topic which may come
down to two things 1) “the researcher has had it all” and 2) “the researcher understanding it all”
(Young & Casey, 2019), before the point of saturation is reached. Some studies may reach a
point of saturation with just a few samples while others may not (Young & Casey, 2019).
In a case study about Maternal Healthcare Services in the Ketu South Municipality,
Ghana by Amu and Nyarko (2019), the researchers used a purposeful case study to purposively
select participants because the target population had a higher chance of providing the
information need about Mental Health care services, the selected participants would help the
researchers to understand there research problem better. Ako-Nai & Singh (2019), used a
purposive sample method to identify and assess the aspects of IT governance implemented by 23
companies listed on the Johannesburg Stoch Exchange in South Africa.
Amu & Nyarko (2019), suggested that the sample size followed the principle of thematic
saturation; participants may be interviewed until no new themes are generated from the
participants. There are no hard numbers about what constitutes a qualitative research sample
size, some scholars suggest 12-20, some suggest between 10 to 100 participants (Tuckett, 2004),
qualitative researchers tend to rely on small samples with the aim of studying a phenomenon in-
depth and detail. Purposeful samples using a small number of participants that can satisfy the
need for a detailed in-depth study (Tuckett, 2004).
40
Qualitative researchers may also use flexible research designs that change as the research
progresses (Tuckett, 2004) up to a point where the researcher feels like they have reached a point
of data saturation, a point where no new information can be gathered from the research
participants (Guest et al., 2006; Young & Casey, 2019) or a point of diminishing return. Devers
& Frankel (2000), suggested that qualitative research is similar to a rough sketch design to be
filled in by the researcher as the study proceeds after the main research question is defined and
resources secured for the research, qualitative research can be likened to an abstract drawing,
qualitative researchers can make the research more concrete by developing a sampling frame that
will be used to answer the research question, developing a sampling frame takes into account
identifying specific sites, objects, and a commitment of participants in the study(Devers &
Frankel, 2000). In a study conducted by Best et al. (2018), where a purposive sample of senior-
level managers such as board members, executive directors, funder and academics were to
selected as participants. This research used a purposive sample of the CTO, IT directors, service
management managers, IT network engineers and Change advisory board (CAB) members as
interview and observation participants.
The benefits of purposive samples is that purposive samples are selected due to a
predetermined criterion, and data may be collected until a point of saturation is reached (Guest et
al., 2006). The advantage of a purposeful sample, which is that the research participants are
hand-picked, is also a weakness of case studies, as such, the findings of a case study are subject
to criticism for the lack of bias (Knechel, 2019), purposive samples largely depend on the
researcher's judgment to select research participants, handpicking research participants may be
called into question by critics of qualitative research because qualitative research has been
criticized for decades for its lack of scientific rigor compared to quantitative research (Casey &
41
Murphy, 2009). Qualitative researchers should seek to conduct and report research findings with
the highest possible quality (Casey & Murphy, 2009). After sampling strategies to be used have
been defined, researchers must now turn their attention to the strategy for choosing the most
appropriate technology tools for data management and analysis.
Selecting the right sample of research participants is crucial to building the
trustworthiness of qualitative research (Knechel, 2019). Because it is logically impossible to
include every participant in a study, researchers use sampling mechanisms such as random
sampling or snowball sampling to enroll research participants (Knechel, 2019). A qualitative
researcher should endeavor to avoid or mitigate the level and impact of sampling error simply
defined as the difference between the sample and population that it is meant to represent the
sampling bias defined as the systematic enrollment of participants who are either over or under
represented as a subgroup relative to the research population (Knechel, 2019).
Although probability sampling using techniques such as simple random sampling,
stratified random sampling, cluster sampling, and systematic sampling are considered ideal in
quantitative research , non-probabilistic sampling such as convenient sampling and snow balling
sampling are used in qualitative research because qualitative researchers look for individuals
with reach experiences that can meaningfully contribute to the phenomenon under study
(Knechel, 2019). Snowballing is a convenient, non-probabilistic, and nonrandom method of
recruiting research participants through referrals; one research participant refers to another who
in turn, refers to another (Geddes et al., 2018) until the researcher reaches a point of data
saturation. Snowballing can be an effective technique for recruiting participants under
investigation who may be hard to find due to low numbers of potential participants and are
42
hidden, for example, research about participants that fit a particular sexual orientation (Browne,
2005).
Although snowball sampling is frequently advocated and employed by qualitative social
researchers, snowballing sampling is prone to faltering and failure (Geddes et al., 2018). As a
mitigation measure to the likely failure of snowball sampling, researchers can use alternative
forms of networking such as horizontal networking; horizontal networking is a process used by
the researcher is encouraged to look further and cast the net much wider and shallower drawing
on both strong and weak ties in the process, a wide variety of research participants are gained
using a horizontal networking approach as opposed to drilling down vertically through social
networks (Geddes et al., 2018).
Research Design Literature
Fiss(2015), suggested that cases are historically used to study organizations and
organizational process, cases of study limit boundaries of a real-world phenomenon to time and
space (Fiss, 2015). Research preparation should begin with a good research question and
proposition, good research questions may be followed by a good research design as one of the
preliminary decisions that may need to be made before evidence collection begins (Jennifer,
2000), qualitative researchers also need to be careful when articulating their research design to
show how their research design demonstrates academic research rigor (Jennifer, 2000).
Ebneyamini and Sadeghi Moghadam(2018) submitted that some of the preliminary
decisions that need to be made before researchers start collecting data are (1). Defining the
research framework, this can be done through conducting a literature review and constructing a
theoretical framework; (2). Identifying a research problem and building a research question or,
crafting and sharpening research questions; and (3). After formulating a good research question
43
(s), researchers should begin by identifying the population or the entire collection of the cases
that the researcher is interested in (Knechel, 2019), the researcher should then create a criteria for
including participants who have experienced an event, and identify the sample size. Sampling
may include the selection of a subset of the case study that should be included in the study
(Knechel, 2019), and finally, how researchers can know when a point of participant and data
saturation has been reached to stop collecting data (Knechel, 2019).
Selecting the case and selecting the sample (Ebneyamini & Sadeghi Moghadam, 2018),
need to be made relative to the types and sources of evidence (Plümper et al., 2019). Paton
(2015) posited that defining the boundaries of a case study such as how many sites will be part of
the study and how many people will be in the study is another crucial phase of defining the
boundaries of a case study, Paton (2015), further recommended about 15 people that should be
part of a study in the case of case study research, research can be single or multiple case studies
with multiple sites.
The primary advantage of using case study and a purposeful sample to understand a
phenomenon such as the role that the effect of IT governance on network operations at a hospital
in the Western United States of America is the opportunities for researchers to get a holistic view
of the process being studied from participants that are likely to meaningfully contribute to the
phenomena under inquiry (Ebneyamini & Sadeghi Moghadam, 2018) because case studies help
researcher gain an in-depth understanding of a specific social phenomenon. After the key
preliminary decisions were made, such as selecting a case, and the research question was
defined, the researcher turned to the sampling and evidence collection methods to be used.
44
Conclusions
Both historical and current literature review suggests that Good corporate governance
translates to good IT governance, IT departments that adhere to business needs and that are
aligned to the business needs of an organization, the process of creating reliable IT departments
requires good IT governance (Bianchi & Sousa, 2016). Good ITG are likely to lead to well
managed Health Information Systems (HIS), well maintained HIS, have the potential to enhance
productivity, lower costs, reduce medical errors and reduce human resources strain in the health
care industry (Yang, Kankanhalli, Ng, & Lim, 2013). Although good corporate and IT
governance is critical for the success of many of organizations, good corporate governance, and
ITG for network operations is particularly essential for the success of health care organizations,
IT governance is often found lacking for IT network operations, this research explored the effect
that ITG has on network operation and the role ITG for network operations in hospitals can have
on patient care.
Chapter Summary
In this chapter, the researchers has reviewed both germinal and seminal literature bout IT
governance and why it is essential to align IT governance to corporate governance for the
success of an organization (Peterson, 2004a; Turel & Bart, 2014). IT governance helps
organizations to meet a competitive advantage, and IT is an integral part of business today
(Altemimi & Mohamad Shanudin, 2015; Selig (2016). One of the key underpinning theories of
IT governance is agency theory; agency theory is one of the underpinning theories of corporate
governance (Christopher, 2010; Donaldson & Davis, 1991), IT governances practices of an
organization should be aligned with corporate governance practices, goals, mission, and strategy.
Finally this chapter reviewed case studies and how case studies are suitable for studying
45
organizations and organizational processes (Fiss, 2015). This study used an exploratory case
study using purposive sample participants such as the CTO, IT directors and network engineers
that would meaningly contribute to the research phenomenon; case studies have been used to
understand research phenomena such as the effect of IT governance on network operations at a
hospital in the Western United States of America. Chapter 3 focused on research methodology.
46
Chapter 3
Research Methodology
As previously noted in chapters 1 and 2, the purpose of this simple exploratory case study
was to explore the effect that IT governance (ITG) has on network operations at a hospital in the
Western United States of America. This chapter reviews an exploratory case study and the data
collection methods used to collect data about IT governance's perceived effects on network
operations. The researcher used a triangulation method to compare and contrast evidence from
three data sources: interviews, document review, and observation. A case study research method
was used because case studies are commonly used to understand organizations and
organizational processes. Chapter three also presents the main research question of the research
"What is the relationship between IT governance and hospital network operations" and sub-
research questions used to investigate further the perceived effect of IT governance on hospital
network operations. A purposeful sample of 11 IT employees and hospital administrators was to
capture the perceptions. The purposive sample was used to explore research participant's
perceived views about the role of IT governance in network operations. All research participants
were required to read and sign an informed consent form; the informed consent form allowed the
researcher to collect data from research participants. After the research participants signed the
informed consent form, the research participants were asked to scan the informed consent form
and send it back by email to the researcher.
Credibility and transferability were established by triangulating data sources such as
interviews, document review, and observation. The data analysis process was conducted using an
iterative process that continued throughout the data collection process and after the data
collection process. Additionally, after the data collection process, the researcher began intense
47
data analysis by bringing together all the collected information from sources such as interviews,
field notes from observation, and IT governance documents into a single case study database.
Data from interviews, IT governance documents, and observation notes were imported into a
computer-aided design and analysis software MAXQDA Analytics Pro 2020 for Mac OS, release
20.3.0.
The researcher engaged in a constant comparison process to generate categories and
themes from the data collected from interviews transcripts, observation field notes, and IT
governance documents. Using MAXQDA Analytics Pro 2020 for Mac OS, release 20.3.0, the
researcher started the data analysis by reviewing, reading, re-reading, developed a coding
scheme to help identify emerging themes from the data and how the emerging themes answered
the research question.
Research Method and Design Appropriateness
This study was an exploratory case study that explored the effects of IT governance on
network operations at a hospital. Case methods are used as research methods of choice to study
complex real-life phenomena (Bhatta, 2018). This study used a case study method to answer how
and why questions about the effects of IT governance on network operations.
Alpi and Evans (2019) noted that case studies are qualitative research designs used to
explore a time, space-bound, and context-bound phenomenon; an investigator explores real-life
single our multiple bound systems over time using in-depth data collection involving various
sources of information. Hyett et al. (2014a) posited that a qualitative case study explores a real-
life contemporary bounded system. Yin (2018) suggested that case studies may be used if the
researcher sought to answer: (a) "how" or "why" questions of a social phenomenon; (b) the
researcher has little or no control over the behavioral events of the research; and (c) the focus of
48
the study is mostly contemporary as opposed to being historical. Case study evidence can be
collected from interviews, observation, document review, and physical artifacts(Alpi & Evans,
2019). A case study, especially a single case study is bounded because case studies focus on a
single entity (Coso Strong & Sekayi, 2018; Jensen & Rodgers, 2001). Hyett et al. (2014)
contended that case study research is an investigation and analysis for single or multiple cases to
capture the object of the study's complexity (Hyett et al., 2014a). Case study is a design of
inquiry that can be applied to many fields, especially in which a researcher develops and in-depth
analysis of a case such as a program and an event, activity, or processes in an organization
(Creswell, John W.; Creswell, 2018). Although case studies cannot be used for generalization in
social research, case studies are used to study human behavior because they are down-to-earth
and attention-holding (Stake, 1978). As suggested by (Alpi and Evans, 2019; Hyett et al. 2014;
Creswell, John W.; Creswell, 2018; Coso Strong & Sekayi, 2018) the meaning of a bounded
system in a case study is derived from the characteristic of cases study designs. Case studies are
context-bound or specific to a unit of study; a case can be a bounded system such as an
institution (Stake, 1978) , time-bound, for example, a year or six months as the period of study.
Case boundaries are kept in focus to determine what is in scope and what is out of the scope of
the study (Stake, 1978).
Case Studies may be used to develop an understanding of an organization such as an IT
department as a case, describe how the IT department works, point out some themes that emerge
from talking to IT employees during the data collection period. Using a case study approach, a
researcher can investigate and come to an understanding about an organization such as an IT
department and how the IT department works, and the impact an IT department has on an
organization. In qualitative case studies, researchers seek to study a phenomenon within its
49
context (Farquhar et al., 2020); a case study can also be defined as an empirical inquiry that
investigates a contemporary phenomenon in-depth and within a real-life context (Farquhar et al.,
2020; Bhatta, 2018). Yin (2017), posited that the main focus of a case study is usually concrete
entities such as a person or group of people, an organization, a community, program, process,
policy, institutional practices, and organizational events such as decision making within a
defined context and boundaries. Case boundaries are conditions that fall within the boundaries of
the case in a case study such as time period of the study, social groups that are part of the study,
organizations, and geographic locations of the study (Yin, 2018). One example of case
boundaries is the example of project scope, similar to out-of-scope projects, and scope creep in a
project is the concept of cased study boundaries. If case study boundaries are not well defined,
such as who will be studied, the location of the study and the time frame of the study, case study
research is likely to be out of scope.
Research Questions
The researcher relied on the three methods of data inquiry for triangulation. Triangulation
is generally a concept used to measure the distance between two points and the relative position
of points.(Farquhar et al., 2020b) In social research, triangulation is used as a metaphor to
explain using different data sources in qualitative research methods such as case studies
(Farquhar et al., 2020b, Morse, 2015). The researcher used document triangulation using sources
such as document review, interviews, and observation.
This research addressed the following research question (RQ):
RQ 1: What is the relationship between IT governance and hospital network operations?
Interviews, document review and observations conducted by the researcher were guided by the
following sub questions (SQ):
50
goal and mission?
management?
Population and Sample
A research population is the superset or larger universe of what the researcher wishes to
study(Gentles, Charles, Ploeg, & McKibbon, 2015), and the sample is the representative subset
of the superset of what the researcher wishes to study. The goal in both qualitative and
quantitative studies is to select a sample that would most appropriately help answer the research
question(Meltzoff, J., & Cooper, 2018). In qualitative research, a sample-sized between 10-30
participants among a homogeneous population is considered adequate(Boddy, 2016). This study
explored a purposive sample of 11 current IT employees responsible for IT governance. The
participants interviewed were also part of the change advisory body (CAB). CAB meetings were
comprised of 10 to 15 participants depending on the number of changes presented. Documents
reviewed Included IT governance documents and articles retrieved the hospitals IT governance
online portal. (Emerson; 2015; Gentles, Charles, Ploeg, & Ann McKibbon, 2015) defined
sampling as the acts, processes, or techniques used to select a representative part of a population
to determine parameters or characteristics of the whole population. More specifically, sampling
is the selection of specific data sources from which data that answers a research question is
51
collected (Gentles, Charles, Ploeg, & Ann McKibbon, 2015); sampling decisions are highly
critical to improving the quality of research work done (Suri, 2011).
In quantitative research, probabilistic sampling methods such as random sampling could
be used (Meltzoff, J., & Cooper, 2018). Random samples tend to represent their parent
population reasonably well, and the entire community has an equal chance of being included in
the research (Meltzoff, J., & Cooper, 2018). However, in qualitative research, nonprobabilistic
sampling methods such as purposive samples may be used to select research participants (Yin,
2018; Meltzoff, J., & Cooper, 2018), although the definition of purposeful sampling is fraught
with ambiguity and a lack of clarity as observed by (Gentles, Charles, Ploeg, & Ann McKibbon,
2015), purposeful sample is where participants are selected based on what the researchers
determine as the most suitable candidates to answer the research question (Meltzoff, J., &
Cooper, 2018), purposeful samples are used to select information-rich cases. Information rich
cases could be comprised of individuals that are knowledgeable and experienced about a
research phenomenon (Palinkas et al., 2015). This study used a purposeful sample of current IT
employees' who are part of the IT governance body, the IT employees were comprised of
Network Engineers, IT managers, IT directors, the Chief Technical Officer (CTO) and Service
desk leadership team in the IT department. This group of participants were purposefully selected
because of their roles and knowledge in the IT department and their roles in respect to IT
governance at a hospital in the Western United States of America. The researcher worked with
the leadership team at the hospital responsible for network operations at the hospital to
purposefully select participants that could most appropriately help answer the research question.
The employees interviewed included but not limited to: Network Engineers, IT managers,
IT directors, the Chief Technical Officer (CTO) and Service desk leadership. The study also
52
explored the perceived realities of the sample IT employees about how IT governance processes
and practices impact IT network operations at a hospital in the Western United States of
America. Interviewee participation involved participating in 30-45 minutes semi-structured
interviews using a Microsoft collaboration tool called Microsoft Teams. Microsoft Teams was
used to conduct interviews and change advisory board meetings (CAB) during the month of
January 2021, the researcher attended three CAB meetings for the purpose of observation in
addition to the 11 interviews conducted. Document review and observation was used to
collaborate findings from interview data to validate the ITG processes and their effects on the
hospitals network operations during the research period. The main reason for conducting
interviews, document review, and observations to increase the credibility of the findings by
corroborating evidence from multiple sources about the effect ITG implementation has on
Network operations of a hospital such as a hospital in the Western United States of America.
Research participation was strictly confidential; the interviewees and their responses were
labeled with pseudonyms making it impossible to trace back to the respondents.
Informed Consent and Confidentiality
Researchers should ensure that they seek participant consent, ensure research
participant's confidentiality, and privacy of personal protected information, seeking participant
consent provides a level of accountability and responsibility throughout the research process
(Williams & Pigeot, 2017). Informed consent is used to determine the self-determination of
individual research participants and their willingness to participate in research (Miller &
Boulton, 2007). Miller and Boulton (2007), defined informed consent as a concept that defines
what is regarded as a level of the appropriate relationship between the researcher and research
participant. Informed consent is when informed participants make their wish known to
53
participate in a study (Williams & Pigeot, 2017; Miller and Boulton, 2007). Confidentiality in
qualitative research is a tool used for the management of data protection and privacy of research
participants (Williams & Pigeot, 2017), the goal of confidentiality is to prevent harm associated
with research participants sharing of identifiable research data (Yu, 2008). During qualitative
research, researchers are likely to run into an issue such as deductive disclosure or internal
confidentiality; deductive disclosure happens when individual traits and characteristics are
identifiable in the research report through deduction by the reader (Kaiser, 2009). To protect
research participants from unwarranted disclosure, researchers should protect the privacy of
research participants by keeping private data confidential. Privacy is the protection of
information that research participants share about themselves form intrusion; privacy can be of
two forms, privacy of the person and information privacy (Woogara, 2005). The research
participants signed an informed consent form before attending an interview session. The
informed consent form was sent to the participants by email; the informed consent form was
then signed by the research participants, scanned and sent back by email to the researcher
Research data is kept secure by following the University of Phoenix and institutional review
board research guidelines on confidentiality. The recorded research participant interviews and
observation notes are stored on a locally encrypted and password-protect hard drive on the
researcher's computer. Both local copies and iCloud copies are encrypted; file transfer to the
researcher’s iCloud account uses end-to-end encryption of local and in-transit data. Redundant
password-protected copies of interview transcripts, observation notes, and transcripts will be
kept on the researcher's iCloud drive for at least three years after the interviews are collected.
The protected files are only accessible to the researcher using two-fact authentication technology
to ensure added security. Personally, identifiable research participant data is kept at a minim. For
54
example, personally identifiable information has been removed from the transcripts and replaced
with pseudonyms for identifiers after interviews were transcribed and validated by the research
participant; the pseudonym list will be kept in separate password protected. Personally,
identifiable information and raw data from interviews is stored in a different password-protected
file. The data will be kept for three (3) years. The research interview and observation transcript
data will be destroyed by deleting the files from the researcher's local hard drive and redundant
copies from the researcher's iCloud account. Audio recordings from the interviews will be stored
until the interviews have been recorded and validated by the research participants within three to
six months. Both interview and observation audio recordings will be destroyed by file deletion of
the audio recording. Audio files will also be destroyed by deleting any media that may contain
the participant's audio record. The researcher's interview field notes will be destroyed by
shredding after three years from the research field notes collection date. The researcher obtained
data access and permission from the Hospital that granted the researcher permission to conduct
interviews, observations, and document review. See Appendix A for the Informed Consent Form.
Instrumentation
Data collection requires directly probing research participants for rich information and
description and clarification of their lived experiences (Polkinghorne, 2005), in this study, the
researcher used an exploratory single case study to investigate and collect evidence about the
effects of IT governance on hospital network operations. The researcher used interviews,
observations, and document analysis to collect evidence because interviewing, observations, and
document analysis are the key sources of evidence in qualitative research (Chenail, 2011;
Polkinghorne, 2005). As part of the data collection process, one of the objectives of scientific
research is to attain trustability by ensuring that the research process is valid and reliable through
55
its data collection methods (Louise & Alison, 1994). The sections below illustrate why
interviews, observations and document review were used as research instruments for this study.
Instrumentation: Interviews
In this study, semi-structured interviews were used because of two main reasons. The
first reason is that semi-structured interviews are well suited for the exploration of the perception
of opinions of the respondents in a research phenomenon. The second reason is that it is almost
impossible to use standardized questionnaires in case studies due to the varied educational and
professional backgrounds of participants (Louise & Alison, 1994). Standardized questionnaires
attempt to standardize stimulus and assume that respondents share the same vocabulary and that
every respondent's words carry the same meaning (Louise & Alison, 1994). However, evidence
collection methods such as questionnaires tend to take into account the fact that not every word
carries the same meaning to every respondent; semi-structured interviews increase reliability and
validity through the equivalence of meaning across participant's responses (Louise & Alison,
1994). Although semi-structured interview present disadvantages such as language barrier if
research participants do not speak the same language as the researcher, semi-structured
interviews have benefits such as the researcher's ability to probe respondents to clarify their
responses and benefits such as increasing social interaction with respondents that is necessary for
building rapport between a researcher and respondents (Louise & Alison, 1994).
Using semi-structured interviews, a researcher can rearrange the interview, clarify the
questions, and increase the engagement of the research participants. Researchers using
qualitative semi-structured interviews should also be aware that semi-structured interviews are
only an excellent tool depending on the researcher's ability to manage and analyze verbal
conversations effectively. Therefore interpersonal skills such as humility, humor are needed to
56
both establish rapport but also to establish trust with participants (Newton, 2010). Semi-
structured interviews were be used because interviews are a superior form of data collection in
qualitative research compared to other forms of data collection, such as questionnaires.
Interviews can be used build raptor and an environment where participants can feel comfortable
sharing the needed information in a research phenomenon (O'Keeffe, Buytaert, Mijic, Brozovic,
& Sinha, 2016). The researcher used semi-structured interviews to clarify information during the
interview or information from other sources, such as document review and observation. The
researcher audio recorded interviews in addition to taking notes to record participant responses
and observations.
Instrumentation: Observation
Direct observation or participant observation is a commonly used data collection method
used to collect information about people's lived experiences in a social phenomenon.
Observation evidence is often a vital tool for providing additional information about the studied
topic (Yin, 2018). Observation is used for studying individual behavior; the researcher used a
non-participant observation method for this research to understand how IT governance affects
network operations by observing IT governance in practice. The researcher attended and
observed three critical IT governance meetings. The meetings attended were change advisory
(CAB) meetings. The researcher attended CAB meetings to observe the IGT process's
implementation and other IT governance-related deliberations within the IT department. The
researcher's findings from the three observation meetings helped to validate and collaborate some
of the findings from interviews and document reviews.
57
Instrumentation: Document review
Document review or document analysis can also be used as the primary tool of data
collection or as a secondary type of data collection; document analysis can be used to provide a
historical context of the research. Documents and artifacts are ready sources of qualitative data
for a qualitative researcher (Yazan, 2015); document artifacts used in this research were online
content collected from the hospital’s IT service management website. The researcher reviewed
documents relevant to the hospital's IT governance processes stored on the IT service
management website. The IT service management website had process documents and policies
such as (a)IT service management definitions; (b) Change Management Process for Standard
Change; (c) Change Management Process for Normal Change; (d) Change Management Process
for Emergency; (e) Change Management Policy; (f) Release Management Process; (g) Release
Management Policy; (h) Service Level Management Policy; (i) Service level management
process; (j) Incident management process; (k) Configuration management polity (l) change
management process; (m) Configuration management process; (n) Asset Management Policy;
and (o) Service Level Management Policy. The IT governance documents provided content
relevant to topics ITG and the possible effect that the IT governance processes and policies have
on IT operations. The IT governance documents provided insights about the quality-of-service
delivery and how ITG regulates how services are rendered to the Hospital.
Pilot Study
A field test or pilot study may be conducted to determine if the research topic is feasible
and that the data collection instruments such as interview questions are likely to gather the
relevant information that inform the research; field test may also be done to determine if the data
collection tools are reliable (Creswell, John W.; Creswell, 2018). The researcher did not conduct
58
a pilot study due to Covid 19 related restrictions that led to limited access to the site and research
participants. The researcher also had to accommodate that the IT team members to be
interviewed were under pressure to build new Covid 19 testing sites and other Covid 19 related
projects. Additionally, the researcher was advised by management at the Hospital that the
research participants did not have ample time to engage in a preliminary pilot study and then the
actual research. Therefore, the researcher relied on the three methods of data inquiry for
triangulation to improve the study finding’s credibility. As previously mentioned in chapter
three, triangulation compares several data types and sources: peer debriefing, negative case
analysis. Member checking of data sources was also used to show the research's content validity.
The researcher used document triangulation using sources such as document review, interviews,
and observation.
Credibility and Transferability
In this study, credibility was achieved by triangulation; transferability was acquired by
the use of thick descriptions in chapter 4 research findings that readers from other contexts can
relate to. Transferability was also achieved using semi-structured interviews, document review of
IT governance process, and observation of IT governance processes such as the change advisory
body. The three methods were used to explore how stakeholders at a hospital in the Western
United States of America feel about network operations' IT governance processes. The findings
from one hospital are likely to apply to other hospital network operations in United States of
America or any other country. Using semi-structured interviews, document review, and
observation helped to triangulate both research data collection and analysis. The researcher used
semi-structured interviews, document review, and observation because of the richness of
59
information the researcher would get from using a combination of interviews, document review
and observation of research participants.
Qualitative researchers need to demonstrate a level of reliability, credibility or trustability
of their study (Fusch et al., 2018). One of the ways to achieve credibility and transferability is
through triangulation of data from different data sources. Triangulation using semi-structured
interviews, document review of IT governance process, and observation of IT governance
processes such as the change advisory body meetings was used to explore how stakeholders at a
hospital in the Western United States of America feel about the IT governance processes for
network operations. The triangulation of data collected from semi-structured interviews,
document review, and observation was also used in the data analysis process. To establish the
credibility of this study, the researcher used semi-structured interviews, document review, and
observation because of the depth of the information the researcher could get from using a
combination of interviews, document review, and observation of research participants (Fusch et
al., 2018). The paragraphs below illustrate why qualitative researchers must establish credibility
and transferability of their research.
Researchers using qualitative research use multiple techniques to achieve research
credibility; one of the benefits of the qualitative research process is that qualitative research is
flexible as the researcher can adjust the research process as they see fit for a given scenario
(Cypress, 2017). Qualitative research is not value-free because qualitative researchers bring their
own biases to the research process (Fusch et al., 2018) . The researcher's bias and the kind of
flexibility that qualitative research offer calls into question the research validity of the research
findings since the researcher is the main instrument of the research (Cypress, 2017; Fusch,
Fusch, & Ness, 2018). Proper qualitative research must, therefore, demonstrate research rigor,
60
reliability, and validity (Barusch et al., 2011a; Thomas & Magilvy, 2011). Quantitative research
rigor is equivalent to reliability and validity in quantitative research (Thomas & Magilvy, 2011),
qualitative research rigor can be demonstrated through the researcher's ability to show
credibility, transferability, dependability, and confirmability of the research findings(Thomas &
Magilvy, 2011). Maintaining research validity is a critical component of qualitative research
designs, in both quantitative and qualitative instruments, there are three major validity items as
identified by (Heale & Twycross, 2015; J. W. Creswell, 2014).
To establish the credibility of a given study, qualitative researchers can generate
confidence in their qualitative research through the use of methods such, prolonged engagement
during data collection, persistent observation, triangulation which is a process of comparing
several data types and sources to provide deeper insights and meeting (J. B. Brown et al., 2015),
peer debriefing, negative case analysis, and member checking. (Barusch et al., 2011a; Wa-
Mbaleka, 2017), suggested that researchers could strengthen their researcher through (1) Making
a strong case for qualitative research in the title, abstract, and keywords; (2). Stating the
relevance of the research in the introduction; and (3) Starting qualitative research with a clear
research question. Cutcliffe and McKenna (1999), maintained that qualitative researchers could
improve the credibility of their research by allowing a colleague to participate in the
categorization and coding process of a transcript as a method to guard against the researcher's
bias. In addition to using colleagues to participate in the coding and theme development process,
research participants or member checking may also be used to validate research findings
(Candela, 2019). Interviewees were asked to review their interview transcripts and some of the
emerging themes from the interviews as a measure of reducing distortions, inaccuracies and
misinterpretations in the data collection and data analysis process.
61
Complementary to allowing other experts to participate in the coding process and
research participants participating in the data validation process. Triangulation was used as a
mechanism for achieving validity and confidence in the findings of the study (Medlin, 2012),
Farquhar et al. (2020), postulated that triangulation contributes to both internal and external
validity of qualitative research, triangulation is used to increase the richness of research
information and findings (Stavros & Westberg, 2009), triangulation is used as a tool to mitigate
the researchers bias by triangulating multiple sources of data to extrapolate meaning from data
using multiple realities or viewpoints (Fusch et al., 2018). Triangulation is particularly a good
tool in qualitative case study research because triangulation contributes to research validity
through the convergence of findings from multiple sources (Farquhar et al., 2020c), as a
validation strategy for qualitative research, triangulation is not restricted to the use of only one
method, theory and data source (Santos et al., 2020). Triangulation may consist of three main
elements, convergence, complementarity and divergence of participant views, in a case study
research conducted by Cooper, Stavros, and Dobele (2019), about the domains of influence
exploring negative sentiment in social media, face-to-face, semi-structured, open-ended
interviews, netnographic (netnography a form of ethnography that examines online cultures and
life) examination were used to triangulate case study data. In a study that sought to understand
relationship marketing in the context of an industry evolving in its strategic approach to
marketing, interviews, participant observation, and document review were used as data sources
to triangulate a diversity of research data (Stavros & Westberg, 2009). Based on the sample
studies (Medlin, 2012; Stavros & Westberg, 2009; Farquhar, Michels, & Robson, 2020), the
common three methods used for triangulation in case studies are interviews, document review,
and observation. Therefore, for the reasons cited in this section, the triangulation of qualitative
62
data from interviews, document review, and observation provided the best path to establishing
credibility. The next section will focus on the value of transferability in qualitative research.
Transferability in qualitative research is comparable to research validity in quantitative
research; transferability is a qualitative research construct that suggests that the findings from
one study and context could offer applicable lessons in another context (Daniel, 2018),
triangulation collaborates data from multiple viewpoints to increase understanding of a particular
theme and to provide validation of the findings from various sources (Stavros & Westberg,
2009), using various data sources increased transferability of the of the findings of a qualitative
study (Stavros & Westberg, 2009). To show that transferability has been exercised by a
researcher, the researcher should show how the content of interviews, the behaviors, and
observed events are generally representative of the lived experiences of participants and if such
representation could be used in other contexts (Daniel, 2018). Although it is almost impossible to
guarantee transferability of research findings from one context to another, qualitative researchers
are encouraged to use thick descriptions of themes as a strategy to allow readers to compare the
instances of a phenomenon described in a research report to their own situations and contexts
(Shenton, 2004). The researcher used thick descriptions of themes in the research report to allow
readers to extrapolate themes that may be applicable to their own findings. The researcher also
encourages future studies to use multiple case studies or quantitative research methods to
improve understanding of the phenomenon about the Effect of IT governance on network
operations in multiple hospitals in the Western United States of America and the United States,
such efforts will increase the ability to transfer findings from one hospital to another.
63
Data Collection
The sections below illustrate how the researcher collected data using interviews,
observations, and document reviews. The researcher used interviews, observations, and
document reviews as a data triangulation method to understand the research participants
perceived realities of the effects of IT governance on IT network operations at a hospital in the
Western United States.
Data Collection: Interviews
As noted in chapter 1 and in this chapter, the data collection process was conducted by
collecting and triangulating data from multiple sources such as semi-structured interviews,
document review, and observation. Data were primarily collected using semi-structured
interviews from a purposive sample of 11 interview participants. A purposive sample was used
because purposive samples are intentionally used to select participants and data that enrich the
findings of a particular study (Marton, 2013). A purposive samples is also known as judgment
sampling where participants are deliberately chosen due to their qualities and rich experiences
(Etikan, 2016; Higginbottom, 2004). The purposive sample using a maximum variation sample
(MVS) was used because using a purposive MVS allows the researcher to select participants
with a wide range of experience (Etikan, 2016). Using MVS the researcher interviewed
participants whose IT experiences ranged from 3 years in the company to over thirty years in the
organization, research participants included service management managers, network engineers,
firewall engineers, IT directors and the CTO. Using the MVS approached help the researcher
gain greater insights into the research phenomenon. Research participants included in this study
were chosen because of their experience with IT governance at the Hospital.
64
The researcher worked with the IT leadership at the hospital to identify and handpick
research participants that were likely to contribute to the study's purpose. After the participants
had been identified, the researcher sent recruitment emails to the chosen research participants;
the recruitment emails included a sample interview protocol and informed consent form attached
in appendix A and B of this paper. Each research participant was requested to sign the informed
consent form before participating in the 30-45 minutes interview. As per the university of
phoenix IRB requirements, the researcher obtained a signed Premises, Recruitment, and Name
(PRN) use permission form document that allowed the researcher to collect data at the hospital's
IT department in the Western United States of America. All interviews were conducted in
January 2021. The researcher reached a point of saturation by the 9th interview participant.
Although scheduled and conducted on separate days through the month of January 2021,
Interviews and observations were conducted during the same period. See appendix B for the
One-on-One IT governance Interview Protocol used as a guide to conduct semi structured
interviews.
Data Collection: Observation
Due to Covid-19 related restrictions, the researcher conducted observations using
Microsoft Teams. The researcher attended three IT CAB meetings to observe the hospital's
governance body responsible for approving and reviewing network operations-related changes
made by the IT team. Except for holidays that fall on Mondays, CAB meetings are held once
each Monday. The cab meetings observed were held in January 2021. The specific CAB
meetings observed were held on Jan 5th, Jan 12th, and Jan 25th. The CAB meeting held on Jan
4th lasted for about 26 minutes; the CAB meeting held on Jan 12th lasted for about 32 minutes;
the CAB meeting held on Jan 25th lasted for about 23 minutes. Each CAB meeting discussed
65
changes scheduled for the week and the possible impact the IT changes on the network or IT
environment could have on the hospital. The searcher audio recorded the CAB Teams meetings
that were later transcribed using an online tool otter.ai. See appendix C for the protocol
document used to observe The Effect of IT Governance (ITG) on Hospital Network Operations.
Data Collection: Document review
The researcher conducted a document review from the IT service management web
portal, where all IT governance policy documents and processes are stored. Document review
was conducted as the last step in the data collection process to validate and collaborate some of
the perceived realities of IT governance by IT leaders and IT staff in the IT department at the
hospital. The researcher searched the hospital's IT service management page using keywords
such as IT governance, asset management, change process, and service management. The search
criteria yielded IT governance documents such as: (a)IT service management definitions; (b)
Change Management Process for Standard Change; (c) Change Management Process for Normal
Change; (d) Change Management Process for Emergency; (e) Change Management Policy; (f)
Release Management Process; (g) Release Management Policy; (h) Service Level Management
Policy; (i) Service level management process; (j) Incident management process; (k)
Configuration management polity (l) change management process; (m) Configuration
management process; (n) Asset Management Policy; and (o) Service Level Management Policy.
The document review process was conducted during February and March 2021. At the
conclusion of the data collection, the research started intensive data analysis discussed in the
section below.
66
Data Analysis
This section reviews how interview data were recorded, transcribed, and analyzed. This
section also examines how document and observation evidence was analyzed. Data from
interviews, observation, and document review was used to identify evidence that supports or
answers the research question and opposing views from the evidence collected (Yin, 2018).The
key to qualitative research analysis is mastering the art of reflexivity and data iteration as the
researcher reviews, analyzes, and revisits with analyzed data over and over to discover new and
emerging themes from the data and how those themes inform the researcher's research
phenomenon (Srivastava & Hopwood, 2009). Through constant comparison and iteration, the
researcher compared and revisited data from interview transcripts, observations and document
review to discover emerging themes about the perceived realities of hospital's IT employees
about the effects of IT governance on network operations. During the data analysis, 26 categories
emerged, and five major themes emerged from the 26 categories. The five major themes are
discussed in chapter 4.
The researcher followed a data analysis approach and framework consistent with
previous scholars. Many scholars recommend that data analysis start as soon as the first data
element is collected (Rowley, 2012). The data analysis process should then continue in an
iterative process, starting with organizing the data set, getting acquainted with the data,
classifying, coding, and interpreting the data see also (O’Kane et al., 2021; Rowley, 2012).
O’Kane et al. further suggested the data analysis process should be conducted in a reliable and
trustable manner to demonstrate transparency and trustworthiness. To increase the research
findings' trustworthiness, the researcher used constant comparison and triangulation as a strategy
67
to draw meaning from multiple sources by analyzing confirming or opposing themes from
interviews, document reviews, and observations (Yin, 2017; Yazan & De Vasconcelos, 2016).
In this case study, the researcher investigated evidence collected about IT governance
such as: (a) How IT governance delivers value to the Hospital; (b) How IT governance leads to
strategic alignment of IT network operations to the Hospital's goals and missions; (c) How IT
governance leads to performance management of network operations; (d) IT governance and IT
resource management; and (d); IT governance and risk management; and (6) What IT
governance means in an organizational context.
Based on a case study design suggested by Srivastava and Hopwood (2009), it is
recommended that data analysis should focus on three main questions, the questions are: (a) what
are the data telling me?; (b) what is it that I want to know from the data?; and (c) What are the
dialectical relationships between what the data is telling me with what I want to know? Lester et
al.(2020) suggested data analysis in qualitative case studies is used to develop a more profound
and nuanced phenomenon by pursuing a combination of procedures such as coding, memo
writing, creating categories, and themes. Therefore, data analysis is a meaning-making process
that at a minimum, consists of examining, categorizing, tabulating, testing, or recombining
qualitative and quantitative evidence to address the initial proposition of a study (Yazan & De
Vasconcelos, 2016). Yin (2017) further suggested that qualitative researchers can follow four
general strategies to analyze qualitative evidence. The general strategies are: (a) relying on the
theoretical proposition of the researcher, (b) working with data from the ground up following an
inductive approach, (c) developing a case description; and (d) examining plausible rival
explanations in the evidence.
68
Specifically, the researcher used two main approaches of data analysis. The first approach
was working data from the ground up, working the data from the ground up is an inductive
approach of data analysis that assigns codes to the data, and each code represents an abstraction
or concept of interest (Yin, 2018). The themes represent the researchers answers to the research
question, the research context, and theoretical framework (Roberts et al., 2019). The second
approach used is the constant comparative data analysis proposed initially by Glaser and Strauss
(Sharma et al., 2019, see also Gephart, 2003;), constant comparison can be used to discover
relationships among categories and themes (Sharma et al., 2019). In this case study, constant
comparison was used to compare data across interviews, document reviews and observations.
To start the analysis process, after interviews are conducted, interviews must be first
transcribed before the data can be analyzed (Nascimento & Steinbruch, 2019). Inappropriate or
inadequate preparation of transcripts from the audio to digital recordings can delay or negatively
affect the data analysis process (McLellan et al., 2003). Transcription is used in qualitative
research to show evidence about a certain phenomenon that constitutes a certain interest in a
study; the way transcription is conducted largely shaped by the researcher's institutional culture,
academic environment, and background (Nascimento & Steinbruch, 2019). In this study, the
researcher used data transcription technology otter.ai for voice recognition software (VRS) to
transcribe the interviews. Transcribing the interviews using otter.ai was a strategy used to ease
and increase the data transcription process's speed for audio recordings as recommended by
Matheson (2007). The transcripts from data recordings were later used for analysis by
categorizing and develop emerging themes from the data. The sections below illustrate how the
researcher conducted data analysis for interviews, observation, and document reviews
69
Data Analysis: Interviews
In this research, the researcher transcribed the interview data using an online tool otter.ai,
the transcribed interviews were uploaded to MAXQDA Analytics Pro 2020 for Mac OS, release
20.3.0. The researcher used MAXQDA to generated codes, patterns, and themes from the
interview transcripts. O’Kane et al. (2021) suggested that although computer aided qualitative
analysis and design (CAQDAS) do not perform data analysis independent of the researcher,
CAQDAS tools play a significant role in supporting researcher efforts in analyzing and
presenting data analysis in a trustworthy manner. The researcher used MAXQDA as a qualitative
analysis tool to store, code, analyze and drive themes from the collected research data. Data in
MAXQDA constituted the research case record. The case record was organized into subfolders
such as interviews, document review and observation. Organizing the data in a structured
recorded enabled the researcher to easily access, review and analyze the data.
Because qualitative analysis is an inductive approach of understanding what is going on
within an inquiry through a process of continually hunting for themes and concepts that emerge
from the collected data (Srivastava & Hopwood, 2009; Yin, 2017). The researcher used a
ground-up strategy as suggested by Yin (2017), to allow themes to emerge from the data.
Patterns and themes were allowed to emerge from the data based on what the researcher wants to
know from the data guided by the researcher's theoretical framework; the researcher's subjective
perspective; and the researcher ontological and epistemological perspective (Srivastava &
Hopwood, 2009).
The researcher also focused on examining and categorizing data, the process of
examining and categorizing data is commonly referred to as qualitative data coding (Castleberry
& Nolen, 2018), a code in qualitative research is a word or short phrase that symbolizes salient,
70
essence-capturing, and or evocative attributes for a proposition of language-based or visual data;
coded data could consist of interview transcripts, observation notes, journal analysis, documents,
drawings, and artifacts, emails correspondences and much more. It is through the coding process
that raw data is converted into meaningful and usable data through the identification of themes,
concepts, and ideas that are related to each other (Castleberry & Nolen, 2018). Coding is not a
linear process but an iterative and reflective process (Srivastava & Hopwood, 2009). The
researcher used an interactive approach to code themes and sub-themes that emerged from the
data from the beginning of the interview data collection process to the end of the interview data
collection process. Interviews were analyzed for information about (a) How IT governance
delivers value to the Hospital; (b) How IT governance leads to strategic alignment of IT network
operations to the Hospital's goals and missions; (c) How IT governance leads to performance
management of network operations; (d) IT governance and IT resource management; and (e); IT
governance and risk management; (f) What IT governance means in an organizational context.
Five main themes emerged from the interview data analysis process. Details about the interview
findings and emerging themes are discussed in chapter 4.
Data Analysis: Observation
The researcher uploaded observation transcripts to MAXQDA for data categorization and
analysis for emerging themes. After interview transcripts had been analyzed, the researcher
analyzed observation data and document review. Observation is a data collection process
describing events, behaviors, and artifacts in a social setting study (Kawulich, 2005).
Observation allows the researcher to learn about participant's activities in a natural environment;
observations may be used to check the nonverbal expression of feeling and observe events that
participants may not be willing to share during an interview (Kawulich, 2005). The researcher
71
used a ground-up strategy suggested by Yin (2017) to analyze the data for categorizing and
themes that emerged from the data. The analysis process also used the constant comparison
process to compare and confirm categories and emergent themes from interview data and
document review. The CAB meetings findings were consistent with the IT policies and
processed defined by the hospital’s IT governance body. Observation transcripts were analyzed
for: (a) How IT governance delivers value to the Hospital; (b) How IT governance leads to
strategic alignment of IT network operations to the Hospital's goals and missions; (c) How IT
governance leads to performance management of network operations; (d) IT governance and IT
resource management; and (e); IT governance and risk management; (f) What IT governance
means in an organizational context. The main emerging themes from observation data analysis
are discussed in chapter 4.
Data Analysis: Document review
The researcher conducted document review analysis extracted from the IT service
management documents found on the Hospital’s IT service management portal in addition to
interview and observation data analysis. The researcher uploaded all collected data governance
documents such as: (a)IT service management definitions; (b) Change Management Process for
Standard Change; (c) Change Management Process for Normal Change; (d) Change
Management Process for Emergency; (e) Change Management Policy; (f) Release Management
Process; (g) Release Management Policy; (h) Service Level Management Policy; (i) Service
level management process; (j) Incident management process; (k) Configuration management
polity (l) change management process; (m) Configuration management process; (n) Asset
Management Policy; and (o) Service Level Management Policy to MAXQDA. The researcher
reviewed IT governance supporting documents for patterns and themes that emerged about how:
72
(a) How IT governance delivers value to the Hospital; (b) How IT governance leads to strategic
alignment of IT network operations to the Hospital's goals and missions; (c) How IT governance
leads to performance management of network operations; (d) IT governance and IT resource
management; and (e); IT governance and risk management; (f) What IT governance means in an
organizational context. The emerging themes from the document review were consistent with the
findings from interviews and observation. Details about the document review findings and
emerging themes are discussed in chapter 4.
Chapter Summary
This chapter has presented an exploratory case study as the data collection method that
was used to collect data using interviews, document review, and observation as the main
instruments of data collection. The case study approach was used because case studies are
commonly used to develop an understanding of organizations and organizational processes.
Chapter three also presented the main research question of the research "What is the relationship
between IT governance and hospital network operations" and sub research questions. A
purposeful sample of 11 IT employees and hospital administrators were used as the target sample
for interviews. All research participants were required to read and sign an informed consent
form that allowed the researcher to collect their data. Credibility and transferability were
established by triangulating data sources such as interviews, document review, and observation.
The data analysis process followed and an iterative process from the beginning of the data
collection process to the end of data collection and analysis process. The researcher developed a
coding system that was used to identify emerging themes from the data and how the emerging
themes address the research question. Chapter 4 discusses the analysis and results.
73
Chapter 4
Analysis and Results
This study was an exploratory qualitative single case study that sought to understand
essential network governance and network operations stakeholder’s perceptions of the use of IT
governance (ITG) and the relationship of ITG to critical health care infrastructures such as
hospital information technology network operations. The study also explored the IT
government's perceived effect on network operations at a Hospital in the Western United States
of America. This study contributes to the knowledge of IT managers, Network engineers,
Hospital administrators, and other hospital stakeholders about the significant contributions that
IT governance could have on hospital network operations. Additionally, the study contributes to
the understanding of IT professionals and hospital administrators about effectively implementing
IT governance to improve network operation's alignment with the hospital's strategic goals and
missions. This chapter describes the analysis process and the study results of this study using a
group up and constant comparison data analysis approach.
Research Questions
The main research question was, "What is the relationship between IT governance and
hospital network operations?" The researcher asked five sub-research questions to understand the
effects of ITG on network operations in a hospital in the Western United States of America.
Listed below is the list of five sub-questions used by the researcher to guide the research:
goal and mission?
74
management?
This chapter builds on the first three chapters, the introduction, literature review, and
research methodology to analyze and present the results of this study. Chapter 4 also serve as a
transitionary chapter to the findings and conclusions in chapter 5. This chapter presents an
inductive analytical process used to code, develop categories, and emerging themes from the
data. Furthermore, this chapter presents the data collection process with sections such as the
informed consent, discussion of the data analysis phases, research participant demographics, the
data analysis method used, and a presentation of the analysis results.
Data Collection
The sections below provide a detailed discussion of the informed consent and data
collection process used in this study. Additionally, this section reviews the actual data collection
process using interviews, observations, and document review.
Informed consent discussion
As suggested by Williams and Pigeot (2017), all research participants should read and
sign an informed consent form before participating in the data collection process. Moreover, all
researchers should ensure that they seek participant consent, ensure research participant's
confidentiality and privacy of personal protected information. Seeking participant consent
provides a level of accountability and responsibility throughout the research process. The
informed consent form was sent to the participants by email; the research participants signed the
informed consent form, scanned the form and sent back the form by email to the researcher.
75
The collected research data was kept secure by following the University of Phoenix and
Institutional Review Board research guidelines on confidentiality. The recorded research
participant interviews are stored on a locally encrypted and password-protect hard drive on the
researcher's computer. Both local copies and iCloud copies are encrypted, and the file transfer to
the researcher's iCloud account uses end-to-end encryption of local and in-transit data.
Redundant password-protected copies of interview transcripts will be kept on the researcher's
iCloud drive for at least three years after the interviews are collected. The protected files are
accessible to the researcher using two-fact authentication technology to ensure added security.
Personally identifiable research participant data is kept at a minimum. For example,
personally identifiable information has been removed from the transcripts and replaced with
participant pseudonyms. The participant pseudonyms were then assigned participant
identification numbers (ID) 1-11 for identifiers after interviews were transcribed and validated
by the research participants. The participant ID list is kept in a separate password-protected file.
Personally, identifiable information and raw data from interviews are stored in a different
password-protected file. The data will be kept for three (3) years. The research transcript data
will be destroyed by deleting the files from the researcher's local hard drive and redundant copies
from the researcher's iCloud account. Audio recordings from the interviews will be kept until the
interviews have been recorded and validated by the research participants within three to six
months. The audio recordings will be destroyed by file deletion. The researcher will destroy
interview hard copy field notes by shredding them after three years from the research date. Field
notes collected; and electronic copies will be destroyed by file deletion. The researcher obtained
data access and permission from the Hospital that granted the researcher permission to conduct
interviews, observations, and document reviews.
76
The Data collection process
The data collection process was conducted using data triangulation from multiple sources
such as semi-structured interviews, document reviews, and observation. Data were primarily
collected using semi-structured interviews from a purposive sample of 11 interview participants.
The researcher used purposive sampling because purposive samples are intentionally used to
select participants and data that enrich the findings of a particular study (Marton, 2013). A
purposive sample is also known as judgment sampling where participants are deliberately chosen
due to their qualities and rich experiences (Etikan, 2016; Higginbottom, 2004). The purposive
sample, using a maximum variation sample (MVS) was used because, a purposive MVS allows
the researcher to select participants with a wide range of experience ( Etikan, 2016), using MVS
the researcher interviewed participants whose IT experiences ranged from 3 year in the company
to over thirty years in the organization. Research participants included IT service managers,
network engineers, firewall engineers, IT directors, and the Chief Technical Officer (CTO).
Using the MVS approach help the researcher gain greater insights into the research phenomenon.
The researcher worked with the Hospital's IT leadership to identify and handpick research
participants that were likely to contribute to the study's purpose. After the participants had been
identified, the researcher sent recruitment emails to the research participants. The recruitment
emails included a sample interview protocol and informed consent form attached in appendixes
A and B of this paper. After signing an informed consent form, the interviewees participated in a
30–45-minute interview. As per the university of phoenix IRB requirements, the researcher
obtained a signed Premises, Recruitment, and Name (PRN) use permission form document that
allowed the researcher to collect data at the Hospital's IT department in Western United States of
77
America. The recruitment process, interview, and observation process spanned ten months (May
13, 2020, through February 28, 2021). The interviews and observations were all scheduled for
January 2021 based on the participant's availability. The collection of documents for document
review was conducted in the month of February and March 2021.
Although scheduled and conducted on separate days through January 2021, Interviews
and observations were conducted during the same period. The researcher reached a point of
saturation by the 9th interview participant. The researcher attended three IT CAB meetings to
observe the Hospital's governance body's IT governance process to approve and review network
operations-related changes made by the IT team. After the scheduled interviews and observation
sessions, the researcher performed a preliminary document review and downloaded documents
relevant to the research. Document collection was conducted as the last step in the data collection
process. The collected documents helped validate and collaborate interview participant's
perceptions of IT governance's effect on network operations. The sections below illustrate how
the researcher collected data using interviews, observation, and document reviews
Data collection process: Interviews
Data were primarily collected using semi-structured interviews from a purposive sample
of 11 interview participants. A purposive sample was used because purposive samples are
intentionally used to select participants and data that enrich the findings of a particular study
(Marton, 2013). Using MVS the researcher interviewed participants whose IT experiences
ranged from 3 years in the company to over thirty years in the organization, research participants
included service management managers, network engineers, firewall engineers, IT directors and
the CTO. Using the MVS approached help the researcher gain greater insights into the research
78
phenomenon. Research participants included in this study were chosen because of their
experience with IT governance at the Hospital.
The researcher worked with the IT leadership at the hospital to identify and handpick
research participants that were likely to contribute to the study's purpose. After the participants
had been identified, the researcher sent recruitment emails to the chosen research participants;
the recruitment emails included a sample interview protocol and informed consent form attached
in appendix A and B of this paper. Each research participant was requested to sign the informed
consent form before participating in the 30-45 minutes interviews. All interviews were
conducted in January 2021. The researcher reached a point of saturation by the 9th interview
participant. Although scheduled and conducted on separate days through the month of January
2021, interviews and observations were conducted during the same period. The researcher also
used Microsoft Teams as the communication tool of chose by the hospital to schedule and
conduct interview meetings. Interview meetings were double recorded using the researcher’s
iPhone application Voice Recorder and a handheld audio recorder. Audio data were uploaded to
an online tool otter.ai for transcription.
Data collection process: Observation
Due to Covid-19 related restrictions and guidelines about social distancing, the researcher
conducted observations using Microsoft Teams. The researcher attended three IT CAB meetings
to observe the hospital's governance body responsible for approving and reviewing network
operations-related changes made by the IT team. The cab meetings observed were held in
January 2021. The specific CAB meetings observed were held on Jan 5th, Jan 12th, and Jan 25th.
The CAB meeting held on Jan 4th lasted for about 26 minutes; the CAB meeting held on Jan
12th lasted for about 32 minutes; the CAB meeting held on Jan 25th lasted for about 23 minutes.
79
Each CAB meeting discussed changes scheduled for the week and the possible impact the IT
changes on the network or IT environment could have on the hospital. The searcher audio
recorded the CAB Teams meetings that were later transcribed using an online tool otter.ai
Data collection process: Document review
The researcher conducted document reviews from the IT service management web portal,
where all IT governance policy documents and processes are stored. Document reviews were
conducted to validate and collaborate findings from interviews and observations about IT
governance's perceived realities by IT leaders and IT staff in the hospital's IT department. The
researcher searched the hospital's IT service management page using keywords such as IT
governance, asset management, change process, and service management. The search criteria
yielded IT governance documents such as: (a) IT service management definitions; (b) Change
Management Process for Standard Change; (c) Change Management Process for Normal
Change; (d) Change Management Process for Emergency; (e) Change Management Policy; (f)
Release Management Process; (g) Release Management Policy; (h) Service Level Management
Policy; (i) Service level management process; (j) Incident management process; (k)
Configuration management polity (l) change management process; (m) Configuration
management process; (n) Asset Management Policy; and (o) Service Level Management Policy.
The document review process occurred during February and March 2021. The ITG related
documents were downloaded and saved as word files; the word files were uploaded to
MAXQDA for storage and analysis.
Demographics
The researcher interviewed 11 interview participants; except for one participant, all
research participants were white males over the age of 18, all interview participants voluntarily
80
participated in the interview process. The study participants included IT service managers,
network engineers, firewall engineers, IT directors, and the CTO in charge of hospital network
operations. Table 4.1 below shows the participant's demographics. The participant's names have
been anonymized using participant ID 1-11 to maintain the participant's privacy and anonymity.
Using a purposeful sample selection as the research design method allowed the researcher to
select sample participants that would accurately represent and talk about IT governance
practices.
Table 4.1
Interview participant demographics
Participant Title Race Gender Dept Experience

ID(P) (yrs.)
P1 IT director White M IT 20-25
P2 Firewall White M IT 20-25
engineer
P3 Network White M IT -
Manager
P4 CTO White M IT 30-40
P5 Security White M IT -
engineer
architect
engineer
P8 Director White M IT 20-25
P9 IT manager White M IT 35-40
P10 Incident N/A M IT 10-15
response
team lead and
Associate
director
P11 IT manager White M IT -
81
From the Table 4.1 above, the majority of participants were all male and white. All
interview participants were full time employees of the Hospital. No contractors were included in
this study.
Pilot Study
The researcher did not conduct a pilot study due to Covid 19 related restrictions that led
to limited access to the site and research participants. The researcher also had to accommodate
that the IT team members to be interviewed were under pressure to build new Covid 19 testing
sites and other Covid 19 related projects. Additionally, the researcher was advised by
management at the Hospital that the research participants did not have ample time to engage in a
preliminary pilot study and then the actual research. Therefore, the researcher relied on the three
methods of data inquiry for triangulation to improve the study finding’s credibility. As
previously mentioned in chapter three, triangulation compares several data types and sources:
peer debriefing, negative case analysis. Member checking of data sources was also used to show
the research's content validity. The researcher used document triangulation using sources such as
document reviews, interviews, and observations.
Data Analysis
Intensive formal data analysis began after the researcher collected and uploaded all the
data from interview transcripts, observation field notes, and IT governance documents, into a
computer-aided design and analysis software (CADAS) MAXQDA Analytics Pro 2020 for Mac
OS, release 20.3.0. The research data was uploaded to MAXQDA to create a case record and
database that made it easy to search on keywords during the coding process. The researcher
started the analysis process of interview transcripts, observation field notes, and IT governance
documents by reviewing, reading, re-reading, coding the data, and engaging in a constant
82
comparison process to generate categories and themes. The categories and themes generated
from the research data provided valuable insights and answers to the research questions.
Before uploading the transcripts to MAXQDA Analytics Pro 2020 for Mac OS, release
20.3.0, the researcher engaged in an audio transcription process. The researcher used an online
transcription software, otter.ai, to transcribe the interviews and observations from audio to text.
The research interview transcripts are only accessible to the researcher. After transcribing the
interviews and observation recordings, the researcher exported the transcribed text from otter.ai
to MAXQDA for coding and analysis. The researcher created a case study database of interview
transcripts, field notes recorded from observations, and IT governance documents. The records in
MAXQDA became the researcher's case record. The collected IT governance documents,
interviews, and observation transcripts were chronologically organized into folders to facilitate
easy access and retrieval. The researcher also uploaded the interview and observations audio
recordings to MAXQDA attached to the text transcripts to re-read during the coding and analysis
process. The following sub-sections illustrate the specific coding data analysis processes used for
each of the primary data collection instruments. In addition to the findings presented in Table
4.2, this section further illustrates the data analysis for the results collected from a sample of 11
IT employees using interviews, observation of change advisory meetings (CAB), and document
reviews. This section concludes with some of the research participants' rich descriptions from the
interviews, observations, and document reviews.
The Coding Processes
The researcher started the data analysis process by reviewing and re-reading the data,
coding the data, and engaging in constant comparison to generate codes, categories, and themes
from the data using MAXQDA. The researcher coded the data using several coding methods
83
such as open coding and NVivo coding methods, as shown in Table 4.2. The researcher used
first-level coding and the second-level coding technique to refine the raw first-level codes. The
researcher then used axial coding to correlate meaning from different principles. The researcher
coded keywords using temporary constructs. Finally, the researcher developed a list of the brief
first-order constructs and second-order constructs that summarized important categories into
emergent themes from the data.
Table 4.2
Second level codes, categories and emerging themes
Categories Emerging Themes
1. Visibility of network operations network ITG’s value creation
2. Provides stability and rigor to IT network operations process leads to IT agility
3. Enabling of IT processes
4. Prioritization of actives and funding of business operations across the
enterprise
5. IT agility
1. Prioritization of IT activities ITG is used for strategic
2. ITG bridges the gap between business operations and Technical operations alignment between the
interests ITG value creation
3. Direction, vision, communication, weathervane, accountability process leads to IT agility
4. Strong partnership between IT and business for the hospital’s IT
5. Provide standards and architecture network operations
84
Categories Emerging Themes
1. Measure SLA and OLA ITG is used for strategic
2. From-to-gap analysis alignment between the
3. Measure Customer satisfaction hospital’s governance
4. Monitoring project completion practices and IT Network
5. Monitoring project completion operations
1. Budgeting for IT operations IT governance is used as
2. CMDB is used for asset management a configuration
3. IT expenses budgeting management tool to
4. Capacity monitoring and performance manage IT assets
5. IT human resource management
1. CAB is used to regulate changes ITG is used for risk
2. Manage high risk changes management and risk
3. Vetting new network solutions mitigation for IT related
4. Makes sure changes do not pause any risk or harm to the patients risks
5. Follow best practices for security management
As illustrated in Table 4.2, the researcher determined how categories connect to the
themes using a constant comparison method. The coding, category generation, and theme
mapping process took several weeks using a combination of both MAXQDA Analytics Pro 2020
for Mac OS, release 20.3.0, and an online mind genius software to help with mapping and theme
virtualization. The researcher reviewed and compared interview findings, observations, and
85
document reviews to identify emerging themes through data triangulation. The emergent themes
will be discussed in the results section of this chapter. Figure 4.1 is a word cloud that illustrates
the codes used, categories, and emergent themes from the study:
Figure 4.1. The codes, categories and emergent themes of the study.
After coding, constant comparison, and development of categories, 26 major categories,
and five major themes emerged from the study, as shown in table 4.2 and summarized in table
4.3. Out of 532 codes generated from the data using the MAXQDA auto coding feature, open
86
coding, and axial coding. The researcher used app.mindgenius.com to map all the generated
codes into categories, as illustrated in figure 4.2. Table 4.3 shows the emergent types from the
case study. Table 4.3 illustrates the emergent themes from interviews
Table 4.3
Emergent themes from the study
Theme ID Theme
The ITG value creation process leads to IT
1
agility for the Hospital’s IT network operations.
ITG is used for strategic alignment between the
2 Hospital’s governance practices and IT Network
operations.
IT governance is used to measure performance of
3
IT Network operations.
IT governance is used as a configuration
4
management tool to manage IT assets.
ITG is used for risk management and risk
5
mitigation for IT related risks.
87
Figure 4.2. Showing a map of emergent categories and themes of the study
88
The visual map in figure 2 illustrates the final stages of data categorization and data
mapping process followed by the researcher to categorize the five emerging themes of IT
governance at the Hospital.
Data Analysis: Interviews
Data analysis started as soon as the first interview was collected; however, intense data
analysis was conducted in February 20201. The transcribed interviews were uploaded to
MAXQDA Analytics Pro 2020 for Mac OS, release 20.3.0. The researcher used MAXQDA as a
qualitative analysis tool to store, code, analyze, and drive themes from the collected research
data. Data in MAXQDA constituted the research case record. The case record was organized into
subfolders such as interviews, document review, and observation. Organizing the data in a
structured record enabled the researcher to access, review quickly, and analyze it.
The researcher used an inductive approach to understand the effects of IT governance at
the hospital through a process of continually hunting for themes and concepts that emerge from
the collected data. The researcher used a ground-up data analysis strategy to allow themes to
emerge from the data. Patterns and themes were allowed to emerge from the data guided by the
researcher's questions. The researcher also focused on examining and categorizing data. The
coded data consisted of interview transcripts. Through the coding process, raw data was
converted into meaningful and usable data by identifying themes, concepts, and ideas related to
each other. Because coding is a nonlinear, iterative, and reflective process, the researcher used an
interactive approach to code themes and sub-themes that emerged from the data from the
beginning of the interview data collection process to the end of the interview data collection
process. Interviews were analyzed for information about (a) How IT governance delivers value
to the Hospital; (b) How IT governance leads to strategic alignment of IT network operations to
89
the Hospital's goals and missions; (c) How IT governance leads to performance management of
network operations; (d) IT governance and IT resource management; and (e); IT governance and
risk management; (f) What IT governance means in an organizational context. Five main themes
emerged from the interview data analysis process. Details about the interview findings and
Data Analysis: Observation
The researcher uploaded observation transcripts to MAXQDA for data categorization and
analysis for emerging themes. The observation allowed the researcher to learn about participant's
IT governance activities using Microsoft team. Similar to the interview data analysis process, the
researcher used a ground-up strategy to analyze the data for categories and themes emerging
from the data. The analysis process also used the constant comparison process to compare and
confirm categories and emergent themes between interviews, document review, and observation
transcripts. The observation findings were consistent with the hospital’s IT governance body's IT
policies and processes. Observation transcripts were analyzed for: (a) How IT governance
delivers value to the Hospital; (b) How IT governance leads to strategic alignment of IT network
operations to the Hospital's goals and missions; (c) How IT governance leads to performance
management of network operations; (d) IT governance and IT resource management; and (e); IT
governance and risk management; (f) What IT governance means in an organizational context.
Intense data analysis was conducted in February 2021. The main emerging themes from
observation data analysis are discussed in chapter 4.
Data Analysis: Document review
Intense document reviews were conducted in February and March 2021. The researcher
conducted document review analysis extracted from the IT service management documents
90
found on the Hospital’s IT service management portal in addition to interview and observation
data analysis. The researcher uploaded all collected data governance documents such as: (a) IT
service management definitions; (b) Change Management Process for Standard Change; (c)
Change Management Process for Normal Change; (d) Change Management Process for
Emergency; (e) Change Management Policy; (f) Release Management Process; (g) Release
Management Policy; (h) Service Level Management Policy; (i) Service level management
process; (j) Incident management process; (k) Configuration management polity (l) change
management process; (m) Configuration management process; (n) Asset Management Policy;
and (o) Service Level Management Policy to MAXQDA. The researcher reviewed IT
governance supporting documents for patterns and themes that emerged about how: (a) How IT
governance delivers value to the Hospital; (b) How IT governance leads to strategic alignment of
IT network operations to the Hospital's goals and missions; (c) How IT governance leads to
performance management of network operations; (d) IT governance and IT resource
management; and (e); IT governance and risk management; (f) What IT governance means in an
organizational context. The emerging themes from the document review were consistent with the
findings from interviews and observation. Details about the document review findings and
Results
The interview questions asked allowed the participants to explain how they perceived the
phenomenon of IT governance at the Hospital in their own words. As illustrated in table 4.3, the
five major emerging themes were: (a) The ITG value creation process leads to IT agility for the
Hospital's IT network operations; (b) ITG is used for strategic alignment between the Hospital's
governance practices and IT Network operations; (c) IT governance is used to measure the
91
performance of IT Network operations; (d) IT governance is used as a configuration
management tool to manage IT assets; (e) ITG is used for risk management and risk mitigation
for IT-related risks. The rest of this chapter delves into relevant interview participant findings,
observations, and document review. Figure 4.3 shows the emergent themes generated using
MAXQDA. The emergent themes generated from interviews, observations, and document
review analysis.
Figure 4.3 showing the emergent themes in MAXQDA
Relevant results from interviews, observation and document review.
This section shows the relevant results that emerged from interview participants,
document observations, and document reviews. The relevant results presented in this section
follow the structure of the research questions that guided the study.
SQ 1: Relevant results from interview data analysis.
This question was asked to elicit Network Operations engineer's and leaders' perceptions
about how ITG delivers value through the Hospital's network operations Team.
92
Although there were some opposing views about the effects of IT governance at the
Hospital, many interview participants seemed to suggest that IT governance provides room for
an effective response to business needs by enabling and supporting effective IT process, provide
network operations visibility to the business, provide stability and rigor to IT operations,
prioritization of actives and funding of business operations across the enterprise. Overall, IT
governance leads to stability. The participant responses below illustrate some of the opposing
views about IT governance expressed by the participants. Some of the opposing views came
from the same participants.
Participants 2 observed that some departments are very resistant to change. As a result,
the ITG change approval process sometimes impedes progress and leads to constant negotiation
with stakeholders before changes can be performed on the network. The ongoing negotiation is
usually because different departments experience different impacts depending on the magnitude
of the change; thus, some departments are more resistant to a network change than others.
Participant 9 seemed to agree with participant 2 by saying that some changes may need to be
scheduled for a later date depending on what is going on in the Hospital's critical units. The risk
benefits analysis drives the change approval process. Assessing all risks before network changes
are implemented is sometimes perceived as a roadblock to network changes.
Contrary to the views expressed by participants 2 and 9, that suggests that IT could
impede progress or become a roadblock to IT agility, participants 2,4, 9, and 10 argued that ITG
enables IT processes and clears roadblocks that prevent IT operations from being successful and
agile. Participant 4 emphatically stated that IT governance enables IT and could not think of a
situation where IT governance impeded IT network operations progress. Instead, IT governance
clears road blocks and provides finding needed to invest in the continuous improvement of IT
93
services at the hospital. Participant 2 agreed with participant 4 by stating that IT governance
brings value to the hospital by vetting reviewing network changes that could negatively affect
patient care. The goal of network operations is to have constant uptime or near uptime.
Additionally, participant 9 suggested that IT governance helps the network team focus and
prioritize the most critical activities to meet the hospital's goals and mission. Furthermore,
participant 10 noted that the network team understands why there are strict guidelines for
network changes and that the network team feels supported by the IT governance and leadership
team.
Participant 1 noted that IT governance brings visibility to the change process. The change
process is used to track network changes to minimize downtime that could impact patient care.
Participants 1 and 6 further noted that the ITG process at the hospital provides stability and rigor
by regulating modifications on the network to reduce the impact on the Hospital. Participant 11's
observations helped to bridge the gap between the opposing and supporting views of IT
governance by suggesting that. Although IT governance seems bureaucratic, IT governance
helps network engineers to implement improved products and services. Participant 4 maintained
IT agility is still possible with the Hospital's current IT governance practices. IT agility is
achieved by understanding the Hospital's strategic needs and devising plans to implement the
Hospital's IT service needs in a timely but safe approach.
Participants 7, 8, and 9 made observations about the value of a service catalog in the ITG
process. All service in the IT service catalog depends on the network. Participants 7 and 8 noted
that service level agreements are used to make the customers happy. Participant 3 summed up the
role that ITG plays to deliver value by saying that the network team is the Internet Service
94
Provider (ISP) of the Hospital and a partner in providing all critical network services needed for
the Hospital to function effectively.
As illustrated in this section, despite some opposing views about the effect IT
governance has on the Hospital, IT leadership and IT teams feel like the IT governance process
in place is a strong relationship with the Hospital's leadership, the strong IT governance
relationship with the Hospital allows the network operations team to operate effectively and
efficiently as observed by participants 4.
SQ 1: Relevant results from observations data analysis.
The interview participant responses about how ITG seeks to create value are consistent
with the researcher's findings in the CAB meetings attended by the researcher; many CAB
members asked questions that sought to understand the value that the network's changes were
adding to the business. As an example, in the CAB meeting conducted on Jan 25th, 2021. CAB
members discussed the value of upgrading network devices and applications to the latest
releases. The CAB's Vetting process is a value creation process that ensures that all changes add
value to the IT process and services to the hospital.
SQ 1: Relevant results from document review data analysis.
In addition to interviews and observation findings, document review findings revealed
that service level management policies are used to manage the quality of services offered by IT
network operations to the Hospital. For example, the service level management policy states that
"Service Level Management (SLM) establishes service targets, monitors to ensure targets are
met, and ensures that current and future IT services are delivered at agreed levels. (Service Level
Management Policy)". The change management process is used to ensure standard changes are
preapproved by the CAB; normal and emergency changes also require approval by the CAB. In
95
addition to change management and service level management. ITG documents also illustrated
the service release management process followed by the hospital. IT service release management
is another value creation process played by ITG at the hospital2. The following section reviews
key results from Sub-Question 2:data analysis.
SQ 2: How is IT governance of network operations used for strategic alignment to the
Hospital's goal and mission?
SQ 2: Relevant results from interview data analysis.
Many of the interview participants suggested that ITG creates a strong link with the
Hospital through strategic alignment, stability, and rigor. The Hospital's IT network operations
are run with the Hospital's strategic goals and mission in mind. Participants also noted that ITG
is used to improve decision-making, defining the IT department's vision and defining the IT
strategy for all IT operations aligned with the Hospital's goals and interests. Participants 1, 4, 8,
10, and 11 noted that IT governance is credited for offering perspective, stability, rigor,
performance management, and risk management. Participant 9 indicated that ITG is used to
maintaining the stability of network operations. Participant 1 postulated that the Hospital's ITG
processes provide stability and rigor by regulating activities such as network changes to reduce
the Hospital's impact resulting from network change. Participant 11 attributed IT success to the
vision, strategy, and IT process, and best practices implemented to the network the IT
governance practices at the Hospital.
Participant 8 affirmed that having a strong governance group is critical for IT network
operations and business success. In addition to effective IT governance, as noted by participants
4, 5, 8, and 11, IGT leaders at the Hospital, such as the CTO provide an organizational structure
standard across IT organization consistent with the IT needs of the hospital. Participant 2 noted
96
that IT governance is used to set out the ground rules for IT operations. As an example, it is
through ITG that changes on the network are approved. Such processes help to safeguard
patients who are a majority of end-users of IT services at the Hospital. The Hospital can deliver
the best possible product to the patients through IT governance.
Participant 4 further suggested that IT governance is used to create business value
through strategic planning and gap analysis. The IT department aligns with the Hospital's
strategic goals and missions by identifying the goals and objectives needed to achieve as an IT
group to meet the organizational strategy, goals, and objectives. After conducting a gap analysis
to determine the IT organization's current and future desired state. The IT department focuses on
what needs to be done through IT projects and tasks to attain the Hospital's future desired state.
Furthermore, IT governance creates a robust partnership between IT network operations
and the hospitals' leadership goals and missions. Such a relationship helps IT network operations
to understand the business goals of the Hospital. As suggested by participant 4, a stable
relationship between IT network operations and the hospital governance groups has led to a very
stable network that produces reliable IT services for the organization. The strong relationship
between IT and business is achieved by the right decision-making processes such as funding and
implementing reliable IT architecture to support the hospitals growing needs and changing
needs. Furthermore, as observed by participant 8, IT governance is used to "manage a very stable
network that produces great value for the organization." Participant 6 indicated that IT
governance is the tool that helps the network team, such as network engineers, to understand the
business needs of the Hospital.
Although some participants such as participant 3 suggested that Network operations are
removed from the direction and vision of the organization and that at operational level, they did
97
not see any alignment between their daily operations and IT governance as network engineers.
Most participants believe that ITG strikes a pretty good balance between control and allowing
network engineer autonomy. As an example, participant 7 noted that they did not feel like IT
governance was overly restrictive. Instead, ITG was used at the Hospital for a known purpose.
As pointed out by participant 4 noted, the sole purpose of IT governance at the Hospital was to
enable IT and IT operations.
SQ 2: Relevant results from observation data analysis
One of the critical discussions observed was about the issue of license compliance. One
of the changes presented in CAB of Jan 12th, 2021, was removing some Java application
installations from the IT environment for compliance purposes. Here is what one CAB member
stated “So this is basically, as a result of Oracle's licensing. We need to remove all of our Java
instances from our environment so that we could be in compliance since we're not purchasing
your licensing. And if users need a Java solution, they can just go to our software portal to
download Amazon Zeto”. The ITG observation about release management of licenses is
consistent with the finding from interview participants about the hospital’s need to run IT
network operations with the hospital's strategic goals and mission in mind.
SQ 2: Relevant results from document review data analysis
The service management policy and change management policies state that compliance
with regulatory requirements should be followed when applicable, especially in instances that
include the Health Insurance Portability and Accountability Act (HIPAA). The service
management policy further states that “Audits should be conducted to assess whether SLAs and
OLAs have been created and are being maintained in compliance with policies and procedures
and ensure that relevant measuring and reporting are being provided to determine if agreed
98
service levels are being met”. IT governance policies, therefore, seek to align IT activities with
federal regulations such as HIPAA. ITG policies such as the incident management policy are
used to record and manage incidents on the network. Incidents are managed with the goal of
minimizing the impact on the network and quickly restore services that the hospital depends on
for operations. The next section looks at performance measures as a tool for IT governance.
SQ 3: Relevant results from interview data analysis
This question was asked to explore Network Operations engineers and IT leadership
perceptions about how ITG manages performance operations for IT network operations.
Performance measure at the Hospital is based on activities that have to take place
between the current and future states of the organization. The activities between the current and
future states have to demonstrate progress to the desired future state. Participant 4 noted that
performing a gap analysis also helps the organizations determine the organization's current state
and where the organization wants to be. Participant 4 further stated that it is through the gap
analysis process that the organization defines how the future desired state is to be achieved.
Performance measure demonstrates how progress is achieved along the path to the future state.
Additionally, participant 8 noted that the IT network operations team implements
performance management at the operational level using key performance indicators such as
network health. Network health is measure using tools and dashboards to report on the network's
activities. Participant 1 noted that other performance indicators include monitoring network
utilization statistics, incident ticket resolution times, and problem tickets. As part of a
performance measure, participant 8 observed that they measure such activities as incident
management, mean time to repair rate, customer satisfaction rates, and much more. The network
99
operations team monitors network utilization on network links. Measuring network utilizations is
used to understand the utilization of the network environment better. Performance measures
such as network utilization statistics are used to inform IT decision-makers about where
additional investments need to be made to improve the Hospital's support. Additionally,
participant 1 noted that ongoing governance of (a) monitoring data, (b) logging data, (c)
monitoring trouble tickets, and (d) user performance concerns; through the ticketing system
provide performance data influential to spending decisions. Significant spending decisions may
be driven by changes such as network architecture changes.
A common observation noted by participants 1 and 8 is that knowing how the network is
used is one example that ITG uses to measure performance and determine architectural and
operational changes. Using data from the network, the IT team can quantify the increase in the
use of some core services and the need for additional resources such as hiring more full-time
network engineers to support the Hospital's growing needs.
Project management and asset management are also used as performance indicators.
Participant 9 noted that the project management team is used to manage and report on large
network projects. Project management reports such as project completion rates are used to
measure IT performance. For example, a high and successful project completion rate is viewed
as a good performance indicator. Another performance indicator used by the ITG at the Hospital
is asset management using the configuration management database (CMDB). Although there are
several CMDB used at the Hospital, participant 2 noted that asset management using the CMDB
is a tool used to manage assets for performance management,
Furthermore, as noted by participants 1, 10, and 11, service level management is also
used as a performance management tool. It was noted that the IT department has service level
100
agreements (SLAs) with some departments that heavily depend on IT for business operations.
Participant 7 mentioned that service level agreements are used to make sure the customers are
happy.
Although performance management is a key IT governance function. The change
advisory meetings attended by the researcher did not address IT governance performance
measures. Therefore, there are no key findings about IT performance that the researcher can
report on.
As defined in the service management policy “Service Level Management (SLM)
establishes service targets, monitors to ensure targets are met, and ensures that current and future
IT services are delivered at agreed levels (Service Level Management Policy)”. The service
management process is also used to measure performance based on defined and existing Service
Levels Agreements (SLAs) and Operational Level Agreements (OLAs) agreements (SLA). All
network services have measurable service targets outlined in the SLA. All IT services including
network related services are audited annually for relevance. Services that do not meet agreed
upon SLA develop Service improvement Plans (SIP) with the customer. SIPs are used for
continued service improvement. The next section reviews IT governance as a tool for resource
management.
management?
101
Participant 11 noted that asset management is used as a resource management tool to
determine why somebody has a device such as a laptop and know why somebody requested a
laptop and what kind of data resides on that laptop. Asset management is also used as an IT
governance tool to allocate IT assets in a way that is consistent with the Hospitals goals and
missions. Consistent with the responsibility of ITG, managing how resources are deployed and
why they are delayed, participant 11 further suggested that ITG also looks at the aspect of
translating the cost-effectiveness of IT services, such as making sure the organization has just the
right IT resources and solutions for the Hospital's needs. For example, participant 4 observed that
the ITG leadership team is constantly measuring how network resources such as bandwidth are
utilized and reviewing the network architecture to meet the Hospital's high-level needs.
Participants 1 and 11 noted that Asset Management is used for monitoring and managing
information about items that must be tracked because of financial or regulatory requirements.
Participant 1 further noted that the Hospital has an asset manager. The asset manager is
responsible for managing the asset management life cycle of all assets at the Hospital. However,
Participant 4 noted that assets or resource management is delegated to IT operations, and it is not
usually an aspect that IT governance is concerned with. Participant 4 further pointed out that the
only time ITG focuses on asset management is when there is a need for a significant strategic
change that could impact the organization. Asset management was generally viewed as an
operational issue as the ITG leadership team rarely discusses asset management issues. Effective
IT resource management starts with the vendor's adequate vetting to select the best and most
reliable solution. Selecting the most cost-effective and reliable solutions translates into an
excellent end-user experience at the Hospital; as noted by participant 2, the Hospital uses an RFP
102
process to procure new IT services. Participant 2 further noted that the RFP process is utilized to
ensure that money is well spent and not wasted by getting the best IT services.
Finally, as observed by participant 3, good stewardship of IT resources requires good IT
asset management. Under the umbrella of ITG, IT leaders seek to establish a return on
investment for new deployments. Furthermore, participant 3 observed that asset management is
the tool used to keep information on purchase dates and replacement costs of assets. Effective
resource management helps the IT Network operations team to manage their asset's life cycle
effectively. The next results to be reviewed are about risk management.
The hospital's IT CAB meetings confirmed interview participant's perceptions that the
change advisory body (CAB) is responsible for controlling changes that affect IT operations.
Therefore, the CAB provides an oversight role as stewards to changes made on all IT assets. The
role of controlling changes made on IT assets is a critical role for risk management further
discussed in the risk management section of data analysis.
Document reviews revealed that the CMDB is used for both performance management
and asset management. Using a CMDB is one of the ways the hospital manages IT resources and
assets. The Configuration management process states that configuration management is used to
identify and manage information about configuration items or significant IT service items. In the
document review of the configuration management policy, the policy further states that "The
Hospital uses a Service Asset and configuration management (SACM) process to manage assets
configuration management is a sub-process of the service asset and configuration management
(SACM) process. Furthermore, the configuration management policy states that the CMDB's role
103
is tracking information about items considered significant In-service delivery and may include
asset information. Participant views were consistent with the existing policy and processes about
asset management using the CMDB. The last and final section of this chapter is findings of how
IT governance is used for risk management at the hospital.
SQ 5: How is IT governance of network operations at the Hospital used for risk
management?
Participant 7 noted that risk management is one of IT governance's core functions and
one function that IT governance does best. The sole purpose of IT governance at the Hospital is
to manage and mitigate network change-related risks that could negatively affect patient care.
Participant 7’s observation is consistent with the Hospital's change management policy that
states that change Management's objective is to control changes that affect the Hospital's
operations logically and methodically to reduce adverse risks and maintain a stable environment.
Participant 7 further noted that the higher the risk level paused by a proposed network change,
the higher the scrutiny and involvement of IT governance.
Participant 1 noted that all network improvement project initiatives must consider the
risks that network changes are likely to pause to patients. Participant 1 further stated that new IT
solutions are set to ensure that the defined IT security measures are followed. Participant 1 also
noted that when deploying critical hospital applications, the solution architects ensure
appropriate redundancy and disaster recovery is built into the new solutions.
Participant 11 observed that IT governance is used to vet new ideas and changes that
require changing the direction of services offered through architecture committees and the
change control process. New services are vetted to understand why a given solution needs to be
104
implemented. Changes with significant impacts to the Hospital are evaluated against the overall
organizational strategy, such as network security. Participant 2 stressed that all new systems
undergo a comprehensive security review before implementation on the network. Participant 3
observed a risk group within the security team responsible for vetting all new systems' safety.
Furthermore, as suggested by participant 6, ITG encourages industry best practices such as ITIL
and enforcement of the security team's policies to mitigate and manage risks.
IT directors address risk management at the operational level. However, IT governance is
also responsible for Risk management at a strategic level. Participant 4 noted that risk
management is especially considered if there is a fundamental change in direction to change
strategy. Furthermore, participants 4 and 9 indicated that at the forefront of IT operations is
patient safety. IT practitioners at the Hospital seek to minimize IT operations' impact on patient
care, as was emphasized by participant 10. Participant 10 further noted. The whole objective of
the change advisory body is to manage or mitigate risks to hospital operations. Therefore, the
change advisory body (CAB) asked questions about the risk level or a specific change during
CAB meetings. The researcher validated the risk management and risk validation process during
the three CAB meetings observed during the data collection process.
Although there are strategic risks and compliance initiatives, as noted by participant 8,
the Hospital's IT department tends to be reactionary to security risks and events. Participant 8
further indicated that Hospital's IT governance and security management team should be
proactive in mitigating security events. Participant 8 also noted that one of the reasons why the
Hospital ends up in a reactionary mode is due to the funding model. Many strategic initiatives
already have funding allocated, whereas unplanned security does not have funds allocated.
However, Participant 4 noted that the hospital has a risk management insurance policy.
105
The researcher observed that risk management and risk mitigation is all that the change
advisory body (CAB) does. Risk management is performed by regulating preapproving standard
changes, reviewing, and approving normal and emergency changes. This observation is
consistent with the views of research participants about the hospital's risk management process.
Existing documents about the hospital's change management processes also confirm the role of
the change management process in managing risks at the hospital.
All change management documents reviewed revealed that one of the change
management processes’ roles is to mitigate risks by providing oversight over network operations
changes. For example, the emergency change management policy states that the objective of
change management is to control changes that affect the hospital's operations. CAB follows
change and service management policies and processes to provides oversight for change
Management by reviewing and approving changes that could impact the health of the network
and patient care.
Chapter Summary
This Chapter explained the inductive analytical process used to code, develop categories,
and emerging themes. Furthermore, Chapter 4 presented the data collection process with sections
such as the informed consent, discussion of the data analysis phases, research participant
demographics. Chapter 4 presented a detailed data analysis method used to analyze data from
interviews, observation and document review. Finally, chapter 5 presented the results of the data
analysis process. Chapter 5 presents the Conclusions and Recommendations based on the five
emergent themes and research findings in chapter 4.
106
Chapter 5
Conclusions and Recommendations
Organizations can survive through the 21st century by adopting processes of constant
enhancement and effective application of information technology (Beaulieu-Brossard & Dufort,
2017). Research suggests that Information Technology Governance (ITG) ranks as one of the top
concerns of organizational leaders (Beaulieu-Brossard & Dufort, 2017; Falchi de Magalhães et
al., 2020). Just like good corporate governance leads to corporate success, so too good IT
governance leads to organizational success (Jeanne & Peter, 2004). Organizations that have
effective IT governance reported 20% more profitable bottom lines than organizations that do not
have IT governance (Weill & Ross, 2005). Organizations have an incentive to effectively run IT
operations because many organizations depend on IT for value creation and business success.
Decision-makers at the board level of an organization are faced with the need to make
sound IT-related decisions (Huygh & De Haes, 2019). Companies cannot remain innovative and
competitive without Information Technology (IT). Many organizations depend on IT for
innovation and for maintaining a competitive advantage. Organizational practices and skills are
needed to manage an organizations IT assets and operations. The achievement of business values
heavily depends on IT governance (Huygh & De Haes, 2019). Using corporate governance
bodies such as IT governance, effective IT operations can be well managed (Van Grembergen,
2007). IT governance is a branch of corporate governance used to institutionalize the
management and overseeing of IT assets by implementing processes, structures, and relational
mechanisms that enable IT and business to succeed (Huygh & De Haes, 2019). Caluwe and De
Haes (2019) further noted that IT governance is used for integrating IT strategy with an
organizational system to minimize enterprise IT-related risks and optimize IT investments. The
107
ever-increasing dependence of hospitals on IT calls for the effective management of IT assets in
hospital environments IT governance is used in hospitals to cut costs and offer innovative
solutions to offer and improve patient care (Bradley et al., 2012).
This exploratory qualitative single case study sought to understand essential network
governance and network operations stakeholders' perceptions of IT governance's effects on
hospital network operations. The study also explored IT governance's perceived impact on
network operations at a Hospital in the Western United States of America. This study (a)
Contributes to the knowledge of professionals such as IT managers, Network engineers, hospital
administrators, and other hospital stakeholders about the significant contributions that IT
governance could have on hospital network operations. (b) The research findings also contribute
to the understanding of IT professionals and hospital administrators about how to effectively
implement IT governance as a way to improve the alignment of network operations with the
strategic, goals, and missions of the hospital. This chapter describes the analysis process and the
study results using a constant comparison data analysis approach.
Research Questions
The main research question was “What is the relationship between IT governance and
hospital network operations?” based on the literature review, five sub-research questions were
developed and asked to help the researcher understand the effects of ITG on network operations
at a hospital in the Western United States of America. The following sub-questions were used to
guide the research:
goal and mission?
108
management?
This chapter builds on the first three chapters, the introduction, literature review, and
methods used to collect the data to analyze and present the findings. Chapter 4 also serve as a
transitionary chapter to the findings and conclusions in chapter 5. This chapter presents an
inductive analytical process used to code, develop categories, and emerging themes.
Furthermore, this chapter presents the data collection process with sections such as the informed
consent, discussion of the data analysis phases, research participant demographics, the data
analysis method used, and a presentation of the analysis results.
Discussion of Findings
The findings in this section are drawn from the 11 reach participant responses,
observation of 3 change advisory board (CAB) meetings, and document review of documents
retrieved from the hospital's IT service management page. The findings illustrate the perceived
effect of IT governance of network operations at a hospital in the Western United States of
America. The interview participants were IT service management managers, network engineers,
firewall engineers, IT directors and the Chief Information Technology Officer (CTO). Semi-
structured interviews were used to collect participant responses. Additionally, the researcher
used document reviews and observation to validate the interview findings. Research participant
responses were recorded and transcribed using otter.ai.
The intense data analysis process started after the research data were uploaded to
MAXQDA Analytics Pro 2020 for Mac OS, release 20.3.0. Data was uploaded to MAXQDA to
109
create a case record and database that made it easy to search on keywords during the coding
process. The researcher started the analysis process by reviewing, reading, re-reading, coding the
data, and engaging in a constant comparison process to generate categories and themes from
interview transcripts, observation transcripts, and IT governance process and policy documents.
The categories and themes generated from the research data provided valuable insights and
answers to the research question. The data findings in chapter 4 were used to draw conclusions
and recommendations by comparing and contrasting the study results to the existing literature.
Conclusions and recommendations will be drawn from the emerging five emerging themes of
this study. The five emerging themes were:
1. The ITG value creation process leads to IT agility for the hospital's IT network
operations.
2. ITG is used for strategic alignment between the hospital's governance practices and IT
Network operations.
3. IT governance is used to measure the performance of IT Network operations.
4. IT governance is used to manage IT assets using a configuration management tools.
5. ITG is used for risk management and risk mitigation for IT-related risks.
The next section presents the implications for each of the five-sub research question
asked and the emerging themes from each of five research questions from the 11 participants.
Table 5.1 shows the relationship between the five emerging research sub-questions and the
emerging themes from the study.
110
Table 5.1
Research questions and corresponding emergent themes
Research question Emergent theme.
R1. How is IT governance of network The ITG value creation process leads to
operations used to deliver value to the IT agility for the Hospital’s IT network
hospital? operations.
R2. How is IT governance of network ITG is used for strategic alignment
operations used for strategic alignment to between the Hospital’s governance
the Hospital's goal and mission? practices and IT Network operations.
R3. How is IT governance of network
operations used for performance IT governance is used to measure
management? performance of IT Network operations.
operations at the Hospital used for resource IT governance is used to manage IT assets
management? using a configuration management tools.
operations at the Hospital used for risk ITG is used for risk management and risk
management? mitigation for IT related risks.
Most findings in this study were consistent with the findings in the literature. The section
below will compare and contrast the study findings with existing current literature on the effects
of IT governance in organizations.
111
Comparing and contrasting study findings with existing literature.
Theme 1. The ITG value creation process leads to IT agility for the hospital's IT network
operations. Most participants seemed to agree that IT governance creates value to the business
through the IT department's services. Vidmar et al. ( 2021) suggested that policymakers can use
IT to attain sustainable business objectives such as an organization's economic, social, and
environmental objectives. Sustainable business objectives can be achieved through IT
innovation. In most organizations, the IT department constitutes one of the most significant
portions of most firm investments. IT departments are increasingly the critical driver for strategic
initiatives in organizations. Therefore, there is a growing need for many businesses to see a
return on IT investments (Héroux & Fortin, 2018).
The value creation process is mainly attributable to best practices such as IT service
management (ITSM) as a tool to effectively deliver IT services (Winkler & Wulf, 2019).
Additionally, Zhen et al. (2021)) suggested that as organizations continuously rely on IT to
remain agile top management support of IT initiatives contributes to IT agility. IT governance
can be used to harmonize IT operations to achieve business agility by adopting governance
methods that use flattened organizational structures, smooth information flow, effective team
management for decision making, devolution of authority, and using participative management
styles, among others (Couto et al., 2015). The emergent findings from theme 1 about the role of
IT governance of network operations at the hospital in the value creation process are consistent
with current literature and industry best practices.
Theme 2. The IT governance process is used for strategic alignment between the
hospital's governance practices and IT Network operations. Many participants suggested that
there is a strong relationship between IT governance and the business. Research shows that IT
112
alignment with business is critical for the decision-making process and the efficient
implementation of information technology in an organization (Couto et al., 2015).There is a
positive relationship between alignment and performance of proactive organizations. Therefore,
the IT organizations' alignment with the business leads to business success (Chau et al., 2020).
Patterson (2020) observed that it is almost impossible to separate business and IT strategies
because information technology is developing at an accelerated rate. Information technology can
only create value if aligned with the business strategy. New initiatives at the Hospital are
reviewed and approved by the ITG leadership team, as noted by research participant 1.
Participant 4 indicated that IT governance clears any roadblocks that may impede IT success. As
a foundation for IT architecture, the IT department at the hospital designs solutions that serve the
hospital's needs.
Theme 3. Information technology governance is used to measure the performance of IT
Network operations. Theme 3 is consistent with research findings that show that firms with
reliable IT capabilities lead to superior firm performance. A positive correlation between
effective IT project governance and project success or completion rate exists (Sirisomboonsuk et
al., 2018). Project completion rates are one of the key performance indicators of the efficient use
of IT resources. IT business value is measured based on improved productivity, improved
profitability, cost reduction, and the ability to enhance the organization's competitive advantage
(Pathak et al., 2019)
Additionally, enterprise IT architectures such as IT network designs should be designed in order
to optimize business workflows. Optimizing business work follows could result in maximizing
business benefits (Dumitriu & Popescu, 2020). Consequently, performance measures should be
integrated into the enterprise IT architecture design.
113
Theme 4. IT governance is used to manage IT assets using configuration management
tools. Many IT network operational failures are attributable to poor asset management; IT
failures that compromise IT assets' functional integrity and availability tend to be harmful to a
firm because such failures may compromise the confidentially of a firm's data assets (Langer,
2017). One of the relationships between IT governance and corporate governance is exercising
good stewardship through effective asset management (Juiz et al., 2015). Information technology
governance supports a business by identifying and managing strategic IT resources (Gërvalla et
al., 2018). Furthermore, IT resources at the hospital are managed using the configuration
management database. Consistent with the role of ITG in asset management as noted by
(Gërvalla et al., 2018; Langer, 2017; Juiz et al., 2015), several research participants pointed out
despite the existence of several configuration management data bases (CMDB), asset
management using CMDBs was a key component of IT service management at the Hospital.
Theme 5. Information technology governance is used for risk management and risk
mitigation for IT-related risks. Many participants suggested that risk management is the primary
goal of IT governance. Theme 5 is consistent with existing literature that suggests that IT
governance is used as a tool to manage both IT-related operational risks and business-related
risks as firms continue to face IT-related operational risks (Rubino et al., 2017). Additionally,
internal control of IT operations is the foundation of IT governance. Managers use ITG as a tool
to manage risks effectively and as a tool to manage internal business controls (Rubino et al.,
2017b). Heightened information technology-related security risks are a significant concern to
many organizations such as hospitals. Vincent et al. (2017) noted that IT risk management's
maturity is higher when the CIO reports to the CEO. Additionally, IT risk management practices
maturity mediates the relationship between IT governance and IT risk management practices
114
(Edirisinghe Vincent & Pinsker, 2020). IT-related risks can be managed and mitigated by raising
awareness among IT managers about IT-related risks (Edirisinghe Vincent & Pinsker, 2020).
Limitations
The first limitation is that this study was a qualitative single case study and the findings
are limited to one major hospital in the Western United States of America. Generalizing the
conclusions from this study might be hard to apply in other hospital environments. The second
limitation was that study was conducted during the Covid 19 pandemic. Due to health experts
and government-mandated restrictions, the researcher could not interact with research
participants in a face-to-face interview process. The third limitations is that although most
research participants in the purposive sample were conversant with IT governance practices at
the hospital, some of the participants were not well-versed in how IT governance is implemented
and how their day-to-day efforts align with the Hospital's goals and missions through IT
governance. Participants that were not conversant with the IT governance practices could not
adequately speak to the effect of IT governance.
Recommendations to Leaders and Practitioners
This section includes recommendations for each of the five emerging themes.
Theme 1 recommendation. The ITG value creation process leads to IT agility for the
Hospital's IT network operations. Although most participants viewed IT governance as an
enabler of IT services and a strong partner with the business, a few participants suggested that
they sometimes viewed ITG as a roadblock that could impede the IT departments' agility or did
not see IT governance's role in their day-to-day operations. The recommendation is that CTO and
the IT governance group train or retrain the IT operations team about the benefits of IT
governance and how their roles contribute to the value creation and value delivery of IT services
115
to the Hospital. IT leadership at the Hospital could provide all IT network operations employees
with IT best practice training such as Information Technology Infrastructure Library version 4
(ITILV4) and Control Objectives for Information and Related Technology version 5 (COBIT 5).
Such training would provide IT network operations employees with a holistic view of the role of
IT governance in the value creation process at the Hospital.
Theme 2 recommendation. Information technology governance is used for strategic
alignment between the hospital's governance practices and IT Network operations. Similar to the
observations made in theme 1, many employees expressed their appreciation for IT governance
and IT governance's role in aligning IT operations with the business. However, some employees
had a hard time seeing the alignment and benefits of aligning IT network operations to the
Hospital's strategic goals and missions. Similar to the recommendations noted in theme 1,
retaining the employees and constantly communicating with employees about the role and value
of network operations alignment to the organization's business goals will help improve the
perception of IT governance and IT governance at the Hospital.
Theme 3 recommendation. Information technology governance is used to measure the
performance of IT Network operations. Almost all participants did not seem to articulate how
ITG is used for performance management. The lack of clear performance measures may result in
poor execution of the IT delivery process. It could impact the quality of services delivered by the
network operations team to the Hospital. The researcher recommends that the hospital
implements performance measures such as using a balanced scorecard. A balanced scorecard is a
tool used to measure how the IT department aligns and focuses its people on the organizations'
strategic goals. The BSC helps an organization view the organization's performance from both a
financial and non-financial perspective (Lawrence & Gratton, 2016). The balanced scorecard can
116
also be used to measure structure, cost, productivity, and quality of IT operations (Valchkov &
Valchkova, 2018).
Theme 4 recommendation. The IT governance is used to manage IT assets using
configuration management tools. Some key participants noted that assets or resource
management is delegated to IT operations, and it is not usually an aspect that IT governance is
concerned with. Some participants further noted that ITG is strictly focused on IT strategy.
However, the literature on IT governance suggests that One of the relationships between IT
governance and corporate governance is exercising good stewardship through effective asset
management (Juiz et al., 2015). IT governance supports a business by identifying and managing
strategic IT resources (Gërvalla et al., 2018). Consequently, the researcher's recommendation to
the IT governance team is that more time and resources are dedicated to the stewardship and
accountability of IT assets at the Hospital.
Theme 5 recommendation. Information technology governance is used for risk
management and risk mitigation for IT-related risks. Despite the existence of strategic risk and
compliance initiatives at the hospital, some participants noted that the hospital's IT department
tends to be reactionary to security risks and events. Yet, the hospital should be proactive when it
comes to mitigating security events. The hospital's reactionary stance on IT risks was attributed
to a lack of budget to deal with security events as they occur. As observed by Selig (2016), one
of the responsibilities is that ITG is responsible for managing risks and contingencies
proactively. Benz and Chatterjee (2020) recommended that IT practitioners proactively
implement cybersecurity measures such as identifying, detecting, responding, and recovering
from security incidents. The researcher recommends that the hospital's strategic leadership team
117
ensures that cybersecurity efforts are well funded to respond to emerging information security
risks proactively. Table 5.2 presents a summary of the emerging themes and recommendations.
Table 5.2
Research emergent themes and recommendations

Emergent theme Recommendations
Training and retraining employees in IT

The ITG value creation process leads to IT
best practices such as COBIT 5 and ITIL
agility for the Hospital’s IT network
V5 to raise awareness about the ITG value
operations.
delivery process.
Constant communications about ITG,
training and retraining employees in IT

ITG is used for strategic alignment between
best practices such as COBIT 5 and ITIL
the Hospital’s governance practices and IT
V5 will help improve the perception of IT
Network operations.
governance and IT governance at the
Hospital.
IT governance is used to measure Implement a balanced score card (BSC) as
performance of IT Network operations. a performance management tool.
ITG should dedicate more time and

IT governance is used to manage IT assets
resources to the stewardship and
using a configuration management tools
accountability of IT assets at the Hospital.
ITG is used for risk management and risk The hospital's strategic leadership team
mitigation for IT related risks. ensures that cybersecurity efforts are well
118
funded to respond to emerging
information security risks proactively.
Recommendations for Future Research
Since this study was a single exploratory case study, future studies may conduct a multi
case study. A multi case study may be conducted to include other hospitals to help validate the
external validity of this research findings. The findings in this study may further be explored by
using other research methods such as:
1. A Multi case study with more than one hospital.
2. A quantitative research method to measure the impact of IT governance on hospital
network operations quantitatively.
3. An action research method to develop specific actions that should be implemented for
each of the issues noted in chapter 5.
4. A grounded theory to develop an emerging approach about the effects of IT governance
of hospital network operations.
Chapter Summary
Chapter five presented the study's conclusions and recommendations based on the
researcher's findings from chapter 5. The key conclusions based on the study's emergent themes
were: (a) The ITG value creation process leads to IT agility for the Hospital's IT network
operations; (b) ITG is used for strategic alignment between the Hospital's governance practices
and IT Network operations; (c) IT governance is used to measure the performance of IT Network
operations; (d) IT governance is used to manage IT assets using a configuration management
tools, and (c) ITG is used for risk management and risk mitigation for IT related risks. The five
119
key recommendations are: (a) Training and retraining employees in IT best practices such as
COBIT 5 and ITIL V5 to raise awareness about the ITG value delivery process; (b) Constant
communications about ITG, training and retraining employees in IT best practices such as
COBIT 5 and ITIL V5 will help improve the perception of IT governance and IT governance at
the Hospital; (c) Implement a balanced scorecard (BSC) as a performance management tool; (d)
ITG should dedicate more time and resources to the stewardship and accountability of IT assets
at the Hospital; and (e) The Hospital's strategic leadership team ensures that cybersecurity efforts
are well funded to respond to emerging information security risks proactively.
A previously noted, the findings in this study may further be explored by using other
research methods such as:
1. A Multi case study with more than one hospital.
2. A quantitative research method to measure the impact of IT governance on hospital
network operations quantitatively.
3. An action research method to develop specific actions that should be implemented for
each of the issues noted in chapter 5.
4. A grounded theory to develop an emerging approach about the effects of IT governance
of hospital network operations.
Further exploration could be dedicated to developing training modules that can help
improve IT governance alignment with the Hospital's goals and objectives. Additionally, further
research could be conducted using a mixed-method approach with multiple cases. The findings
for the study can help improve the applicability of the study findings to a larger environment.
The study contributed to the body of knowledge that effective IT governance leads to (a)
an improved ITG value creation process. An improved value creation process leads to IT agility
120
for the Hospital's IT network operations; (b) ITG plays a critical role in the strategic alignment
between the Hospital's governance practices and IT Network operations; (c) IT governance can
be used to measure the performance of IT Network operations; (d) IT governance is used to
manage IT assets using a configuration management tools, and (e) ITG is used for risk
management and risk mitigation for IT-related risks.
The practical application of IT governance best practices such as COBIT and ITIL will
enable the hospital's IT network operations to improve IT services continuously. The Hospital's
IT leadership team should constantly evaluate how IT governance enhances IT network
operations service delivery using a balanced scorecard. Additionally, the Hospital IT leadership
team will need to continually communicate what they are doing to the IT team to raise awareness
and alignment of IT network operations alignment with the hospital's goals and missions.
Finally, the researcher recommends that the hospital's IT department implement the COBIT
framework of IT governance and continually measure the IT department's maturity COBIT
maturity level.
121
References
Abu-Khadra, H. A., Chan, J. O., & Pavelka, D. D. (2012). Communications of the IIMA
Incorporating the COBIT Framework for IT Governance in Accounting Education
Incorporating COBIT Framework for IT Governance in Accounting Education
Incorporating the COBIT Framework for IT Governance in Accounting Education.
Communications of the IIMA, 12(2), 81–92.
http://scholarworks.lib.csusb.edu/ciima%0Ahttp://scholarworks.lib.csusb.edu/ciima/vol12/is
s2/6
Ahmad, N., Amer, N. T., Qutaifan, F., & Alhilali, A. (2013a). Technology adoption model and a
road map to successful implementation of ITIL. Journal of Enterprise Information
Management, 26(5), 553–576. https://doi.org/10.1108/JEIM-07-2013-0041
Ahmad, N., Amer, N. T., Qutaifan, F., & Alhilali, A. (2013b). Technology adoption model and a
road map to successful implementation of ITIL. Journal of Enterprise Information
Management, 26(5), 553–576. https://doi.org/10.1108/JEIM-07-2013-0041
Ako-Nai, A., & Singh, A. M. (2019). Information technology governance framework for
improving organisational performance. SA Journal of Information Management, 21(1), 1–
12. https://doi.org/10.4102/sajim.v21i1.1010
Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: An
IT outsourcing perspective. Information Systems Frontiers, 14(2), 179–193.
https://doi.org/10.1007/s10796-009-9183-y
Alpi, K. M., & Evans, J. J. (2019). Distinguishing case study as a research method from case
reports as a publication type. Journal of the Medical Library Association, 107(1), 1–5.
https://doi.org/10.5195/jmla.2019.615
122
Altemimi, M. A. H., & Mohamad Shanudin, Z. (2015). IT Governance Landscape: Toward
Understanding the Effective IT Governance Decision-Making. Scholedge International
Journal of Business Policy & Governance, 2(11), 5–17.
https://doi.org/10.19085/journal.sijbpg021102
Amu, H., & Nyarko, S. H. (2019). Satisfaction with Maternal Healthcare Services in the Ketu
South Municipality, Ghana: A Qualitative Case Study. BioMed Research International,
2019. https://doi.org/10.1155/2019/2516469
Asgarkhani, M., Cater-Steel, A., Toleman, M., & Ally, M. (2017). Failed IT projects: Is poor IT
governance to blame? Proceedings of the 28th Australasian Conference on Information
Systems, ACIS 2017, 1–9.
Barusch, A., Gringeri, C., & George, M. (2011a). Rigor in qualitative social work research: A
review of strategies used in published articles. Social Work Research, 35(1), 11–19.
https://doi.org/10.1093/swr/35.1.11
Barusch, A., Gringeri, C., & George, M. (2011b). Rigor in qualitative social work research: A
review of strategies used in published articles. Social Work Research, 35(1), 11–19.
https://doi.org/10.1093/swr/35.1.11
Baxter Pamela, & Jack, S. (1990). Qualitative case study methodology: study design and
implementation for novice researchers. The Qualitative Report, 13(4), 544–559.
https://nsuworks.nova.edu/tqr/vol13/iss4/2
Beaulieu-Brossard, P., & Dufort, P. (2017). HOW INFORMATION TECHNOLOGY
GOVERNANCE MECHANISMS AND STRATEGIC ALIGNMENT INFLUENCE
ORGANIZATIONALPERFORMANCE: INSIGHTSFROMA MATCHED SURVEY OF
BUSINESS AND IT MANAGERS. Journal of Military and Strategic Studies, 17(4), 1–20.
123
Bendickson, J., Muldoon, J., Liguori, E. W., & Davis, P. E. (2016). Agency theory: background
and epistemology. Journal of Management History, 22(4), 437–449.
https://doi.org/10.1108/JMH-06-2016-0028
Benz, M., & Chatterjee, D. (2020). Calculated risk? A cybersecurity evaluation tool for SMEs.
Business Horizons, 63(4), 531–540. https://doi.org/10.1016/j.bushor.2020.03.010
Best, A., Berland, A., Greenhalgh, T., Bourgeault, I. L., Saul, J. E., & Barker, B. (2018).
Networks as systems: A case study of the World Health Organisation’s Global Health
Workforce Alliance. Journal of Health Organization and Management, 32(1), 9–24.
https://doi.org/10.1108/JHOM-06-2017-0129
Bhatta, T. P. (2018). Case Study Research, Philosophical Position and Theory Building: A
Methodological Discussion. Dhaulagiri Journal of Sociology and Anthropology, 12, 72–79.
https://doi.org/10.3126/dsaj.v12i0.22182
Bianchi, I. S., & Sousa, R. D. (2016). IT Governance Mechanisms in Higher Education.
Procedia Computer Science, 100, 941–946. https://doi.org/10.1016/j.procs.2016.09.253
Blumenthal, D. (2010). Guiding the health information technology agenda. Interviewed by David
J. Brailer. Health Affairs (Project Hope), 29(4), 586–595.
Boddy, C. R. (2016). Sample size for qualitative research. Qualitative Market Research, 19(4),
426–432. https://doi.org/10.1108/QMR-06-2016-0053
Bowen, P. L., Cheung, M. Y. D., & Rohde, F. H. (2007). Enhancing IT governance practices: A
model and case study of an organization’s efforts. International Journal of Accounting
Information Systems, 8(3), 191–221. https://doi.org/10.1016/j.accinf.2007.07.002
124
Bradley, R. V., Byrd, T. A., Pridmore, J. L., Thrasher, E., Pratt, R. M. E., & Mbarika, V. W. A.
(2012). An empirical examination of antecedents and consequences of IT governance in US
hospitals. Journal of Information Technology, 27(2), 156–177.
https://doi.org/10.1057/jit.2012.3
Brewer, E. W., Torrisi-Steele, G., & Wang, V. X. (2015). Survey Research. International
Journal of Adult Vocational Education and Technology, 6(4), 46–64.
https://doi.org/10.4018/IJAVET.2015100106
Brown, A. E., & Grant, G. G. (2005). Framing the Frameworks: A Review of IT Governance
Research. Communications of the Association for Information Systems, 15(May).
https://doi.org/10.17705/1cais.01538
Brown, J. B., Ryan, B. L., Thorpe, C., Markle, E. K. R., Hon, B. A., & Glazier, R. H. (2015).
Measuring teamwork in primary care: Triangulation of qualitative and quantitative data.
33(3), 193–202.
Browne, K. (2005). Snowball sampling: Using social networks to research non-heterosexual
women. International Journal of Social Research Methodology: Theory and Practice, 8(1),
47–60. https://doi.org/10.1080/1364557032000081663
Buchwald, A., Urbach, N., & Ahlemann, F. (2014). Business value through controlled IT:
Toward an integrated model of IT governance success and its impact. Journal of
Information Technology, 29(2), 128–147. https://doi.org/10.1057/jit.2014.3
Buntin, M. B., Burke, M. F., Hoaglin, M. C., & Blumenthal, D. (2011). The benefits of health
information technology: A review of the recent literature shows predominantly positive
results. Health Affairs, 30(3), 464–471. https://doi.org/10.1377/hlthaff.2011.0178
125
Caluwe, L., & De Haes, S. (2019). Board Level IT Governance: A Scoping Review to Set the
Research Agenda. Information Systems Management, 36(3), 262–283.
https://doi.org/10.1080/10580530.2019.1620505
Candela, A. G. (2019). Exploring the function of member checking. Qualitative Report, 24(3),
619–628.
Carcary, M. (2009). The research audit trial - enhancing trustworthiness in qualitative inquiry.
Electronic Journal of Business Research Methods, 7(1), 11–24.
Casey, D., & Murphy, K. (2009). Methods and Meanings: Credibility and Trustworthiness of
Qualitative Research. Nurse Researcher, 16(4), 40–55.
https://doi.org/10.7748/nr2009.07.16.4.40.c7160
Castleberry, A., & Nolen, A. (2018). Thematic analysis of qualitative research data: Is it as easy
as it sounds? Currents in Pharmacy Teaching and Learning, 10(6), 807–815.
https://doi.org/10.1016/j.cptl.2018.03.019
Chau, D. C. K., Ngai, E. W. T., Gerow, J. E., & Thatcher, J. B. (2020). The Effects of Business-
IT Strategic Alignment and IT Governance on Firm Performance: A Moderated Polynomial
Regression Analysis. MIS Quarterly, 44(4), 1679–1703.
https://doi.org/10.25300/misq/2020/12165
Chenail, R. J. (2011). Interviewing the Investigator_ Strategies for Addressing Instrume. The
Qualitative Report, 16(1), 255–262.
http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1051&context=tqr/%0Ahttps://nsuwo
rks.nova.edu/tqr/vol16/iss1/16
126
Christopher, J. (2010). Corporate governance-A multi-theoretical approach to recognizing the
wider influencing forces impacting on organizations. Critical Perspectives on Accounting,
21(8), 683–695. https://doi.org/10.1016/j.cpa.2010.05.002
Clarke, C. T., & Branson, D. (2016). The SAGE Handbook of Corporate Governance
Introduction : Corporate Governance – An Emerging Discipline ?
Clarke, T., & Branson, D. M. (2012). The SAGE handbook of corporate governance. The SAGE
Handbook of Corporate Governance, 1–657. https://doi.org/10.4135/9781446200995
Connelly, L. M. (2016). Trustworthiness in qualitative research. MEDSURG Nursing, 25(6),
435–436.
Cooper, T., Stavros, C., & Dobele, A. R. (2019). Domains of influence: exploring negative
sentiment in social media. Journal of Product and Brand Management, 28(5), 684–699.
https://doi.org/10.1108/JPBM-03-2018-1820
Coso Strong, A., & Sekayi, D. (2018). Exercising professional autonomy: Doctoral students’
preparation for academic careers. Studies in Graduate and Postdoctoral Education, 9(2),
243–258. https://doi.org/10.1108/SGPE-D-18-00005
Cotter, C. M. (2007). Making the case for a clinical information system: The chief information
officer view. Journal of Critical Care, 22(1), 56–65.
https://doi.org/10.1016/j.jcrc.2007.01.005
Couto, E. S., Lopes, M. F. C., & Sousa, R. D. (2015). Can IS/IT Governance Contribute for
Business Agility? Procedia Computer Science, 64, 1099–1106.
https://doi.org/10.1016/j.procs.2015.08.565
127
Creswell, John W.; Creswell, D. J. (2018). Research Design: Qualitative, quantitative and Mixe
Methods Approaches. In Sage publication (Issue 5).
https://doi.org/10.1017/CBO9781107415324.004
Creswell, J. W. (2009). EDITION (3rd ed.). Sage Publications, Inc.
Creswell, J. W. (2014). Reseach Design: Qualitative, Quantitative and Mixed Methods
Approaches (4th ed.). SAGE Publications, Inc.
https://www.academia.edu/39374010/John_W._Creswell_Research_Design_Qualitative_Q
uantitative_and_Mixed_Methods_Approaches_SAGE_Publications_Inc_2013_
Cunningham, J. A., Menter, M., & Young, C. (2017). A review of qualitative case methods
trends and themes used in technology transfer research. Journal of Technology Transfer,
42(4), 923–956. https://doi.org/10.1007/s10961-016-9491-6
Cutcliffe, J. R., & McKenna, H. P. (1999). Establishing the credibility of qualitative research
findings: The plot thickens. Journal of Advanced Nursing, 30(2), 374–380.
https://doi.org/10.1046/j.1365-2648.1999.01090.x
Cypress, B. S. (2017). Rigor or reliability and validity in qualitative research: Perspectives,
strategies, reconceptualization, and recommendations. Dimensions of Critical Care Nursing,
36(4), 253–263. https://doi.org/10.1097/DCC.0000000000000253
Daniel, B. K. (2018). Empirical verification of the “TACT” framework for teaching rigour in
qualitative research methodology. Qualitative Research Journal, 18(3), 262–275.
https://doi.org/10.1108/QRJ-D-17-00012
128
Dawson, G. S., Denford, J. S., Williams, C. K., Preston, D., & Desouza, K. C. (2016). An
Examination of Effective IT Governance in the Public Sector Using the Legal View of
Agency Theory. Journal of Management Information Systems, 33(4), 1180–1208.
https://doi.org/10.1080/07421222.2016.1267533
Delaney, L. (2015). The challenges of an integrated governance process in healthcare. Clinical
Governance, 20(2), 74–81. https://doi.org/10.1108/CGIJ-02-2015-0005
Devers, K. J., & Frankel, R. M. (2000). Study design in Qualitative research - 2: Sampling and
data collection strategies. Education for Health, 13(2), 263–271.
https://doi.org/10.1080/13576280050074543
Doherty, N. F., Ashurst, C., & Peppard, J. (2012). Factors affecting the successful realisation of
benefits from systems development projects: Findings from three case studies. Journal of
Information Technology, 27(1), 1–16. https://doi.org/10.1057/jit.2011.8
Donaldson, L., & Davis, J. H. (1991). Stewardship Theory or Agency Theory: Australian
Journal of Management, 16(June 1991), 49–66.
https://doi.org/10.1177/031289629101600103
Dumitriu, D., & Popescu, M. A. M. (2020). Enterprise architecture framework design in IT
management. Procedia Manufacturing, 46, 932–940.
https://doi.org/10.1016/j.promfg.2020.05.011
Ebneyamini, S., & Sadeghi Moghadam, M. R. (2018). Toward Developing a Framework for
Conducting Case Study Research. International Journal of Qualitative Methods, 17(1), 1–
11. https://doi.org/10.1177/1609406918817954
129
Edirisinghe Vincent, N., & Pinsker, R. (2020). IT risk management: interrelationships based on
strategy implementation. International Journal of Accounting and Information
Management, 28(3), 553–575. https://doi.org/10.1108/IJAIM-08-2019-0093
Ellen Pearlman. (2004). Welcome to the Crossroads ; The choice of whether to be strategic to
your business or become a glorified plumber is easy . The path is. Insight, C I O Vol, New
York, 1(Oct), 1–7.
Ellinger, A. D., & McWhorter, R. (2016). Qualitative Case Study Research as Empirical Inquiry.
International Journal of Adult Vocational Education and Technology, 7(3), 1–13.
https://doi.org/10.4018/ijavet.2016070101
Emerson, R. W. (2015). Convenience sampling, random sampling, and snowball sampling: How
does sampling affect the validity of research? Journal of Visual Impairment and Blindness,
109(2), 164–168. https://doi.org/10.1177/0145482x1510900215
Etikan, I. (2016). Comparison of Convenience Sampling and Purposive Sampling. American
Journal of Theoretical and Applied Statistics, 5(1), 1.
https://doi.org/10.11648/j.ajtas.20160501.11
Falchi de Magalhães, F. L., Gaspar, M. A., Luciano, E. M., & Napolitano, D. M. R. (2020).
Information technology governance: legitimation, theorization and field trends. Revista de
Gestão, ahead-of-p(ahead-of-print). https://doi.org/10.1108/rege-01-2020-0001
Farquhar, J., Michels, N., & Robson, J. (2020a). Triangulation in industrial qualitative case study
research: Widening the scope. Industrial Marketing Management, 87(February), 160–170.
https://doi.org/10.1016/j.indmarman.2020.02.001
130
Farquhar, J., Michels, N., & Robson, J. (2020b). Triangulation in industrial qualitative case study
research: Widening the scope. Industrial Marketing Management, 87(October 2018), 160–
170. https://doi.org/10.1016/j.indmarman.2020.02.001
Farquhar, J., Michels, N., & Robson, J. (2020c). Triangulation in industrial qualitative case study
research: Widening the scope. Industrial Marketing Management, February, 1–11.
https://doi.org/10.1016/j.indmarman.2020.02.001
Fawcett, T. N., Holloway, A., & Rhynas, S. (2015). If I have seen further it is by standing on the
shoulders of giants: Finding a voice, a positive future for nursing. Journal of Advanced
Nursing, 71(6), 1195–1197. https://doi.org/10.1111/jan.12556
Ferguson, C., Green, P., Vaswani, R., & Wu, G. (2013). Determinants of Effective Information
Technology Governance. International Journal of Auditing, 17(1), 75–99.
https://doi.org/10.1111/j.1099-1123.2012.00458.x
Firestone, W. A. (1987). Meaning in Method: The Rhetoric of Quantitative and Qualitative
Research. Educational Researcher, 16(7), 16–21.
https://doi.org/10.3102/0013189X016007016
Fiss, P. C. (2015). The SAGE Handbook of Case-Based Methods 25 . Case Studies and the
Configurational Analysis of Organizational Phenomena. 424–440.
http://dx.doi.org/10.4135/9781446249413.n26 Print
Francis, J. J., Johnston, M., Robertson, C., Glidewell, L., Entwistle, V., Eccles, M. P., &
Grimshaw, J. M. (2010). What is an adequate sample size? Operationalising data saturation
for theory-based interview studies. Psychology and Health, 25(10), 1229–1245.
https://doi.org/10.1080/08870440903194015
131
Fusch, P., Fusch, G. E., & Ness, L. R. (2018). Denzin’s Paradigm Shift: Revisiting Triangulation
in Qualitative Research. Journal of Social Change, 10(1), 19–32.
https://doi.org/10.5590/josc.2018.10.1.02
Geddes, A., Parker, C., & Scott, S. (2018). When the snowball fails to roll and the use of
‘horizontal’ networking in qualitative social research. International Journal of Social
Research Methodology, 21(3), 347–358. https://doi.org/10.1080/13645579.2017.1406219
Gentles, S. J., Charles, C., Ploeg, J., & Ann McKibbon, K. (2015). Sampling in qualitative
research: Insights from an overview of the methods literature. Qualitative Report, 20(11),
1772–1789.
Gentles, S. J., Charles, C., Ploeg, J., & McKibbon, A. K. (2015). Insights from an overview of
the methods literature. The Qualitative Report, 20(11), 1772–1789.
https://nsuworks.nova.edu/tqr/vol20/iss11/5%0Ahttps://cpb-us-
e1.wpmucdn.com/sites.nova.edu/dist/a/4/files/2016/01/Gentles_Sampling-2016-01-
16.ppt.pdf
Gephart, R. P. (2003). Grounded Theory and the Integration of Qualitative and Quantitative
Research. Research in Multi-Level Issues, 2(03), 113–125. https://doi.org/10.1016/S1475-
9144(03)02007-1
Gerdewal, M. T., & Seçim, H. (2014). A Business Communication Design for Information
Technology (IT) Organizations based on Information Technology Infrastructure Library
(ITIL). Business Management Dynamics, 4(5), 12–35.
http://search.ebscohost.com/login.aspx?direct=true&db=bsu&AN=110258089&lang=es
132
Gërvalla, M., Preniqi, N., & Kopacek, P. (2018). IT infrastructure library (ITIL) framework
approach to IT governance. IFAC-PapersOnLine, 51(30), 181–185.
https://doi.org/10.1016/j.ifacol.2018.11.283
Gioia, D. A., Corley, K. G., & Hamilton, A. L. (2013). Seeking Qualitative Rigor in Inductive
Research: Notes on the Gioia Methodology. Organizational Research Methods, 16(1), 15–
31. https://doi.org/10.1177/1094428112452151
Gordon, L. T. (2010). Better data through IT governance. Hospitals & Health Networks, 1(2),
38–40. https://doi.org/10.4018/jitbag.2010040102
Guest, G., Bunce, A., & Johnson, L. (2006). How Many Interviews Are Enough?: An
Experiment with Data Saturation and Variability. Field Methods, 18(1), 59–82.
https://doi.org/10.1177/1525822X05279903
Haanappel, S., Drost, R., Harmsen, F., Brinkkemper, S., & Versendaal, J. M. (2011). A
framework for IT performance management. Department of Information and Computing
Sciences University of Utrecht, February, 1–83.
http://sh.st/st/787f28ed3e745c14417e4aec27303038/http://www.cs.uu.nl/research/techreps/r
epo/CS-2011/2011-006.pdf
Hamidovic, H. (2010). Fundamentals of IT Governance Based on ISO/IEC 38500. ISACA
Journal, 5, 1–4.
Hawkins, K. W., Alhajjaj, S., & Kelley, S. S. (2003). Using CobiT to secure information assets.
The Journal of Government Financial Management, 52(2), 22.
http://proquest.umi.com.library.capella.edu/pqdweb?did=353250971&Fmt=7&clientId=627
63&RQT=309&VName=PQD
133
Heale, R., & Twycross, A. (2015). Validity and reliability in quantitative studies. Evidence-
Based Nursing, 18(3), 66–67. https://doi.org/10.1136/eb-2015-102129
Héroux, S., & Fortin, A. (2018). The moderating role of IT-business alignment in the
relationship between IT governance, IT competence, and innovation. Information Systems
Management, 35(2), 98–123. https://doi.org/10.1080/10580530.2018.1440729
Improving Strategic Alignment: A Case Study, (2015).
https://doi.org/10.4018/IRMJ.2015100102
Higginbottom, G. M. A. (2004). Sampling issues in qualitative research. Nurse Researcher,
12(1), 7–19. https://doi.org/10.7748/nr2004.07.12.1.7.c5927
Hoerbst, A., Hackl, W. O., Blomer, R., & Ammenwerth, E. (2011). The status of IT service
management in health care - ITIL ® in selected European countries. BMC Medical
Informatics and Decision Making, 11(1), 76. https://doi.org/10.1186/1472-6947-11-76
Huygh, T., & De Haes, S. (2019). Investigating IT Governance through the Viable System
Model. Information Systems Management, 36(2), 168–192.
https://doi.org/10.1080/10580530.2019.1589672
Hyett, N., Kenny, A., & Dickson-Swift, V. (2014a). Methodology or method a critical review of
qualitative case study reports. International Journal of Qualitative Studies on Health and
Well-Being, 9(1), 1–12. https://doi.org/10.3402/qhw.v9.23606
Hyett, N., Kenny, A., & Dickson-Swift, V. (2014b). Methodology or method a critical review of
qualitative case study reports. International Journal of Qualitative Studies on Health and
Well-Being, 9(1), 1–13. https://doi.org/10.3402/qhw.v9.23606
134
Ilmudeen, A., & Bao, Y. (2018). Mediating role of managing information technology and its
impact on firm performance: Insight from China. Industrial Management and Data Systems,
118(4), 912–929. https://doi.org/10.1108/IMDS-06-2017-0252
Islam, M. S. (2015). Introducing modern technology to promote transparency in health services.
International Journal of Health Care Quality Assurance, 28(6), 611–620.
https://doi.org/10.1108/IJHCQA-01-2015-0016
Jairak, K., & Praneetpolgrang, P. (2013). Applying IT governance balanced scorecard and
importance-performance analysis for providing IT governance strategy in university.
Information Management & Computer Security, 21(4), 228–249.
https://doi.org/10.1108/IMCS-08-2012-0036
Jamali, D., Hallal, M., & Abdallah, H. (2010). Corporate governance and corporate social
responsibility: Evidence from the healthcare sector. Corporate Governance, 10(5), 590–
602. https://doi.org/10.1108/14720701011085562
Jeanne, R., & Peter, W. (2004). Recipe for Good Governance ; MIT research has found that good
IT governance leads to better return on assets for companies. But what makes for good
governance? Here are the ingredients. Cio, 17(17), 1–42.
http://wv9lq5ld3p.search.serialssolutions.com.library.capella.edu/?ctx_ver=Z39.88-
2004&ctx_enc=info:ofi/enc:UTF-
8&rfr_id=info:sid/ProQ%253Aabiglobal&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.gen
re=article&rft.jtitle=CIO&rft.atitle=Recipe+for+Good+Gover
Jennifer, R. (2000). Using Case Studies in Research. Management Research News, 16–27.
Jensen, J. L., & Rodgers, R. (2001). Cumulating the intellectual gold of case study research.
Public Administration Review, 61(2), 235–246. https://doi.org/10.1111/0033-3352.00025
135
Jiang, H. J., Lockee, C., & Fraser, I. (2012). Enhancing board oversight on quality of hospital
care: An agency theory perspective. Health Care Management Review, 37(2), 144–153.
https://doi.org/10.1097/HMR.0b013e3182224237
Joslin, R., & Müller, R. (2016). The relationship between project governance and project
success. International Journal of Project Management, 34(4), 613–626.
https://doi.org/10.1016/j.ijproman.2016.01.008
Juiz, B. Y. C., Toomey, M., & Govern, T. O. (2015). [Juiz, Toomen] To Govern IT, or Not to
Govern IT? Communications of the ACM.
Kaiser, K. (2009). Protecting respondent confidentiality in qualitative research. Qualitative
Health Research, 19(11), 1632–1641. https://doi.org/10.1177/1049732309350879
Kawulich, B. B. (2005). Participant Observation as a Data Collection Method 3 . The History of
Participant Observation as a Method. Forum Qualitative Sozialforschung Forum Qualitative
Social Research, 6(2), 1–21. https://doi.org/10.1177/14687941030032003
Knechel, N. (2019). What’s in a Sample? Why Selecting the Right Research Participants
Matters. Journal of Emergency Nursing, 45(3), 332–334.
https://doi.org/10.1016/j.jen.2019.01.020
Ko, D., & Fink, D. (2010). Information technology governance: An evaluation of the theory-
practice gap. Corporate Governance, 10(5), 662–674.
https://doi.org/10.1108/14720701011085616
Köbler, F., Fähling, J., Krcmar, H., & Leimeister, J. M. (2010). IT Governance and Types of IT
Decision Makers in German Hospitals. Business & Information Systems Engineering, 2(6),
359–370. https://doi.org/10.1007/s12599-010-0132-6
136
Kude, T., Lazic, M., Heinzl, A., & Neff, A. (2018). Achieving IT-based synergies through
regulation-oriented and consensus-oriented IT governance capabilities. Information Systems
Journal, 28(5), 765–795. https://doi.org/10.1111/isj.12159
Lacity, M. C., & Janson, M. A. (1994). Understanding qualitative data: A framework of text
analysis methods. Journal of Management Information Systems, 11(2), 137–155.
https://doi.org/10.1080/07421222.1994.11518043
Lainhart IV, J. W. (2000). Why IT Governance Is a Top Management Issue. Journal of
Corporate Accounting & Finance, 11(5), 33–40. https://doi.org/10.1002/1097-
0053(200007/08)11:5<33::aid-jcaf6>3.3.co;2-l
Langer, R. (2017). OPERATIONAL IT FAILURES, IT VALUE DESTRUCTION, AND
BOARD-LEVEL IT GOVERNANCE CHANGES. MIS Quarterly, 14(3), 729–762.
https://doi.org/10.3109/10731199409117662
Langtree, T., Birks, M., & Biedermann, N. (2019). Separating “fact” from fiction: Strategies to
improve rigour in historical research. Forum Qualitative Sozialforschung, 20(2).
https://doi.org/10.17169/fqs-20.2.3196
Lanka, S. (2015). Information Technology Governance ( ITG ) in Measuring the Importance of
IT Investment Performance. 3(January), 6–17.
Lapão, L. V. (2010). Developing an IT governance framework at hospital São Sebastião. 4th
European Conference on Information Management and Evaluation, ECIME 2010, 212–218.
Lawrence, P. C., & Gratton, S. (2016). Scorecard Sustainability: Discovering the Inflection
Point for Business Scorecard Termination or Major Alteration. 24(3), 11–15.
https://doi.org/10.1002/jcaf
137
Lester, J. N., Cho, Y., & Lochmiller, C. R. (2020). Learning to Do Qualitative Data Analysis: A
Starting Point. Human Resource Development Review, 19(1), 94–106.
https://doi.org/10.1177/1534484320903890
Liebe, J. D., Esdar, M., Jahn, F., & Hübner, U. (2018). Ready for HIT innovations? Developing a
tool to assess the professionalism of information management in hospitals. Studies in Health
Technology and Informatics, 247, 800–804. https://doi.org/10.3233/978-1-61499-852-5-800
Liebe, J. D., Esdar, M., Thye, J., & Hübner, U. (2017). Antecedents of CIOs’ innovation
capability in hospitals: Results of an empirical study. Studies in Health Technology and
Informatics, 243, 142–146. https://doi.org/10.3233/978-1-61499-808-2-142
Lombardi, R., Del Giudice, M., Caputo, A., Evangelista, F., & Russo, G. (2016). Governance
and Assessment Insights in Information Technology: The Val IT Model. Journal of the
Knowldege Economy, 7(1), 292–308.
https://doi.org/https://link.springer.com/journal/volumesAndIssues/13132
Louise, B. K., & Alison, W. (1994). Collecting data using a semi-structured interview: a
discussion paper. Journal of Advanced Nursing, 19(2), 328–335.
Marques, A., Oliveira, T., Dias, S., & Martins, M. (2011). Medical records system adoption in
European hospitals. Electronic Journal of Information Systems Evaluation, 14(1), 89–99.
Marquis, H. (2006). What it is and what it isn ’ t : Business Communications Review, 36(12), 49–
54.
Marton, A. (2013). Purposive selection and the quality of qualitative is research. International
Conference on Information Systems (ICIS 2013): Reshaping Society Through Information
Systems Design, 4, 3221–3239.
138
Mason, M. (2010). Sample size and saturation in PhD studies using qualitative interviews.
Forum Qualitative Sozialforschung, 11(3). https://doi.org/10.17169/fqs-11.3.1428
Matheson, J. L. (2007). The Voice Transcription Technique : Use of Voice Recognition Software
to Transcribe Digital Interview Data in Qualitative. The Qualitative Report, 12(4), 547–560.
Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare Data Security
Technology: HIPAA Compliance. Wireless Communications and Mobile Computing, 2019,
1–7. https://doi.org/10.1155/2019/1927495
McLellan, E., MaCqueen, K. M., & Neidig, J. L. (2003). Beyond the Qualitative Interview: Data
Preparation and Transcription. Field Methods, 15(1), 63–84.
https://doi.org/10.1177/1525822X02239573
Medlin, C. J. (2012). Peter Drucker’s ontology: Understanding business relationships and
networks. Journal of Business & Industrial Marketing, 27(7), 513–520.
https://doi.org/10.1108/08858621211257275
Meltzoff, J., & Cooper, H. (2018). The sample (2nd ed.). American Psychological Association,
American Psychological Association, Washington, DC. http://dx.doi.org/10.1037/0000052-
005 Retrieved from https://search.proquest.com/docview/2419689011?accountid=35812
Miller, T., & Boulton, M. (2007). Changing constructions of informed consent: Qualitative
research and complex social worlds. Social Science and Medicine, 65(11), 2199–2211.
https://doi.org/10.1016/j.socscimed.2007.08.009
Monat, J. P. (2006). IT finds its calling: Leading corporate productivity. IT Professional, 8(3),
18. https://doi.org/10.1109/MITP.2006.68
139
Morse, J. M. (2015). Critical Analysis of Strategies for Determining Rigor in Qualitative Inquiry.
Qualitative Health Research, 25(9), 1212–1222.
https://doi.org/10.1177/1049732315588501
Mueller, L., Magee, M., Marounek, P., & Phillipson, A. (2008). IBM IT Governance Approach:
Business Performance through IT Execution. International Technical Support Organisation,
1–132. ibm.com/redbooks
Nascimento, L. da S., & Steinbruch, F. K. (2019). “The interviews were transcribed”, but how?
Reflections on management research. RAUSP Management Journal, 54(4), 413–429.
https://doi.org/10.1108/RAUSP-05-2019-0092
Newton, N. (2010). Exploring Qualitative Methods: The use of semi-structured interviews.
Exploring Qualitative Methods, 1–11. https://doi.org/10.1037/e546562006-001
Nfuka, E. N., & Rusu, L. (2011). The effect of critical success factors on IT governance
performance. In Industrial Management and Data Systems (Vol. 111, Issue 9).
https://doi.org/10.1108/02635571111182773
Nicho, M., & Muamaar, S. (2016). Towards a Taxonomy of Challenges in an Integrated IT
Governance Framework Implementation. Journal of International Technology and
Information Management, 25(2), 2.
O’Kane, P., Smith, A., & Lerman, M. P. (2021). Building Transparency and Trustworthiness in
Inductive Research Through Computer-Aided Qualitative Data Analysis Software.
Organizational Research Methods, 24(1), 104–139.
https://doi.org/10.1177/1094428119865016
140
O’Keeffe, J., Buytaert, W., Mijic, A., Brozovic, N., & Sinha, R. (2016). The use of semi-
structured interviews for the characterisation of farmer irrigation practices. Hydrology and
Earth System Sciences, 20(5), 1911–1924. https://doi.org/10.5194/hess-20-1911-2016
Onwuegbuzie, A. J., Frels, R. K., & Hwang, E. (2016). Mapping Saldaňa’s Coding Methods onto
the Literature Review Process. Journal of Educational Issues, 2(1), 130.
https://doi.org/10.5296/jei.v2i1.8931
Palinkas, L. A., Horwitz, S. M., Green, C. A., Wisdom, J. P., Duan, N., & Hoagwood, K. (2015).
Purposeful Sampling for Qualitative Data Collection and Analysis in Mixed Method
Implementation Research. Administration and Policy in Mental Health and Mental Health
Services Research, 42(5), 533–544. https://doi.org/10.1007/s10488-013-0528-y
Pardis, S. T., Sofian, S., & Abdullah, D. F. (2016). An integrative proposed model of corporate
governance: The corporate governance mechanisms mediates the relationship between
board intellectual capital and corporate performance. International Journal of Economics
and Financial Issues, 6(3), 70–75.
Pathak, S., Krishnaswamy, V., & Sharma, M. (2019). Impact of IT practices and business value
of IT measurement. International Journal of Productivity and Performance Management,
69(4), 774–793. https://doi.org/10.1108/IJPPM-08-2018-0283
Patterson, M. (2020). A structured approach to strategic alignment between business and
information technology objectives. South African Journal of Business Management, 51(1).
https://doi.org/10.4102/sajbm.v51i1.365
Peterson, R. (2004a). Crafting information technology governance.(IS GOVERNANCE)(Author
Abstract). Information Systems Management, 21(4), 7.
141
Peterson, R. (2004b). Crafting information technology governance. Information Systems
Management, 21(4), 7–22. https://doi.org/10.1201/1078/44705.21.4.20040901/84183.2
Phillips, B. (2014). Information Technology Management Practice. Journal of Organizational
and End User Computing, 25(4), 50–74. https://doi.org/10.4018/joeuc.2013100103
Plümper, T., Troeger, V. E., & Neumayer, E. (2019). Case selection and causal inferences in
qualitative comparative research. PLoS ONE, 14(7), 1–19.
https://doi.org/10.1371/journal.pone.0219727
Polkinghorne, D. E. (2005). Language and meaning: Data collection in qualitative research.
Journal of Counseling Psychology, 52(2), 137–145. https://doi.org/10.1037/0022-
0167.52.2.137
Posthumus, S., & Von Solms, R. (2008). Agency Theory: Can it be used to strengthen IT
governance? IFIP International Federation for Information Processing, 278, 687–691.
https://doi.org/10.1007/978-0-387-09699-5_46
Reynolds, P., & Yetton, P. (2015). Aligning business and IT strategies in multi-business
organizations. Journal of Information Technology, 30(2), 101–118.
https://doi.org/10.1057/jit.2015.1
Rice. (2015). Healthcare Information Technology: a Correlational Study of Governance
Maturity and Patient Costs. https://0-search-proquest-
com.oasis.unisa.ac.za/docview/1749812458/fulltextPDF/CDF29F4599A3443APQ/25?acco
untid=14648
Roberts, K., Dowell, A., & Nie, J. B. (2019). Attempting rigour and replicability in thematic
analysis of qualitative research data; A case study of codebook development. BMC Medical
Research Methodology, 19(1), 1–9. https://doi.org/10.1186/s12874-019-0707-y
142
Rowley, J. (2012). Conducting research interviews. Management Research Review, 35(3–4),
260–271. https://doi.org/10.1108/01409171211210154
Rubino, M., Vitolla, F., & Garzoni, A. (2017). The impact of an IT governance framework on
the internal control environment. Records Management Journal, 27(1), 19–41.
https://doi.org/10.1108/RMJ-03-2016-0007
Salah, S., Rahim, A., & Carretero, J. A. (2010). Total company-wide management system: Case
studies. Journal of Industrial Technology, 26(2), 1–14.
Saldaña, J. (2016). The Coding Manual for Qualitative Researchers (No. 14). In Sage: Vol.
(Issue ‫)ﺛﻖ ﺛﻘﺜﻘﺜﻖ‬.
Santos, K. da S., Ribeiro, M. C., de Queiroga, D. E. U., da Silva, I. A. P., & Ferreira, S. M. S.
(2020). The use of multiple triangulations as a validation strategy in a qualitative study.
Ciencia e Saude Coletiva, 25(2), 655–664. https://doi.org/10.1590/1413-
81232020252.12302018
Selig, G. J. (2016). IT Governance-An Integrated Framework and Roadmap: How to Plan,
Deploy and Sustain for Improved Effectiveness. Journal of International Technology &
Information Management, 25(1), 55–76.
https://search.ebscohost.com/login.aspx?direct=true&AuthType=shib&db=bth&AN=12240
0158&site=ehost-live&scope=site&custid=uphoenix
Sergio, B; Keungoui, K; Hyeunyoung, Y; Junseok, H. (2018).
IT_Governance_Effectiveness_an.pdf. Journal of Strategic Innovation and Sustainability,
13(5), 43–57.
https://search.proquest.com/docview/2209456802/fulltextPDF/EF88ED3DEA6F4803PQ/1?
accountid=35812
143
Shapiro, S. P. (2005). Agency Theory. Annual Review of Sociology, 31(1), 263–284.
https://doi.org/10.1146/annurev.soc.31.041304.122159
Sharma, S. K., Sengupta, A., & Panja, S. C. (2019). Grounded Theory: A Method of Research
Inquiry. Methodological Issues in Management Research: Advances, Challenges, and the
Way Ahead, 1967, 181–201. https://doi.org/10.1108/978-1-78973-973-220191012
Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research projects.
Education for Information, 22(2), 63–75. https://doi.org/10.3233/EFI-2004-22201
Silic, M., & Back, A. (2014). Information security: Critical review and future directions for
research. Information Management and Computer Security, 22(3), 279–308.
https://doi.org/10.1108/IMCS-05-2013-0041
Sirisomboonsuk, P., Gu, V. C., Cao, R. Q., & Burns, J. R. (2018). Relationships between project
governance and information technology governance and their impact on project
performance. International Journal of Project Management, 36(2), 287–300.
https://doi.org/10.1016/j.ijproman.2017.10.003
Srivastava, P., & Hopwood, N. (2009). A Practical Iterative Framework for Qualitative Data
Analysis. International Journal of Qualitative Methods, 8(1), 76–84.
https://doi.org/10.1177/160940690900800107
Stake, R. E. (1978). The Case Study Method in Social Inquiry. Educational Researcher, 7(2), 5–
8. https://doi.org/10.3102/0013189X007002005
Stavros, C., & Westberg, K. (2009). Using triangulation and multiple case studies to advance
relationship marketing theory. Qualitative Market Research, 12(3), 307–320.
https://doi.org/10.1108/13522750910963827
144
Stenman, E. (2019). Strong Employer Brands and Employee Advocacy in Social Media:
exploring the Employee Perspective. 1–65.
Subsermsri, P., Jairak, K., & Praneetpolgrang, P. (2015). Information technology governance
practices based on sufficiency economy philosophy in the Thai university sector.
Information Technology & People, 28(1), 195–223. https://doi.org/10.1108/ITP-10-2013-
0188
Suri, H. (2011). Purposeful sampling in qualitative research synthesis. Qualitative Research
Journal, 11(2), 63–75. https://doi.org/10.3316/QRJ1102063
Tagesson, T., & Collin, S. O. Y. (2016). Corporate governance influencing compliance with the
Swedish Code of Corporate Governance. International Journal of Disclosure and
Governance, 13(3), 262–277. https://doi.org/10.1057/jdg.2015.15
Teo, W., Abd Manaf, A., & Choong, P. (2013). Practitioner Factors in Information Technology
Governance. The Journal of Administrative Sciences and Technology, 1–12.
https://doi.org/10.5171/2013.167294
Thomas, E., & Magilvy, J. K. (2011). Qualitative Rigor or Research Validity in Qualitative
Research. Journal for Specialists in Pediatric Nursing, 16(2), 151–155.
https://doi.org/10.1111/j.1744-6155.2011.00283.x
Thye, J., Hübner, U., Hüsers, J., & Babitsch, B. (2017). IT decision making in German Hospitals
- Do CEOs open the black box? Studies in Health Technology and Informatics, 243, 112–
116. https://doi.org/10.3233/978-1-61499-808-2-112
145
Thye, J., Hübner, U., Weiß, J. P., Teuteberg, F., Hüsers, J., Liebe, J. D., & Babitsch, B. (2018).
Hospital CEOs need health IT knowledge and trust in CIOs: Insights rom a qualitative
study. Studies in Health Technology and Informatics, 248, 40–46.
https://doi.org/10.3233/978-1-61499-858-7-40
Tuckett, A. G. (2004). Qualitative research sampling: the very real complexities. Nurse
Researcher, 12(1), 47–61. https://doi.org/10.7748/nr2004.07.12.1.47.c5930
Turel, O., & Bart, C. (2014). Board-level IT governance and organizational performance.
European Journal of Information Systems, 23(2), 223–239.
https://doi.org/10.1057/ejis.2012.61
Valchkov, L., & Valchkova, N. (2018). Methodology for Efficiency Improvement in
Warehouses: a Case Study From the Winter Sports Equipment Industry. Proceedings in
Manufacturing Systems, 13(3), 95–102.
Van Grembergen, W. (2007). Introduction to the Minitrack “IT Governance and its
Mechanisms” HICSS 2007. Proceedings of the Annual Hawaii International Conference on
System Sciences, 9, 233. https://doi.org/10.1109/HICSS.2007.292
VanWynsberghe, R., & Khan, S. (2007). Redefining Case Study. International Journal of
Qualitative Methods, 6(2), 80–94. https://doi.org/10.1177/160940690700600208
Vidmar, D., Marolt, M., & Pucihar, A. (2021). Information technology for business
sustainability: A literature review with automated content analysis. Sustainability
(Switzerland), 13(3), 1–24. https://doi.org/10.3390/su13031192
Vincent, N. E., Higgs, J. L., & Pinsker, R. E. (2017). IT governance and the maturity of IT risk
management practices. Journal of Information Systems, 31(1), 59–77.
https://doi.org/10.2308/isys-51365
146
Wa-Mbaleka, S. (2017). Fostering Quality in Qualitative Research: A List of Practical
Strategies. 20(1), 58–80.
Wautelet, Y. (2019). A model-driven IT governance process based on the strategic impact
evaluation of services. Journal of Systems and Software, 149, 462–475.
https://doi.org/10.1016/j.jss.2018.12.024
Wayne Gregory, R., Kaganer, E., Henfridsson, O., & Jean Ruch, T. (2018). IT
CONSUMERIZATION AND THE TRANSFORMATION OF IT GOVERNANCE Appendix A
IT Governance Literature Review Table A1. Review of IT Governance Literature Study
Definition of IT Governance Dimension of IT Governance. 42(4), 1–9.
https://www.misq.org/skin/frontend/default/misq/pdf/appendices/2018/V42I4Appendices/1
0_13703_RA_GregoryKaganerAppendices.pdf
Weill, P. (2004). Don’t just lead, govern: How top-performing firms govern IT. MIS Quarterly
Executive, 8(1), 1–21. https://doi.org/10.2139/ssrn.664612
Weill, P., & Ross, J. (2005). A matrixed approach to designing IT governance. MIT Sloan
Management Review, 46(2), 26–34.
Weill, P., & Woodham, R. (2005). Don’t Just Lead, Govern: Implementing Effective IT
Governance. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.317319
Wilkin, C. L., Couchman, P. K., Sohal, A., & Zutshi, A. (2016). Exploring differences between
smaller and large organizations’ corporate governance of information technology.
International Journal of Accounting Information Systems, 22, 6–25.
https://doi.org/10.1016/j.accinf.2016.07.002
Williams, G., & Pigeot, I. (2017). Consent and confidentiality in the light of recent demands for
data sharing. Biometrical Journal, 59(2), 240–250. https://doi.org/10.1002/bimj.201500044
147
Winkler, T. J., & Wulf, J. (2019). Effectiveness of IT Service Management Capability: Value
Co-Creation and Value Facilitation Mechanisms. Journal of Management Information
Systems, 36(2), 639–675. https://doi.org/10.1080/07421222.2019.1599513
Woogara, J. (2005). Patients’ Privacy of the Person and Human Rights. Nursing Ethics, 12(3),
273–287. https://doi.org/DOI:10.1191/0969733005ne789oa
Worthen, B., & Framingham, C. I. O. (2007). Document View ITIL Power ; Why the IT
Infrastructure Library is becoming the most popular process framework for running IT in
America , and what it can do for you . Document View Page 2 of 4. Computer, 18, 3–6.
Yang, Z., Kankanhalli, A., Ng, B. Y., & Lim, J. T. Y. (2013). Analyzing the enabling factors for
the organizational decision to adopt healthcare information systems. Decision Support
Systems, 55(3), 764–776. https://doi.org/10.1016/j.dss.2013.03.002
Yazan, B., & De Vasconcelos, I. C. O. (2016). Three approaches to case study methods in
education: Yin, Merriam, and Stake. Meta: Avaliacao, 8(22), 149–182.
https://doi.org/10.22347/2175-2753v8i22.1038
Yin, R. K. (1981). The Case Study as a Serious Research Strategy. Science Communication,
3(1), 97–114. https://doi.org/10.1177/107554708100300106
Yin, R. K. (2016). Robert K. Yin. (2014). Case Study Research Design and Methods (5th ed.).
Thousand Oaks, CA: Sage. 282 pages. The Canadian Journal of Program Evaluation,
March 2016. https://doi.org/10.3138/cjpe.30.1.108
Yin, R. K. (2018). Designing Case Studies. In Case Study Research and Applications: Design
and Methods.
Young, D. S., & Casey, E. A. (2019). An Examination of the Sufficiency of Small Qualitative
Samples. Social Work Research, 43(1), 53–58. https://doi.org/10.1093/swr/svy026
148
Yu, K. (2008). Confidentiality revisited. Journal of Academic Ethics, 6(2), 161–172.
https://doi.org/10.1007/s10805-008-9061-0
Yusof, N. Z. M. (2016). Context matters: A critique of agency theory in corporate governance
research in emerging countries. International Journal of Economics and Financial Issues,
6(7Special Issue), 154–158.
Zhang, N. J., Seblega, B., Wan, T., Unruh, L., Agiro, A., & Miao, L. (2013). Health information
technology adoption in U.S. acute care hospitals. Journal of Medical Systems, 37(2).
https://doi.org/10.1007/s10916-012-9907-2
Zhen, J., Xie, Z., & Dong, K. (2021). Impact of IT governance mechanisms on organizational
agility and the role of top management support and IT ambidexterity. International Journal
of Accounting Information Systems, 40, 100501.
https://doi.org/10.1016/j.accinf.2021.100501
149
Appendix A:
Informed Consent Form
Informed Consent: Participants 18 years of age and older
Greetings,
My name is Jackson Ivan Isiko and I am a student at the University of Phoenix working on a
Doctor of Management in Organizational Leadership with a specialization in Information
Systems and Technology. I am conducting a research study entitled The effect Of IT
Governance (ITG) On Hospital Network Operations.
This study will use an exploratory qualitative single case study to understand stakeholders'
perceptions on the use of ITG and the relationship of ITG to critical health care infrastructures
such as hospital network operations. The study will also seek to explore how the IT governance
body and IT governance practices implemented at a hospital in the Western United States of
America affect the efficiency of IT Network Operations at a hospital in the Western United
States of America. This study will: (1) Contribute to the knowledge of professionals such as IT
managers, Network engineers, Hospital administrators, and other hospital stakeholders about the
significant contributions that IT governance could have on hospital network operations; and (2)
The research findings will contribute to the understanding of IT professionals and hospital
administrators about how to effectively implement IT governance as a way to improve the
alignment of network operations the strategic, goals, and missions of the hospital. The findings
will be published in top information systems academic journals, such as : (1) Journal of the
Association for Information; (2) Journal of Information Technology; (3) Journal of Management
Information Systems; (4)Information Systems Research; (5) MIS Quarterly; (6)Information
150
Systems Journal; (7) Journal of Strategic Information Systems; (8) Journal of Management
Information Systems; and (9) European Journal of Information Systems.
Your participation will involve participation in interviews, observation and document review of
the exiting IT governance process by participating in:
1.One or two sessions of 45 minutes interview, research participants may also be involved in
a 1 hour’s session of document review and observation during the change advisory body
(CAB) meetings.
2. Interviews will be audio recorded and used to transcribe the interview session for each
participant.
3. If the researcher deems that the participants are not contributing to the research process,
the researcher may terminate the research participant from participation in the research
process without the research participant’s consent.
4. The participant will be part of the 10 to 20 research participants that will be part of the
study.
You can decide to be a part of this study or not. Once you start, you can withdraw from the
study at any time without any repercussions. The results of the research study may be published
but your identity will remain confidential or anonymous, and your name will not be made known
to any outside parties.
In this research, there are no foreseeable risks to you.
Although there may be no direct benefit to you, a possible benefit from your being part of this
study how the research findings will contribute to the understanding of IT professionals about
how to effectively implement IT governance as a way to improve their alignment to the strategic,
151
goals and mission of the of the hospital and the significant effects that IT governance could have
on hospital network operations.
If you have any questions about the research study, please call me at 801-791-3883 or email me
at isijackson@email.phoenix.edu. For questions about your rights as a study participant, or any
concerns or complaints, please contact the University of Phoenix Institutional Review Board at
IRB@phoenix.edu.
As a participant in this study, you should understand the following:
1. You may decide not to be part of this study or you may want to withdraw from the study
at any time. If you want to withdraw, please call me at 801-791-3883 or email me
isijackson@email.phoenix.edu
2. Your identity will be kept confidential or anonymous
3. Jackson Ivan Isiko the researcher, has fully explained the nature of the research study
and has answered all of your questions and concerns.
4. Before interviews are conducted, you must give permission for the researcher, Jackson
Ivan Isiko, to record them. The information from these recorded interviews will be
transcribed by Jackson Ivan Isiko, and the data will be coded to assure that your identity
is protected.
5. Data will be kept secure by following the University of Phoenix and institutional review
board research guidelines on confidentiality. The recorded research participant
interviews will be stored on a locally encrypted, and password-protect hard drive on the
researcher’s computer. Redundant password-protected copies of interview transcripts
will be kept on the researcher's iCloud drive for at least three years after the interviews
are collected. The protected files will only be accessible to the researcher. Personally,
152
identifiable research participant data will be removed from the transcripts and replaced
with pseudonyms after interviews have been transcribed and validated by the research
participant. Personally, identifiable information and raw data from interviews will be
kept in different password protected files. The data will be kept for three (3) years. The
research transcript data will be destroyed by deleting the files from the researcher’s local
hard drive and redundant copies from the researcher's iCloud account. Audio recordings
from the interviews will be kept until the interviews have been recorded and validated by
the research participants within three to six months. That audio recording will be
destroyed by file deletion of the audio recording and destroying any media may that
contains the participant's audio record. The researcher’s interview field notes will be
destroyed by shredding after 3 years from the date of the research field notes collection.
Although not foreseen in this research, as a limit to your confidentiality, the researcher
may be compelled to release study data in response to legal action.
6. The results of this study may be published.
By signing this form, you agree that you understand the nature of the study, the possible risks
and benefits to you as a participant, and how your identity will be kept confidential or
anonymous. When you sign this form, this means that you are 18 years old or older and that you
give your permission to volunteer as a participant in the study that is described here.
( ) I accept the above terms. ( ) I do not accept the above terms. (CHECK
ONE)
153
Signature of the research participant ____________________________________ Date
_____________
Signature of the researcher _____________________________________ Date _____________
154
Appendix B:
One-on-One IT governance Interview Protocol
Problem
The main problem is that poor information technology governance (ITG) has often led to
failed IT projects and implementation of effective IT operations in organizations that heavily rely
on IT for businesses operations(Ako-Nai & Singh, 2019). ITG governance is often found
lacking in critical healthcare IT infrastructures such as IT networks, poor IT governance could
impact the quality of IT services delivered by an IT department(Jairak & Praneetpolgrang, 2013)
Purpose
This study will use an exploratory qualitative single case study to understand stakeholders'
perceptions on the use of ITG and the relationship of ITG to critical health care infrastructures
such as hospital network operations. The study will also seek to explore how the IT governance
body and IT governance practices implemented at a hospital in the Western United States of
America affect the efficiency of IT Network Operations at a hospital in the Western United
States of America. This study will: 1) Contribute to the knowledge of professionals such as IT
managers, Network engineers, Hospital administrators, and other hospital stakeholders about the
significant contributions that IT governance could have on hospital network operations. 2) The
research findings will contribute to the understanding of IT professionals and hospital
administrators about how to effectively implement IT governance as a way to improve the
alignment of network operations the strategic, goals, and missions of the hospital.
Study: The effect of IT governance (ITG) on hospital network operations.
Pseudonym: _________________ Date: ______________________________
155
Time: ______________________ Location: ___________________________
Opening: Thank you for participating in the research study entitled, The effect IT governance
(ITG) has on hospital network operations, and for participating in this one-on-one interview. I
am dual audio recording this interview to have a back-up copy in case one of the recordings
should fail. Before we begin, for the purpose of confidential identification, please state the
pseudonym assigned to you.
1. Do you agree to the audio recording of this interview?
2. Do you willingly, of your own free choice, choose to participate in this interview?
3. Did you review the Preliminary Eligibility document?
4. Do you meet the eligibility criteria as outlined in the Preliminary Eligibility document?
5. Have you read the Informed Consent?
6. Do you understand the Informed Consent?
7. Have you signed the Informed Consent?
8. Are you aware that you are free to withdraw from participation at any time before, during,
or after this interview without penalty or repercussion?
Thank you.
Before we begin, do you have any questions?
156
I will be asking you a series of open-ended discussion questions that relate to the central research
question and sub-questions. Feel free to ask questions as they arise and to elaborate on your
responses. The more detail you can provide, the better. No right or wrong answers exist. This
interview will take no more than 90 minutes of your time.
The study will be guided by the following question and sub-questions.
Main research question.
What is the relationship between IT governance and hospital network operations?
The research will then be guided by the following sub-questions.
Sub research questions:
1. How is IT governance of network operations used to deliver value to the hospital?
2. How is IT governance of network operations used for strategic alignment to the hospital’s
goal and mission?
3. How is IT governance of network operations used for performance management?
4. How is IT governance of network operations at the hospital used for resource
management?
5. How is IT governance of network operations at the hospital used for risk management?
Close: Thank you for participating today. We will meet one more time after I transcribe
the interview to allow you to review, revise, and approve the transcription.
157
Appendix C: The Effect of IT Governance (ITG) on Hospital Network Operations
Observational protocol
The researcher will be observing at 3 IT governance meetings, the researcher will observe IT
governance meeting participants for general information about what happens in IT governance
meetings without directly quoting or identifying any individuals or reporting any proprietary
company information.
Location of observation:
Date
Observed by:
Duration of observation: ___Start time_________ Finish time____ Session#_____
Topic / Category Descriptive notes Reflection
observed
How IT Governance of
network operations is
used to deliver value to
the Hospital.
used for strategic
alignment to the
Hospital's goal and
mission.
used for performance
management.
network operations at
the Hospital used for IT
resource management.
network operations at
the Hospital is used for
risk management.
158
How IT performance
measures are aligned
with the performance
measures used by the
organization
159
3UR4XHVW1XPEHU 28418661
$OOULJKWVUHVHUYHG
,1)250$7,2172$//86(56
7KHTXDOLW\RIWKLVUHSURGXFWLRQLVGHSHQGHQWRQWKHTXDOLW\RIWKHFRS\VXEPLWWHG
,QWKHXQOLNHO\HYHQWWKDWWKHDXWKRUGLGQRWVHQGDFRPSOHWHPDQXVFULSW
DQGWKHUHDUHPLVVLQJSDJHVWKHVHZLOOEHQRWHG$OVRLIPDWHULDOKDGWREHUHPRYHG
DQRWHZLOOLQGLFDWHWKHGHOHWLRQ
3UR4XHVW 28418661
3XEOLVKHGE\3UR4XHVW//& 2021 &RS\ULJKWRIWKH'LVVHUWDWLRQLVKHOGE\WKH$XWKRU
$OO5LJKWV5HVHUYHG
7KLVZRUNLVSURWHFWHGDJDLQVWXQDXWKRUL]HGFRS\LQJXQGHU7LWOH8QLWHG6WDWHV&RGH
0LFURIRUP(GLWLRQ3UR4XHVW//&
3UR4XHVW//&
(DVW(LVHQKRZHU3DUNZD\
32%R[
$QQ$UERU0,

By Jackson Ivan Isiko: The Effect of It Governance On Hospital Network Operations: An Exploratory Case Study

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

By Jackson Ivan Isiko: The Effect of It Governance On Hospital Network Operations: An Exploratory Case Study

Uploaded by

Copyright:

Available Formats

THE EFFECT OF IT GOVERNANCE ON HOSPITAL NETWORK OPERATIONS: AN

EXPLORATORY CASE STUDY

Jackson Ivan Isiko

A Dissertation Presented in Partial Fulfillment

networks and network operations. This study explored stakeholders' perceptions by

performance of IT Network operations; (d) IT governance uses configuration management tools

emerging information security risks effectively and proactively.

overcome all odds to gain a doctoral degree.

Chapter 1: Introduction .................................................................................................................... 1

Background of the Problem ................................................................................................ 1

Problem Statement .............................................................................................................. 5

Purpose of the Study ........................................................................................................... 6

Population and Sample ....................................................................................................... 8

Significance of the Study .................................................................................................... 9

Nature of the Study ........................................................................................................... 10

Research Questions ........................................................................................................... 15

Theoretical Framework ..................................................................................................... 15

Assumptions, Limitations and Delimitations .................................................................... 17

Chapter Summary ............................................................................................................. 18

Chapter 2: Literature Review ......................................................................................................... 20

Title Searches and Documentation ................................................................................... 21

Historical Content ............................................................................................................. 23

Current Content ................................................................................................................. 27

Methodology Literature .................................................................................................... 34

Research Design Literature ............................................................................................... 43

Chapter Summary ............................................................................................................. 45

Chapter 3: Research Methodology ................................................................................................. 47

Research Method and Design Appropriateness ................................................................ 48

Research Questions ........................................................................................................... 50

Population and Sample ..................................................................................................... 50

Informed Consent and Confidentiality.............................................................................. 53

Credibility and Transferability .......................................................................................... 59

Data Collection ................................................................................................................. 64

Data Analysis .................................................................................................................... 67

Chapter Summary ............................................................................................................. 73

Chapter 4: Analysis and Results .................................................................................................... 74

Research Questions ........................................................................................................... 74

Data Collection ................................................................................................................. 75

Data Analysis .................................................................................................................... 82

Chapter Summary ........................................................................................................... 106

Chapter 5: Conclusions and Recommendations ........................................................................... 107

Research Questions ......................................................................................................... 108

Discussion of Findings .................................................................................................... 109

Limitations ...................................................................................................................... 115

Recommendations to Leaders and Practitioners ............................................................. 115

Recommendations for Future Research .......................................................................... 119

Chapter Summary ........................................................................................................... 119

References .................................................................................................................................... 122

Appendix A: Informed Consent Form.......................................................................................... 150

Appendix B: One-on-One IT governance Interview Protocol ..................................................... 155

Appendix C: The Effect of IT Governance (ITG) on Hospital Network Operations Observational

Protocol ........................................................................................................................................ 158

Table 4.1: Interview Participant Demographics ............................................................................. 81

Table 4.3: Emergent Themes From The Study .............................................................................. 87

Figure 4.3: Showing the emergent themes in MAXQDA ............................................................. 92

IT networks and IT network operations. Understanding the effects of IT governance in hospitals

interviews, document review, and observation to understand the effect of IT governance on

Background of the Problem

Due to the ubiquity of IT in all sectors, there is an increased dependence on Information

an organization by covering risk management, information security, service quality, IT asset

Research shows a positive correlation of organizational performance when organizations have

alignment of IT investments to organizational goals (Wilkin et al., 2016). Although sound

corporate governance is necessary for the successful implementation of IT governance in the