Discussion 5
Research Article
Business value through controlled IT: toward an integrated model of IT governance success and its impact Arne Buchwald1,2, Nils Urbach1, Frederik Ahlemann2
1University of Bayreuth, Bayreuth, Germany; 2University of Duisburg-Essen, Essen, Germany
Correspondence: Arne Buchwald, University of Bayreuth, Universitätsstraße 30, 95447 Bayreuth, Germany. Tel: +49-921-55-4710; Fax: +49-921-55-844710; E-mail: [email protected]
Abstract Owing to increasing regulatory pressure and the need for aligned information technology (IT) decisions at the interface of business and IT, IT governance (ITG) has become important in both academia and practice. However, knowledge of integrating the determinants and consequences of ITG success remains scarce. Although some studies investigate individual aspects of ITG success and its impact, none combine these factors into a comprehensive and integrated model that would lead to a more complete understanding of the ITG concept. To address this gap, our research aims at understanding what factors influence and result from successful ITG, and at determining how they can be translated into a model to explain ITG success and the impact thereof. Therefore, we conducted interviews with 28 IT decision makers in 19 multinational organizations headquartered in Europe. Our study synthesizes the fragmented previous research, provides new empirical insights gathered on the basis of a clear ITG conceptualization, and suggests three innovative constructs heretofore not related to ITG. Moreover, we elucidate in a holistic model the factors that make ITG successful, how ITG contributes to an IT organization’s success, and how it eventually unfolds throughout the overall organization. The resulting model allows organizational decision makers to develop an effective ITG implementation and to explain the implications of successful ITG, thus providing a justification for the respective investments. Journal of Information Technology (2014) 29, 128–147. doi:10.1057/jit.2014.3; published online 29 April 2014 Keywords: IT governance; IS management; IS success/failure; IS alignment
Introduction
T oday, most organizations increasingly rely on informa- tion technology (IT) and continue to make significant IT- enabled business investments (Cubeles-Márquez, 2008).
While many companies’ IT structures have become very complex, IT has been designated as a strategic tool in increasing a firm’s value and helping it attain its business goals (IT Governance Institute (ITGI), 2003; Lazic et al., 2011b). Accordingly, over the past few years, corporate IT departments’ emphasis has shifted from technical to manage- rial issues. Thus, today’s IT departments can be considered a ‘business within a business’ (Segars and Hendrickson, 2000: 432). Triggered by this increasing business orientation and the resulting management complexity of corporate IT depart- ments, IT governance (ITG) has become an important matter in both academic research and organizational practice (Brown
and Grant, 2005). As the utilization of IT involves a combina- tion of organizational, technical, and cultural influences (Sethibe et al., 2007), effective ITG is required to orchestrate them. According to Weill and Ross (2004), ITG refers to an actively designed set of mechanisms that encourages behaviors consistent with the organization’s mission, strategy, and culture. These ITG mechanisms are directed toward a variety of IT-related matters, such as the manner in which critical IT decision processes are carried out, the policies put in place to guide these decision processes, and the assignment of accountabilities and participation rights regarding these pro- cesses (Sambamurthy and Zmud, 1999; Weill and Ross, 2004).
Despite its popularity, the ITG notion remains vague. Extant literature provides diverse definitions of ITG, acknowl- edging its structures, control frameworks, and/or processes.
Journal of Information Technology (2014) 29, 128–147 © 2014 JIT Palgrave Macmillan All rights reserved 0268-3962/14
palgrave-journals.com/jit/
Thereby, the ‘definitions applied within the literature and the nature and breadth of discussion demonstrate a lack of a clear shared understanding of the term,’ which might ‘confuse and possibly impede useful research in the field and limit valid cross-study comparisons of results’ (Webb et al., 2006: 6). As Brown and Grant (2005: 697) point out, ‘attempting to secure a definitive definition of ITG from existing literature quickly becomes a futile exercise in semantics’ due to the many disparate descriptions available. Correspondingly, prac- titioners’ perceptions of ITG objectives, properties, and responsibilities appear as unclear and heterogeneous as they do in the literature. The term ITG has been widely used by many parties, such as IT managers, consultants, auditors, and software providers, for various aspects of corporate IT man- agement. Consequently, the contents and activities that the different parties associate with ITG vary (Fröhlich et al., 2007).
Complementary to the fuzzy understanding of the term ITG in the literature and in practice, comprehensive knowl- edge of the factors influencing ITG success and its subsequent impact is scarce. On the one hand, previous academic research has provided some studies on single ITG success determinants (e.g., Guldentops, 2004; Ali and Green, 2007; Huang et al., 2010) and consequences (e.g., Weill and Ross, 2004; De Haes and Van Grembergen, 2009a; Heart et al., 2010). However, these studies’ contexts are quite diverse and their underlying understanding of ITG is heterogeneous, and thus their results are hardly compar- able and sometimes describe different empirical phenomena. Furthermore, none of the existing studies combine ITG success determinants and consequences into a comprehensive and integrated model of ITG success and its impact. Such integrated perspective on ITG, however, is important – especially from the practitioners’ point of view – because it provides an easy- to-understand, end-to-end view on how ITG can be leveraged to create business value. On the other hand, while existing practitioner guides (e.g., ITGI, 2007) provide helpful advice, they are often limited to specific implementations, display limited rigor, and do not provide a sufficient explanation of the cause–effect relationships. While ITG success specifically refers to the IT organization and its effective and efficient relationship with the business divisions, it eventually has an impact, in terms of utility, on the whole organization.
Accordingly, this paper has three research objectives: (1) con- ciliating the different notions of and fragmented research on ITG, (2) empirically investigating relevant factors that influ- ence and result from successful ITG, and (3) integrating these factors into a model that explains ITG success and its impact. Given the rather limited theoretical body of knowledge and the heterogeneous empirical basis that underpins ITG success research, we address the above-mentioned research gap following a qualitative–explorative approach. We conducted 25 interviews comprising 28 IT decision makers in 19 Central European companies across different industries, analyzed and interpreted the collected data by applying an extensive content analysis, and theoretically integrated our findings with prior research results.
With our research, we aim to contribute in two ways: we aim to synthesize the fragmented previous research with new empirical insights gathered on the basis of clear ITG conceptua- lization, as well as to elucidate in a holistic model what factors make ITG successful and how it contributes to an IT organiza- tion’s success. Thereby, we intend to close an evident research gap by combining fragmented research. In terms of practice, our
research allows organizational decision makers to achieve effective ITG implementation and to explain the implications of ITG, thus justifying the respective investments. By combining research on ITG success determinants and their impact on an organization, we provide a comprehensive end-to-end perspec- tive on how organizations can leverage their IT to become more effective. Finally, we discuss how our specific findings add to the organization’s ability to exploit IT for real innovation.
This paper is structured as follows. The next section briefly reviews the most important ITG conceptualizations and studies that inform our research. In the subsequent section, we outline our methodological approach to answering the research questions. Then, in the following section, we present our empirical findings resulting from the interview study. Subsequently, in the penultimate section, we synthesize our findings into a model that explains how successful ITG works and how it impacts the organization. In the final section, we summarize and discuss our results, as well as outline our study’s limitations and research contribution.
Foundations In this section, we will discuss prior research that is relevant to our investigation. As the phenomenon of ITG is complex and subject to diverse research streams, we present its historical background as well as the most established definitions and main focus areas in the following subsection. Subsequently, we provide an overview of ITG’s success determinants and consequences that we identified in previous studies. These form the basis for our successive empirical investigation and theoretical integration.
IT governance Although similar phenomena had been studied for some time, such as the management guidelines by Garrity (1963) or organizational characteristics’ impact on the structure of the information services function by Olson and Chervany (1980), the term ITG was first used in academic literature in the early 1990s in the contexts of IT outsourcing (Loh and Venkatraman, 1992) and strategic alignment (Henderson and Venkatraman, 1993). A few years later, a research stream emerged with the first specific studies on this topic, including Brown’s (1997) examination of the emergence of hybrid ITG solutions and Sambamurthy and Zmud’s (1999) theory of multiple contingencies for ITG arrangements. Since then, research has produced various definitions of ITG, leading to a lack of clarity with regard to the term’s meaning (Peterson, 2004; Brown and Grant, 2005; Webb et al., 2006). In a rela- tively focused manner, Weill and Ross (2004: 2) define ITG as ‘specifying the decision rights and accountability framework to encourage desirable behavior in using IT.’ Highlighting the importance of organizational structures and processes, the ITGI understands ITG as a responsibility of the board of directors and executive management. According to its broader, more dynamic definition, ITG ‘is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objec- tives’ (ITGI, 2003: 10). A similar definition that focuses on business–IT alignment was formulated by Van Grembergen (2002: 1), who considers ITG ‘the organizational capacity exercised by the board, executive management and IT man- agement to control the formulation and implementation of IT
IT governance success and its impact Buchwald et al. 129
strategy and in this way ensure the fusion of business and IT.’ In order to make a clear distinction between IT management and ITG, and to correspond to established definitions of corporate governance, we take ITGI’s understanding as our up-front working definition.
Although the literature emphasizes different ITG focus areas, most of the publications share certain central aspects. ITG is commonly referred to as a subset of corporate gov- ernance (Webb et al., 2006; Heart et al., 2010). As various authors have indicated, ITG comprises five basic content domains (ITGI, 2003; Meyer et al., 2003; Webb et al., 2006): (1) ensuring the linkage between business and IT plans (strategic alignment); (2) optimizing IT expenses and proving the value of IT (value delivery); (3) securing the optimal investment in and the proper management of critical IT resources (resource management); (4) addressing the safe- guarding of IT assets, disaster recovery, and the continuity of operations (risk management); and (5) tracking project delivery and monitoring IT services (performance measure- ment). Furthermore, there is broad consensus that ITG deployment comprises structures (e.g., CIO organization and IT committees), processes (e.g., strategic IT decision mak- ing and monitoring procedures), and relational mechanisms (e.g., business-IT participation and partnerships, strategic dialog, and shared learning) (Van Grembergen et al., 2004; De Haes and Van Grembergen, 2009a). To get an overview of previous academic research and gather deeper insight on the phenomena of ITG, the reader may refer to the in-depth literature reviews by Brown and Grant (2005), Simonsson and Johnson (2005), Webb et al. (2006), and Buckby et al. (2008).
To conclude, we see a number of publications on ITG that were published over the last few years. However, although most studies share certain central aspects, the concept of ITG is still not clearly defined and thus without an established and fully accepted understanding. While one may be tempted to argue that establishing a clear understanding is simply a question of definition, the problem lies deeper: being based on diverse conceptualizations, existing studies on antecedents and outcomes of ITG are hardly comparable, thus leaving ‘research in the domain of IT governance implementations […] in its early stages’ (De Haes and Van Grembergen, 2009a: 125). In turn, a differing definitional base of ITG is not
necessarily negative because it certainly enriches research on ITG with various aspects. However, the more different the underlying definitional base of ITG, the more difficult it is to compare and contrast research on ITG in order to advance the cumulative knowledge. Considering Suddaby’s (2010) call for more construct clarity, we see the problem that a differing definitional base challenges and inhibits valid analytical con- clusions across studies on ITG and may thus lead to wrong inferences. In order to help narrow down the challenge of diverse conceptualizations, we draw on a morphological box (Zwicky, 1967) in which we portray the constituent elements and their characteristics of our analysis of previous literature on ITG outlined above (Table 1).
ITG success determinants Several studies have been published that identify single ITG success determinants from empirical observations. On the basis of a case study investigation of large complex organizations in Europe and North America, Ribbers et al. (2002) conclude that effective ITG is influenced by both methodological comprehen- siveness and social interventions among stakeholders. On the basis of conceptual considerations, Guldentops (2004) presents five key success determinants of IT control and governance that are focused on establishing appropriate IT structures and processes, as well as aligning business and IT in strategy and operations. Weill (2004), who undertook a survey of CIOs and case studies of multinational firms, suggests that managers consider eight critical success factors when assessing or imple- menting ITG. Interestingly, he adds education to the list of antecedents, stressing that the organizational adoption of ITG depends on the internalization of the respective practices.
Having analyzed survey data obtained from members of the Information Systems and Audit Control Association (ISACA) in Australia, Ali and Green (2005) find significant positive relationships between ITG effectiveness and four ITG mech- anisms that include strategy committees, an appropriate information system, as well as a supporting organizational culture of compliance. Using sample data from auditors working in Australian public sector organizations, these authors (2007) again confirm that the IT strategy committee and corporate communication systems are success factors. Via
Table 1 Morphological box on the ITG concept
IT governance success and its impact Buchwald et al. 130
an in-depth study of an Australian organization, Bowen et al. (2007) explore the factors influencing ITG structures, pro- cesses, and outcome metrics. Their results indicate that stakeholders need a shared understanding of the business and IT objectives and that a balance of business and IT represen- tatives in IT decisions along with intense communication is required. The work of De Haes and Van Grembergen (2008) provides insights into the effectiveness and ease of ITG practices’ implementation, and provides a minimum baseline of practices that organizations should have; these include IT leadership and strategic information systems planning.
Adopting an inductive research strategy to examine quali- tative data, Huang et al. (2010) provide evidence of IT steering committees’ and IT-related communication policies’ influence on ITG effectiveness. On the basis of a literature review and case study research, Nfuka and Rusu (2010) identify a set of 11 critical success factors for effective ITG in Tanzanian pub- lic sector organizations. These include the governance of IT structures, stakeholders’ involvement, defining and track- ing benefits, as well as well-communicated IT strategies and policies. In a follow-up publication, Nfuka and Rusu (2011) empirically investigate and confirm the positive effect of the previously identified factors on ITG performance using survey data from 135 organizations.
In contrast to the aforementioned studies identifying criti- cal success determinants, Lee et al. (2008a, 2008b) empirically examine how inhibiting features associated with ITG affect its success. On the basis of a literature review and a survey of leading Korean enterprises, a lack of clear IT principles and policies, as well as the inadequate support of financial resources, were identified as some of the inhibiting factors.
From our literature review (see Table 2), we conclude that previous research has investigated ITG success determi- nants using different conceptualizations and methodological approaches in various contexts, resulting in a number of factors on diverse abstraction levels. This inconsistency, together with the fuzziness of the ITG concept, makes a synthesis and aggregation solely on the basis of previous literature quite challenging. Therefore, we believe that build- ing upon previous findings and incorporating additional empirical insights is a worthwhile endeavor.
Consequences of ITG success The consequences of ITG success have received relatively less attention than its determinants. In their influential book, Weill and Ross (2004) define ITG performance as ITG’s effectiveness in delivering four outcomes weighted by their importance to the organization: the cost-effective use of IT as well as the effective use of IT for asset utilization, growth, and business flexibility. Owing to its straightforwardness and ease of use, researchers have widely adopted this measure (Simonsson et al., 2010; Nfuka and Rusu, 2011). Bowen et al. (2007) extended it by including a fifth objective, namely, compliance with the legal and regulatory requirements, in their assess- ment. Huang et al. (2010) operationalize ITG effectiveness in terms of the organizational success of IT use. Therefore, they consider the efficiency of IT use, which refers to the extent to which cost and productivity advantages accrue in the deploy- ment of IT assets and capabilities, as well as the breadth of IT use, as reflecting the extent to which IT assets and capabilities are used to support work processes across the organization. Ta
b le
2 P ri o r lit e ra tu re
o n IT G
su cc
e ss
d e te rm
in a n ts
R ef er en ce
C on ce pt u a li za ti on
R es ea rc h
ap pr oa ch
E m pi ri ca l ba si s
Su cc es s d et er m in an
ts
R ib b er s et al .
(2 00 2)
O rg an iz at io n al m o d el o f d ec is io n m ak in g
C as e st u d y
9 la rg e co m p le x o rg an iz at io n s
in E u ro p e an d N o rt h A m er ic a
● M et h o d o lo gi ca l co m p re h en si ve n es s
● St ra te gi c in te gr at io n o f b u si n es s an d IT
d ec is io n s
● B u il d in g co ll ab o ra ti ve
re la ti o n sh ip s an d sh ar ed
u n d er st an d in g
am o n g ke y st ak eh o ld er s
G u ld en to p s
(2 00 4)
In te rn al co n tr o l o f IT
C o n ce p tu al
n /a
● F o rm
in g IT
st ra te gy
an d IT
st ee ri n g co m m it te es
● A li gn in g IT
an d th e b u si n es s in
st ra te gy
an d o p er at io n s
● C as ca d in g o f IT
go al s an d st ra te gy
● A p p ly in g em
er gi n g m an ag em
en t b es t p ra ct ic es
● Im
p le m en ti n g a go ve rn an ce
an d co n tr o l fr am
ew o rk
fo r IT
W ei ll (2 00 4)
F ra m ew
o rk
fo r d ec is io n ri gh ts an d
ac co u n ta b il it ie s
Su rv ey ,
ca se
st u d y
25 0 en te rp ri se s in
23 co u n tr ie s
● T ra n sp ar en cy
o f th e IT
d ec is io n s
● A ct iv el y d es ig n ed
IT ● In fr eq u en tl y re d es ig n ed
IT G
● E d u ca ti o n ab o u t IT G
● Si m p li ci ty
o f th e go ve rn an ce
ar ra n ge m en ts
● E xc ep ti o n -h an d li n g p ro ce ss
● G o ve rn an ce
d es ig n ed
at m u lt ip le o rg an iz at io n al le ve ls
● A li gn ed
in ce n ti ve
an d re w ar d sy st em
s
IT governance success and its impact Buchwald et al. 131
Table 2 Continued
Reference Conceptualization Research approach
Empirical basis Success determinants
Ali and Green (2005, 2007)
Structure of relationships and processes to control the IT
Survey 176 members of ISACA Australia (thereof 54 responses from public sector organizations)
● Forming an IT strategy committee ● Senior management involvement ● Culture of compliance ● Adequate corporate communication systems
Bowen et al. (2007)
IT-related decision-making structure and methodologies for planning, organizing, and controlling IT activities
Case study Large Australian company ● Shared understanding of the business and IT objectives ● Active involvement of IT steering committees ● Balance of business and IT representatives in IT decisions ● Comprehensive and well-communicated IT strategies and policies
De Haes and Van Grembergen (2008)
Mixture of structures, processes, and relational mechanisms
Delphi research
22 experts from Belgian financial services sector
● ITG structures ● ITG processes ● ITG relational mechanisms
Lee et al. (2008a, 2008b)
Decision rights and accountabilities, strategic alignment between IT and business, organizational structure of relationships
Survey 96 leading enterprises in Korea ● Stakeholder involvement ● Clear ITG principles and policies ● Adequate organizational cultures ● Active communication ● Clear ITG processes ● Adequate support for financial resources ● Adequate support for time resources
Huang et al. (2010)
Framework for decision rights and accountabilities
Case study Three organizations located in the mid-west USA
● IT steering committees ● IT-related communication
Nfuka and Rusu (2010, 2011)
Mechanisms for leadership and organizational structures and processes
Survey 135 Tanzanian public sector organizations
● IT leadership ● Senior management support ● IT/business communication and partnership ● Stakeholders’ involvement ● Define and align IT strategies to corporate strategies ● Governance of IT structures ● Well-communicated IT strategies and policies ● Provide ITG awareness and training ● Competitive IT professionals ● Defining and tracking of benefits
IT g o v e rn
a n ce
su cce
ss a n d its
im p a ct
B u ch
w ald
et al.
1 3 2
According to the ITGI (2007), effective ITG generates real business benefits, such as enhanced reputation, trust, product leadership, time-to-market, and reduced costs, all of which increase stakeholder value. Lee et al. (2008a, 2008b) agree with these outcomes and emphasize the additional role of ITG in mitigating IT risks. On the basis of their analysis of extreme cases, De Haes and Van Grembergen (2009a, 2009b) conclude that business–IT alignment maturity is higher in organizations that apply a combination of mature ITG practices. Heart et al. (2010) confirm a positive relationship between ITG and IT- enabled enterprise adaptability by analyzing survey data gathered from executives in medium-sized to large Israeli organizations. A study by Weill and Ross (2004) indicates that well-structured ITG can have positive effects on corporate performance. The results of their survey of 256 corporations suggest that the best-performing enterprises show a return on assets (ROA) of more than 40% compared with the values achieved by their competitors. Similarly, on the basis of 19 case studies of major multinational corporations, Lazic et al. (2011a, 2011b) suggest that ITG is positively related to business performance through the mediators IT relatedness and business process relatedness. Finally, drawing on strategic alignment and coordination theories, Liang et al. (2011) show that strategic alignment is a major factor that mediates the effect of ITG on firm performance.
From our literature review (see Table 3), we conclude that previous research gives some indication of how successful ITG initiatives have a certain business impact. However, this impact dimension has rarely been empirically analyzed in a multi- dimensional way, and often only focuses on specific implica- tions, such as improved business IT/alignment or IT efficiency. Thus, we believe that previous findings could be advanced by a broader and more in-depth exploration of the different ITG consequences and how they interrelate with each other.
Methods
Research approach ITG is a notion that is hard to grasp (Webb et al., 2006). Previous research examined different aspects of ITG in diverse contexts that often have different understandings of the con- cepts under investigation. Theory building is further hampered by ITG implementations’ lack of theoretical underpinnings (De Haes and Van Grembergen, 2009a). We therefore chose an exploratory approach for this research endeavor. Accordingly, we followed a qualitative-empirical research design – an established approach to analyzing strategic IT planning issues in practice (Wu et al., 2006) – to address our research questions. According to Benbasat et al. (1987: 369), this kind of research is particularly applicable to ‘sticky, practice-based problems where the experiences of the actors are important and the context of action is critical.’ Drawing on recommendations by Klein and Myers (1999), we subsequently initiated a field study based on interviews to look for empirical patterns that would explain ITG success and its impact. Thereby, our study’s unit of analysis is the organization implementing ITG.
Data collection To collect data, we carried out 25 guided interviews com- prising 28 IT decision makers at the medium and top Ta
b le
3 P ri o r lit e ra tu re
o n IT G
co n se
q u e n ce
s
R ef er en ce
C on ce pt u al iz a ti on
R es ea rc h ap pr oa ch
E m pi ri ca l ba si s
C on se qu
en ce s
W ei ll an d R o ss
(2 00 4)
F ra m ew
o rk
fo r d ec is io n ri gh ts an d
ac co u n ta b il it ie s
Su rv ey
25 6 co rp o ra ti o n s
● C o st -e ff ec ti ve
u se
o f IT
● E ff ec ti ve
u se
o f IT
fo r as se t u ti li za ti o n
● E ff ec ti ve
u se
o f IT
fo r gr o w th
● E ff ec ti ve
u se
o f IT
fo r b u si n es s fl ex ib il it y
● In cr ea se d co rp o ra te p er fo rm
an ce
th ro u gh
im p ro ve d R O A
B o w en
et al .
(2 00 7)
IT -r el at ed
d ec is io n -m
ak in g st ru ct u re
an d
m et h o d o lo gi es
fo r p la n n in g, o rg an iz in g,
an d co n tr o ll in g IT
ac ti vi ti es
C as e st u d y
L ar ge
A u st ra li an
co m p an y
● L ik e W ei ll an d R o ss (2 00 4)
● C o m p li an ce
w it h th e le ga l an d re gu la to ry
re q u ir em
en ts
IT G I (2 00 7)
L ea d er sh ip
an d o rg an iz at io n al st ru ct u re s
an d p ro ce ss es
C o n ce p tu al
n /a
B u si n es s b en efi ts fo r st ak eh o ld er s, fo r ex am
p le
● E n h an ce d re p u ta ti o n
● T ru st
● P ro d u ct le ad er sh ip
● Sh o rt ti m e- to -m
ar ke t
● R ed u ce d co st s
L ee
et al .
(2 00 8a ,
20 08 b )
D ec is io n ri gh ts an d ac co u n ta b il it ie s,
st ra te gi c al ig n m en t b et w ee n IT
an d
Su rv ey
96 le ad in g en te rp ri se s
in K o re a
● L ik e IT G I (2 00 7)
● M it ig at ed
IT ri sk s
IT governance success and its impact Buchwald et al. 133
management levels (CIO, CFO, CEO, Director of IT Govern- ance, etc.), as they are usually responsible for establishing and maintaining ITG (ITGI, 2003). The 28 interviewees were from 19 multinational organizations headquartered in Europe (Germany, Austria, and the Netherlands). Our selection of organizations can be considered a convenience sample as it allowed us to achieve this relatively large number of inter- viewees. However, drawing on the concept of theoretical replication (Benbasat et al., 1987; Yin, 2009), we tried to achieve sufficient variation across the organizations with respect to industry, size, IT/business structure, and IT/busi- ness strategy to avoid any bias in this regard. We consequently considered companies from different fields and industries (Table 4).
The interviewees were recruited by means of invitation letters sent via post and email to 152 IT decision makers. Of these IT decision makers, 141 were sampled from the client network of a German management consulting company, which previously had dealings with those IT decision makers. The remaining 11 possible interviewees were sampled from the corporate partners’ network of the authors’ univer- sities. A total of 27 organizations responded to our inquiry, while 19 gave their consent to be interviewed. Eventually, we conducted 25 interviews with one or, in three cases, two interviewees simultaneously between May and September 2011. The interview process was supported by an interview guide with 42 questions on the interviewees’ and their organizations’ demographics, as well as their understanding, implementation status, development path, and – of particular importance for the research presented in this paper – the determinants and consequences of ITG. The final interview guide is provided in Appendix to this paper. We pre-tested the interview guide by having extensive discussions with two researchers who were not involved in the project and one subject matter expert as well as one pilot interview. As a result of the pilot interview, the interviewees were given access to a more aggregated form of the interview guide and an information package about the study in general beforehand to support their pre-preparation. The interviews lasted between 1.5 and 2 h each. For 11 of the interviews, there were two interviewers, while only one was used for the remaining 14 interviews. We conveyed the length of the interview to the interviewees beforehand, thus addressing their time con- straints and increasing the likelihood of cooperation. In addition, all the interviewees were briefed on the guaranteed anonymity and consented to the interview being recorded. Furthermore, we took field notes to support the analysis process. At the beginning of the interviews, we asked the informants how they understood ITG to avoid misunder- standings and assure content validity. During the interviews, we compared the interviewee’s understanding with our initial ITG definition and used the interviewees’ answers to steer the conversation in order to take advantage of emergent themes and unique aspects of the interviewee (Eisenhardt, 1989). All the interviews were then transcribed and stored in a database.
Data analysis We relied on the guidelines for case-based theory building (Eisenhardt, 1989; Eisenhardt, 1991; Dooley, 2002) and pro- ceeded to analyze the collected empirical data in two phases. First, in the within-case analysis, we focused on identifying theTa
b le
3 C o n tin
u e d
R ef er en ce
C on ce pt u al iz a ti on
R es ea rc h ap pr oa ch
E m pi ri ca l ba si s
C on se qu
en ce s
b u si n es s, o rg an iz at io n al st ru ct u re
o f
re la ti o n sh ip s
D e H ae s an d
V an
G re m b er ge n
(2 00 9a ,2 00 9b )
L ea d er sh ip
an d o rg an iz at io n al st ru ct u re s
an d p ro ce ss es
L it er at u re
re se ar ch ,p
il o t ca se
re se ar ch ,d
el p h i re se ar ch ,
b en ch m ar k re se ar ch ,e xt re m e ca se
re se ar ch
33 co m p an ie s o f th e
B el gi an
fi n an ci al
se rv ic es
se ct o r
● Im
p ro ve d b u si n es s– IT
al ig n m en t m at u ri ty
H ea rt et al .
(2 01 0)
F ra m ew
o rk
fo r d ec is io n ri gh ts an d
ac co u n ta b il it ie s
Su rv ey
38 6 em
p lo ye es
o f
m ed iu m -s iz ed
to la rg e
Is ra el i o rg an iz at io n s
● In cr ea se d IT -e n ab le d en te rp ri se
ad ap ta b il it y
H u an g et al .
(2 01 0)
F ra m ew
o rk
fo r d ec is io n ri gh ts an d
ac co u n ta b il it ie s
C as e st u d y
T h re e o rg an iz at io n s
lo ca te d in
th e m id -w
es t
U SA
● E ffi ci en cy
o f IT
u se
● In cr ea se d b re ad th
o f IT
u se
L az ic et al .
(2 01 1a ,2 01 1b )
F ra m ew
o rk
fo r d ec is io n ri gh ts an d
ac co u n ta b il it ie s
C as e st u d ie s
19 m aj o r m u lt in at io n al
co rp o ra ti o n s
● In cr ea se d b u si n es s p er fo rm
an ce
th ro u gh
IT re la te d n es s an d b u si n es s p ro ce ss re la te d n es s
L ia n g et al .
(2 01 1)
F ra m ew
o rk
fo r d ec is io n ri gh ts an d
ac co u n ta b il it ie s
Su rv ey
33 4 re sp o n se s fr o m
16 7
T ai w an es e fi rm
s’ b u si n es s an d IT
ex ec u ti ve s
● In cr ea se d fi rm
p er fo rm
an ce
th ro u gh
b et te r
st ra te gi c al ig n m en t
IT governance success and its impact Buchwald et al. 134
concepts that either contributed to ITG success or caused problems that the companies had to overcome, as well as on the impact that ITG success had on the observed organiza- tions. In order to make this distinction, we explicitly raised questions on ITG success determinants and questions on their impacts to the interviewees and discussed their responses in depth. Second, we carried out a cross-case analysis to search for similarities and differences between the sample organiza- tions. This approach enabled us to identify patterns that could potentially be included in a framework to explain ITG success and its impact. The interviews thus helped us gradually identify the framework’s constituent elements. In order to ensure comparability of our results, we only considered those interviews for our analysis in which the interviewees had, by and large, a shared understanding of ITG. As a result, one interview (#17) had to be excluded from the analysis, as the interviewers’ understanding of ITG was largely centered on operational IT management tasks. Two researchers involved in this study coded the interview transcripts and proceeded in a complementary way. We started our data analysis without a fixed coding scheme; all the data was initially open-coded. Open-coding refers to dividing, compar- ing, forming, and categorizing data into meaningful elements. Thus, we scanned the interview transcripts and the field notes for similarities and differences, and assigned codes to these. Overall, we created 576 codes in this first step. Later, the two researchers reconciled the used codes in four 3-h
discussion sessions by merging analogous codes and resolving conflicting codes, which resulted in 430 codes. During axial coding, the constructs identified in the open-coding process were grouped into synthesizing categories. We then con- densed the codes resulting from the open-coding process to 45 categories.
We illustrate our data analysis process with the following example of how the success determinant top management commitment emerged. The number in brackets indicates the number of distinct interviews to which the codes were assigned. During the open-coding process, we attached the codes ‘IT reports to the board of directors’ (7), ‘CIO is part of the board of directors’ (6), ‘IT awareness by the board of directors’ (9), ‘Top Management Commitment’ (15), and ‘Board of directors provides required resources’ (10), among others, to the transcripts. In the second round of coding, axial coding, the single codes revealed the overarching success determinant to be the top management commitment (15) category. Table 5 provides a summary of excerpts from the codes that were included in exemplary axial categories. In order to derive the propositions in our model, we not only identified constructs in our transcripts, but also marked how these constructs relate to one another. The empirical ground- ing of each proposition is thus provided next to each proposi- tion. We extracted quotes of our interviewees in which they address the relationship between both constructs. The data analysis was conducted using the qualitative data analysis
Table 4 Profile of companies
Number Industry Revenues (billion EUR)
Employees Interviews (interviewees)
Interviewee role(s)
1 Higher education 0.035 500 1 (1) Chief Information Officer 2 Manufacturing 4 21,000 1 (1) Chief Information Officer 3 Stock exchange 100a 300 1 (2) Chief Information Officer, Head of IT Service
Management 4 Financial services 1850b 102,000 2 (3) Head of IT Transformation, Delivery & Program
Manager, Director of Central Program Office 5 Financial services
(IT service provider) 1.4 2800 3 (3) Head of Organization Department, Key Account
Manager, Head of Information Systems Group 6 Automotive 127 435,000 1 (1) Head of Information Systems, Communication &
Governance, Risk and Compliance 7 Chemicals and pharmacy 9 22,000 1 (1) Chief Financial Officer 8 Consulting 0.1 450 1 (1) Chief Information Officer 9 Financial services
(IT service provider) 0.03 70 1 (1) Head of Administration & Controlling
10 Financial services 10b 5000 1 (1) Chief Information Officer 11 Telecommunications 62 247,000 3 (3) Head of HR Demand & Vendor Management,
Head of Program Management & Strategy, Head of Project Management
12 Consumer goods 6 18,000 1 (1) Director of IT Governance 13 Automotive 15 48,000 1 (1) Head of IT Governance & Strategy 14 Aid organization 0.3 8000 1 (1) Chief Information Officer 15 Professional association 0.125 1100 1 (1) Chief Information Officer 16 Chemicals and pharmacy 23 47,000 1 (1) Chief Information Officer 17 Media and publishing 0.07 400 1 (2) Chief Executive Officer, Chief Information Officer 18 Manufacturing 6 24,000 2 (2) Chief Executive Officer, Chief Information Officer 19 Transportation 0.3 3000 1 (1) Chief Information Officer aTrading turnover. bBalance sheet total.
IT governance success and its impact Buchwald et al. 135
software Atlas.ti Version 6.2, which also served as our field study database.
After finishing the data analysis, we distributed our study’s result report, comprising descriptive statistics and the proposed model of ITG success and its impact, to our interviewees. We received feedback from two interviewees (organizations 9 and 12) who were both in favor of our model. One of them (organization 12) pointed out: ‘I highly appreciated the model which is very helpful to me. In my eyes, it portrays the prerequisites for successful IT governance and its value added to an organization very well.’
Empirical findings Delving deep into the data allows for a more in-depth under- standing and traceability of our qualitative research inquiry. In the next four sections, we extensively draw on interviewees’ responses in order to describe the understandings, triggers, problems and challenges, as well as the organizational impact of ITG. In the first section, we synthesize the different under- standings of ITG in previous research and establish our reconciled definition. Furthermore, we highlight the triggers for ITG implementations and their respective problems and challenges in this undertaking in the succeeding section. Finally, the last section describes how ITG impacts the organizations investigated in this study.
Understanding of ITG As mentioned in our foundations section, ITG has become an umbrella term for various aspects both in research and in practice. In other words, the term is still fuzzy, and there are as many definitions for ITG as there are studies in this domain. Previous studies have largely taken their own routes,
without having converged into a cumulative body of knowl- edge. In order to provide clarity on the term ITG, we asked our study’s participants about their understanding of ITG as a first step. The IT manager of a stock exchange commented on the nature of governance using an analogy of the highway: ‘Where we are driving is part of the strategy. Why we are driving this way is also part of the strategy. But why are there crash barriers on the left and right hand side of the road? Why are there road signs? Why do we have to hold up to them? Where am I allowed to accelerate up to 200 km/h? Where am I only allowed to park for one hour? All of that is part of governance!’ Similarly, the IT manager of a tele- communication company summarized: ‘In essence, govern- ance means that I cede certain responsibilities and accept the decisions of others and align my duties according to those guidelines.’
The manager continues his understanding of ITG: ‘With regard to steering the IT organization, from my point of view, IT governance not only involves the steering of single aspects, but the assurance that all parties together are proceeding in the right way. However, this of course implies that the parties can actually be steered!’ An executive of a financial services organization sees ITG as ‘the steering of investments, the alignment of the IT strategy with the business strategy, as well as the deliberate and active steering of complexity.’
Even though the understanding of ITG varies among the interviewees and organizations, almost all of them share the understanding of ITG as the steering of IT within organiza- tions. In this respect, most of the interviewees highlight a holistic approach to the steering of the IT organization. More precisely, ITG should not only cover single aspects (e.g., IT management-related) or some parts of the IT organization, but rather, ITG should comprise all IT aspects
Table 5 Sample categories resulting from axial coding
Category Quantity of category Sample of the code
Success determinant: adequacy of regulations 13 ● Right relationship between latitude and limit ● Practical and compact governance ● Helpful guideline for daily work
Success determinant: top management commitment 15 ● IT reports to the board of directors ● CIO is part of the board of directors ● IT awareness by the board of directors ● Board of directors provides required resources
Success determinant: persuasiveness of communication 10 ● Explain the reasoning behind the ITG process ● Communicate ITG process in work groups ● Set an example for ITG
Goal: increase in transparency 16 ● Increase process transparency ● Increase costs transparency ● Emphasize the added-value of IT
Goal: increase in business/IT alignment 11 ● IT supports the divisions better ● IT is a business enabler ● Sustainable integration of business and IT
Goal: increase in efficiency 15 ● Optimize resource allocation ● Achieve consistent quality standards ● Reap synergy effects
IT governance success and its impact Buchwald et al. 136
and the whole IT organization. Within the steering of the IT organization, the understanding varies according to the interviewees’ different priorities. Specific governance aspects, such as application governance or project governance, are highlighted. In order to achieve their objectives, many inter- viewees determine responsibilities, processes, and structures. Overall and despite the heterogeneous understanding of ITG in theory and practice, the understanding of ITG among the interviewees of this study is quite similar. Accordingly, for the remainder of our study, we adopt this broad and comprehensive understanding of the ITG concept as a holistic approach for steering and strategic controlling the IT organi- zation with the objective of implementing the IT strategy.
Trigger for ITG The interviewees presented a colorful array of reasons why organizations decide to implement ITG. Among many others, the reason most commonly cited is that executives are not satisfied with their ability to steer the IT organization. While this aspect and many others are quite diverse, they essentially stem from the same root. The label that can most appro- priately be attached to this root is increasing complexity. An executive of a stock exchange highlights that IT is increasingly pervasive in businesses and their processes and summarizes: ‘IT has become ubiquitous. All our business divisions involve IT. IT has become so complex. Our core business and all of our core business processes completely depend on and are processed by IT.’ For instance, due to increasing complexity, executives feel that they can no longer steer the IT organiza- tion as well as they could in the past. In other words, ITG is a response to the challenge of increasing complexity by which executives hope to regain their steering ability of the IT organization. The head of HR demand and vendor manage- ment of a telecommunication organization even concludes: ‘We reached a point where the assumption that IT cheapens all processes is no longer necessarily true, but at which IT also possibly increases complexity and costs.’ However, what triggers induce increased complexity, and can subsequently be counter-balanced by ITG? The interviewees’ responses can, by and large, be grouped into two categories: (a) internal triggers and (b) external triggers.
Internal triggers are related to pursuing increasing effi- ciency in the organization, which comprises aspects such as the introduction of end-to-end responsibility and the align- ment of business and IT. The goal of the IT service provider of a financial services organization is to introduce end-to-end responsibility from IT demand management to IT operations, which triggers the introduction of ITG. Earlier on, when the IT service provider was only responsible for providing the software, executives on the client and provider side found that too much efficiency was lost when the involved parties were going back and forth during the software development process. More importantly, the provider not only served a single client, but had to undergo the back and forth with each of the autonomous business divisions during the devel- opment process. Accordingly, in this case, the need to consolidate various autonomous business divisions’ IT opera- tions is part of the quest for end-to-end responsibility. An executive of the IT service provider summarizes: ‘We wanted to exploit synergies by consolidating the development process and IT operations of the business units. We explicitly decided
to set up a preparation project whose goal was to introduce all necessary structures, procedures, and contracts, before we could pursue the actual goal. This preparation triggered the introduction of our IT governance.’
Similar to the trigger of the end-to-end responsibility above, the need to collaborate among multiple organizations trig- gered the introduction of the ITG in a manufacturing organization. In that organization, value creation no longer occurs only within the boundaries of the manufacturing organization, but also by combining skills and capabilities across organizations to build a product. The CIO of the manufacturing organization highlights: ‘This evident pressure to overcome the boundaries triggered the introduction of our IT governance. It enabled us to introduce and combine the required processes, resources, and decision rights. It also helped us make available the required resources for its implementation. If any part of it was missing, the process would have slowed down or even stopped.’
External triggers describe factors whose focus point is outside the organization. The interviewees primarily refer to external pressure to change, which comprises market pressure and, especially in the financial services industry, regulatory pressure. Interviewees in two manufacturing organizations see the internationalization of an organization as a major external trigger for an ITG. Likewise, mergers of organizations, a major change in business segments, or major outsourcing decisions call for an adjusted ITG. Whereas informal communication is often adequate in smaller settings (e.g., organizations with a manageable number of subsidiaries), it often fails in larger or rapidly growing organizations. As the CEO of a manufactur- ing organization sums up: ‘In our increasingly international environment, the “Hey Joe” approach [i.e., informal commu- nication] won’t work any longer. Instead, more formal IT governance needs to be established.’
Another external trigger of ITG is legal regulations. Orga- nizations in the financial industry are forced to implement more and more regulations (e.g., Basel III or Minimal Requirements to Risk Management in Germany). Most of these regulations also have a strong influence on organiza- tions’ IT. In the case of an IT service provider in the financial industry, those regulations have had a significant impact on its operations. Auditors increasingly demand and examine exten- sive documentation (e.g., processes, structures, or responsibil- ities). The executive of the organization summarizes the following: ‘Our IT governance has been and is constantly propelled by legal regulations.’
Implementation of ITG In their quest to implement and further develop ITG, organi- zations are confronted with a set of diverse problems and challenges. The interviewees point out that the most salient issue on this journey is the delineation of responsibilities. This problem is twofold and comprises the delineation of respon- sibilities within the IT organization, as well as between the IT organization and the business divisions. The first aspect refers to the question as to how centralized or decentralized the management of IT should be. For instance, to what extent should the centrally managed ITG prescribe IT processes to its subsidiaries, or should IT operations be regulated? When considering those questions during the implementation of ITG, interviewees stress the importance of comprehensible
IT governance success and its impact Buchwald et al. 137
and adequate regulations. While the degree of centrality of IT is clearly an issue that is internal to the IT department, the second part concerns the delineation of responsibilities between the IT department and the divisions of the organiza- tion. Aspects related to this tension are, for instance, whether IT and divisions meet on a level playing field, whether IT is closely integrated into the demand management process of the divisions, whether IT is perceived as a business-enabler or as a necessary evil, or whether IT has the power of veto in case of divisional demands that would turn the existing architec- ture upside-down. An executive of a large telecommunication company argues: ‘IT governance implies that the IT depart- ment has the power of veto in case divisions want to implement IT systems, which may be beneficial from a local divisional perspective but which are not compliant with the overarching architecture. In this case, our task is to say “no” and make suggestions for how the proposed IT systems can be aligned with the overarching architecture.’ This comment highlights the attitude that most interviewees see as crucial when implementing ITG: it is not enough to reject business initiatives in the case of misalignment, but to be business- oriented and to provide constructive suggestions on how the IT and business perspective can be combined.
In addition to the delineation of responsibilities, intervie- wees point out the importance of increasing all business divisions’ commitment to the ITG. For the time being, according to the interviewees, the majority of employees in organizations generally consider ITG restricting, inconveni- ent, and not useful. Employees often find it hard to grasp the added value associated with ITG in the first place. Similarly, interviewees emphasize that heads of business divisions, who are depicted by the term ‘principalities,’ are also likely to play their own game. Especially in situations where a business division has had immediate or privileged access to IT in the past that would be put at risk due to the upcoming ITG or a business division is financially indepen- dent of the central organization, commitment to the ITG was particularly cumbersome to achieve. The ITG director of a consumer goods organization argues: ‘The change in accountabilities may not be beneficial from a local point of view, but is absolutely beneficial in terms of the big picture. This main problem involves the acceptance of IT governance. The major challenge is to address every job role concerned and convince employees that it is necessary to cede certain respon- sibilities while, simultaneously, conveying that this path is the best for the organization. This has been the major challenge so far and still leads to resistance and dissatisfaction.’ Sum- marizing the remarks above, interviewees stress the right breadth and depth of ITG, as well as intensive communica- tion of ITG in work groups in order to ensure different business divisions’ commitment to ITG and overcome the resistance to change.
Interviewees consider missing resources, including person- nel and budget resources, another major obstacle to the implementation of ITG. In terms of personnel, qualified resources are required that design, reconcile, and implement ITG in the organization. Such qualified resources are not available in some of the organizations investigated in this study. More specifically, IT personnel in these organizations primarily consist of employees who have focused on tradi- tional IT operations. These employees who were used to set up and implement systems themselves would need to adopt
a steering role and are usually not experienced in the ITG components, which is why interviewees often needed to recruit qualified personnel for this task. This point touches on the second aspect that the interviewees highlight: the implementation of ITG also needs financial resources. The IT director of a financial services organization’s IT service provider made the following point: ‘IT governance costs money. You cannot do IT governance on Friday afternoons while preparing for the weekend. You need dedicated people.’
Organizational impact of ITG At the beginning of the ITG’s implementation, many inter- viewees admitted that they experienced resistance to the project. The more privileges and traditional customs were at risk, the more visible and nonvisible influences there are on ITG. Especially in organizations in which IT has grown organically over decades in each of the business divisions, which are almost isolated from one another, strong efforts were made to preserve the status quo. The CFO of a large chemical company highlights: ‘Our business divisions are independent; they have their own profit/loss statements. It even took ages for the mere idea of establishing a centrally- managed division [the IT governance group] to not be out- right rejected.’ In contrast, other interviewees state that in newly established subsidiaries, for which no risks are at stake, standards, such as ITG, are much easier to establish and maintain. The process executive of a large automotive com- pany points out: ‘We were fortunate in that we did not have to change an established organization but could start from scratch with our standards in new sites in India, Russia, and the USA. In such greenfield projects, it is much easier to establish standards. We only had to prove that our standards work out. In existing sites, however, you face significant resistance towards changing the traditional approach.’
Interviewees point out that, over time, the ITG implemen- tation has helped the organization shift the IT organization’s role so that it focuses more on consulting and enabling. Particularly due to the improved alignment of business and IT, as well as the increased business orientation of the IT organization, the perception of business divisions regarding the IT organization has significantly improved. An executive of a large communication organization summarizes: ‘The IT organization takes a leap from a simple assistant role in business processes towards a consulting role in the business on a level playing field, in which the IT influences the business.’ Interviewees from other organizations acknowledge a similar trend. The head of ITG and strategy at an automotive orga- nization comments: ‘Of course, our core value added is not IT. However, we now acknowledge how much IT supports business divisions by helping them reduce costs, and increase flexibility and transparency. In the past, the IT organization was perceived as a group of grubby kids, which only caused costs. These days, however, the perception is completely different, and the importance and the enabler role of the IT organization are acknowledged across our business divisions. Now, each business division strives for a high IT budget and more IT personnel to enable its business.’ As the role of the IT organization has changed in the context of ITG implemen- tation, the IT organization is perceived as a service provider, and the added value of the IT organization is increasingly appreciated by business divisions.
IT governance success and its impact Buchwald et al. 138
Model development In this section, we synthetize the empirical findings from the 25 interviews we undertook for our study of antecedents of ITG success and its impact on business. We define and describe the identified constructs and conclude this section by making propositions for how the constructs are interrelated and how they contribute to or result from successful ITG.
First, we define ITG success as the extent to which a clearly defined and transparent set of structures, processes, and standards exists that is accepted throughout the organization and integrated into the daily work routines. This triad of ITG success thus includes the implementation of ITG, its adoption by the company, and, finally, its diffusion throughout the company. This definition implies that the governance regime’s steering and controlling processes are clearly communicated to the IT staff, so that they are well understood and obeyed. The documentation of the ITG regime is complete, up to date, and actively distributed to all relevant parties. IT managers are trained and exercise their accountabilities. As far as governance processes are relevant to the business they are also considered during business changes. A dedicated IS may support the steering and controlling processes. Moreover, these processes are subject to regular self-performed assess- ments to ensure compliant behavior. Thus, this understanding corresponds to the enterprise-wide maturity level of ITG performance proposed by the ITGI (2007) and adopted by Lee et al. (2008a, 2008 b). The analysis of our empirical data reveals that successful ITG is determined by the comprehen- sibility and adequacy of the regulations, the understanding of the IT value chain, the level of top management commit- ment, the persuasiveness of the communication, as well as IT’s business orientation.
One of the major factors for successful ITG is comprehen- sible regulations. The construct comprehensibility of regula- tions is defined as the extent to which the internal regulations defined by the ITG are clear, simple, and consistent, and thus understandable to the whole organization. This construct is supported by Weill (2004), who argues that governance arrangements also need to be simple in order to be successful. Lee et al. (2008b) have a similar focus and highlight the need for clear ITG processes. In terms of empirical evidence, this construct and its relationship to ITG success is supported by 15 organizations (1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 13, 14, 15, 18, and 19). When analyzing the cases of this study, we find that regulations need to be tailored to the specific organiza- tion, need to be pragmatic, and need to be meaningful. An executive of a financial services organization stated: ‘IT gov- ernance needs to be structured in such a way that it is pragmatic and does not appear as a large elephant but in small bites that can be both easily digested by and well explained to the organization.’ Similarly, an executive of another financial services organization highlights: ‘One of the most important success factors is to not be wooed by the fad of a vast number of KPIs, but to focus on the ones relevant for steering, which are usually still quite abundant. If in doubt, everything can be measured according to its KPIs, but then, IT governance will not be successful. Also, you have to have the guts to abandon service reports that were implemented once but are no longer needed.’ Elaborating on the latter aspect, some interviewees also point out that top management needs to take action based on aggregated KPIs of the ITG. If top management does not
show commitment to act based on them, rather ignores them, or does not want to discuss the relevant numbers with the people in charge of the KPIs, those people will at some point stop paying or at least pay less attention to measuring the KPIs. Accordingly, we propose:
Proposition 1: The greater the comprehensibility of ITG regulations, the greater the ITG success.
In addition to the comprehensibility of regulations, the adequacy of regulations refers to the extent to which ITG is designed to support the efficient steering and controlling of the IT organization. This includes three constituent character- istics of the governance regime. First, ITG offers a balance between binding regulations and freedom of action, which prevents the demotivation of employees and leads to a higher degree of acceptance and adherence during daily work. Second, the ITG regime has to be detailed enough so that individuals understand how it impacts their work environ- ment and act accordingly. Third, the governance only com- prises those structures, processes, and relational mechanisms that serve controlling and steering purposes. This implies that overly complex and bureaucratic approaches should be avoided to keep costs down and reduce the administrative burden. While the construct of adequacy and its relationship to ITG success has, to the best of our knowledge, not been discussed in previous ITG literature, it is strongly supported by empirical evidence from 13 organizations (1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 16, 18, and 19). One executive reports: ‘I discarded the existing [IT governance] document on my second day of work and made them delete everything related to it. It was not useful at all! IT governance’s objective is to provide a guideline that supports employees in their daily work; not one that becomes dusty on the shelf of bureaucracy.’ Similarly, almost every interviewee mentioned the right depth of regulation. The head of an IT service provider in the financial services industry argues: ‘It is important to stop imposing regulations at a certain point by saying “this is our IT governance, and it covers aspects up to this point. From this point onwards, there is a black box in which the IT department can decide on its own how to achieve objectives.” It is important to not regulate every single detail and impose procedures, but to deliberately leave some latitude.’ The IT executive of a stock exchange proceeds in a similar way, also highlighting the importance of decisions: ‘Everyone wants to steer the IT organization. However, if 27 bodies and 25 people from business divisions want to voice their opinion on whether or not to invest, the steering is turned upside-down. A major success factor is therefore the right depth of regulation such that sufficient flexibility is maintained but that business divisions think that business and IT are aligned. At my previous employer, a bank, IT decisions were very strained. Every single business division wants to have a voice and the governance structure allows for this. Accordingly, there are bodies, bodies, and bodies, but no decisions are made!’ Accordingly, we propose:
Proposition 2: The greater the adequacy of the ITG regulations, the greater the ITG success.
In addition to the adequacy of the regulations, the construct understanding of the IT value chain refers to the extent to which the process of the IT value generation is understood in the IT organization. Empirical evidence from seven organiza- tions (3, 4, 5, 6, 11, 14, and 18) supports this construct and its
IT governance success and its impact Buchwald et al. 139
relationship to ITG success. The CIO of an Aid organization provides the following example: ‘Assume a production line on which the C-Model [car type] is assembled. No board member comes up with the idea to say “The C-Model is nice but I would like the rear part of the car to look like the A-Model, the center should remain that of the C-Model, but the front part should look like the S-Model.” Everybody knows that this is just nonsense. If this is to be achieved, a new development cycle needs to be triggered and a completely new car needs to be built. This is quite similar to IT.’ As the quote highlights, the processes how IT value is generated in an organization need to be well understood, which involves the awareness of the IT processes with its respective predecessors and successors. An in-depth understanding of the IT value chain is necessary in order to define appropriate structures, processes, and relational mechanisms that are aligned to the value generation processes of the IT organization. Accord- ingly, we propose:
Proposition 3: The higher the understanding of the IT value chain, the greater the ITG success.
Next to the understanding of the IT value chain, top management commitment is seen as a major success factor for the introduction of ITG. The construct top management commitment refers to the extent to which top management promotes the ITG activities by means of steering, commu- nicating, providing resources, and advising. Many prior studies have highlighted top management commitment. For instance, Lee et al. (2008a) considers a lack of various senior and top management commitment factors inhibiting to successful ITG. Similarly, Nfuka and Rusu (2011) list the involvement and support of senior management as a critical success factor for ITG. Overall, empirical evidence from 15 organizations (1, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, and 19) support this construct and its relationship to ITG success. In many cases, interviewees pointed out the need for both budget and personnel resources when attempt- ing to implement ITG. Even though we expect it would not come as a surprise to most people, this success factor is particularly salient among the interviewees. In order to oppose an often-heard claim by management that ITG could simply be conducted within the IT organization along with daily work, the head of administration and controlling of a financial services organization’s IT service provider argues: ‘The major failure factor of management is just to say “These should be our new structures, these should be our new processes,” without committing the necessary budgets for the implementation.’ This highlights the necessity for ITG processes and general conditions to be defined and equipped with sufficient resources. Similarly, the CIO of a manufacturing organization concludes: ‘IT governance implies getting one’s chequebook out from the beginning, which is hampering the progress towards IT governance in our case and probably in many others as well. The reason why organizations refrain from the investment is that IT is running − somehow.’
Furthermore, top management commitment not only refers to the senior executives, but also to the operative management who has to advocate the introduction of ITG and enforce its application on an ongoing basis. Similarly, interviewees find it helpful if there is a single person (champion) who constantly promotes the topic. The project manager of a financial services
organization points out: ‘IT governance has to be sufficiently supported by top management. Otherwise, everyone who is being steered will work against it.’ Similarly, the CIO of an automotive organization concludes: ‘It is completely useless to attempt to introduce IT governance if there is no management commitment. If superiors do not champion IT governance, you better refrain from trying to introduce it, since it is only stressful and exhausting for everyone – for the one who attempts to introduce it and for the ones who are somehow concerned by it.’ Accordingly, we propose:
Proposition 4: The greater the top management commit- ment, the greater the ITG success.
The next success factor to ITG is persuasiveness of commu- nication. The construct refers to the extent to which the IT management has the necessary persuasiveness to establish ITG throughout the organization. Similarly, Lee et al. (2008a) highlight the need for communication in their summarized framework. Overall, this construct and its relationship to ITG success is supported by empirical evidence from 10 organizations (3, 4, 5, 6, 9, 11, 12, 13, 14, and 18). The adequacy of ITG has to be communicated to all employees. They need to understand its components and the interplay between them. In order to achieve this objective, different routes may be taken. For instance, the CEO of a manufactur- ing organization points out the importance of persuasion: ‘Even though I have the backing of the board of directors, I need to do a lot of persuading in the field. Even though formal reporting structures may sometimes be helpful, I am convinced that, at the end of the day, working with human beings is all about convincing and aligning them. If you only achieve it by drawing on formal reporting structures, escala- tions, or commands, it will not be successful for long.’ She continues: ‘I always attempted to closely integrate the business divisions by forming work groups. By forming such bodies, people can be better aligned and more readily convinced. There is a simple rule of thumb: If somebody does not gain acceptance in such a body, it is most likely an inferior solution. As soon as everyone acknowledges this, it is much easier to make an effort to return to the factual level to proceed.’ Accordingly, we propose:
Proposition 5: The greater the persuasiveness of commu- nication, the greater the ITG success.
IT’s business orientation refers to the extent to which the IT organization (and its employees) has the necessary skills and attitudes to adequately support the business function and act as business enablers. Nfuka and Rusu (2011) describe a similar aspect when they propose to encourage and support IT/business communication and partnership. This construct and its relationship to ITG success is supported by empirical evidence from eight organizations (4, 6, 7, 9, 11, 12, 18, and 19). Many interviewees highlight that IT organizations increasingly strip off the role of the ivory tower and develop toward the role of a business enabler. The executive of an IT service provider in the financial services industry comments: ‘When I took over responsibility for the IT organization, it primarily had a support function in the organization. From that point onwards, we changed it step-by-step into a consult- ing role that helps develop the organization.’ The ITG director of a consumer goods organization explains the goal of the transformation process in more detail: ‘We have to recognize
IT governance success and its impact Buchwald et al. 140
IT demands in business processes and translate those still- unstructured IT demands from business divisions into clear- cut and appropriate projects. Part of this process is to challenge those demands and thus provide consulting as to where the business may go and how IT can support the path these days.’ Accordingly, we propose:
Proposition 6: The greater the IT’s business orientation, the greater the ITG success.
Next, we describe and define the consequences of ITG success. This involves the alignment of business and IT activities, the transparency of IT costs, the transparency of IT services, the strategic controllability of IT, IT efficiency, IT effectiveness, IT risk mitigation, the facilitation of IT compli- ance, the transformational readiness of IT, and ITG success’s overall business impact.
The first consequence alignment of business and IT activities refers to the extent to which the IT activities directly or indirectly aim to satisfy business needs. By implementing a clearly defined and transparent set of structures, processes, and standards that are accepted throughout the organization and integrated into daily work routines, interviewees no longer consider business and IT to operate next to each other. Instead, they coordinate and align their goals and operations. Previous research has also pointed out that ITG success leads to a better alignment of business and IT. For instance, Guldentops (2004) also stresses the integration of business and IT activities in strategy and operations. In the same vein, empirical evidence from 10 organizations (1, 2, 3, 4, 5, 7, 8, 10, 12, and 16) in our study also confirms this consequence. Therefore, we propose:
Proposition 7: The greater the ITG success, the greater the alignment of the business and IT goals.
A second and third consequence of successful ITG is the transparency of IT costs and the transparency of IT services. Both refer to the extent to which the IT costs and the IT service portfolio are transparent. By establishing a clearly defined and transparent set of structures, processes, and standards, interviewees state that they gain transparency into the IT services offered and the overall IT costs. Interviewees highlight that, as IT has grown organically, it is often not only located in and provided by the IT organization, but is to some extent distributed among business divisions. Accordingly, knowledge about available and offered IT services is fragmen- ted. Therefore, reliable IT costs cannot be calculated. Both challenges are commonly solved by the organizations in their ITG implementations, which is why they achieve transparency into IT costs and IT services. Empirical evidence from 10 organizations (1, 4, 5, 6, 9, 10, 11, 13, 14, and 18) also strongly supports these propositions. For instance, an executive of a financial services organization states: ‘When we established our IT governance, we had two objectives in mind: to achieve transparency regarding the services’ costs and to ensure that IT no longer acted in almost complete isolation from our divisions.’ Accordingly, we propose:
Proposition 8: The greater the ITG success, the greater the transparency of the IT costs.
Proposition 9: The greater the ITG success, the greater the transparency of the IT services.
As a result of the alignment of business and IT goals, the transparency of the IT costs, and the transparency of IT services, the IT organization can be steered. The strategic controllability of IT refers to the extent to which the IT management has the information required to assess the strategic situation of the IT organization in order to improve its positioning. This allows for goal-oriented decision making within and the steering of the IT organization.
The alignment of business and IT activities helps close the gap between business and IT by increasing mutual understanding, fostering trust, and thus promoting more target-oriented results of IT. In other words, available IT resources are preferably to be assigned to and aligned with business needs. On the basis of this alignment, decisions on business initiatives impact the IT organization more directly, which increases the strategic controllability of IT. Empirical evidence from eight organizations (2, 3, 4, 5, 7, 10, 12, and 16) supports this proposition.
Proposition 10: The greater the alignment of the business and IT goals, the greater the strategic IT controllability.
By achieving transparency of IT costs and IT services, organizations’ management knows which IT services are actually provided to the business divisions as well as the cost of each of the IT services. On the basis of this transparency, meaningful decisions can be derived, which, in turn, allows management to steer the IT organization. Empirical evidence from 13 organizations (1, 2, 3, 4, 5, 6, 9, 10, 11, 13, 14, 18, and 19) supports these propositions.
Proposition 11: The greater the transparency of the IT costs, the greater the strategic IT controllability.
Proposition 12: The greater the transparency of the IT services, the greater the strategic IT controllability.
One of the results of strategic IT controllability is the efficiency of IT. The construct IT efficiency refers to the extent to which IT is able to deliver IT services quickly and cost-efficiently. Empirical evidence from 13 organizations (2, 4, 5, 7, 9, 10, 11, 12, 13, 14, 15, 16, and 18) supports this proposition. As with efficiency, the strategic controllability of IT also results in IT effectiveness. IT effectiveness refers to the extent to which IT delivers the right services to the organization in order to create value for the business. On the basis of the strategic controllability of the IT organization, which implies both the alignment of business and IT activi- ties and the transparency of IT costs and services, IT manage- ment can employ IT resources according to business needs to provide the IT services required. This leads to effective IT utilization or IT effectiveness. Empirical evidence from 10 organizations (2, 3, 4, 5, 7, 11, 12, 13, 16, and 18) supports this proposition. The head of the organization department of a financial services organization’s IT service provider highlights: ‘Both transparency and business–IT alignment are not ends in themselves, but means to achieve and/ or improve the steering. Steering, in turn, is a means to achieve economic benefits, while the overall goal is to better assign and direct our limited resources.’ Accordingly, we propose:
Proposition 13: The greater the strategic IT controllability, the greater the IT efficiency.
IT governance success and its impact Buchwald et al. 141
Proposition 14: The greater the strategic IT controllability, the greater the IT effectiveness.
In addition to the IT efficiency and IT effectiveness consequences of strategic IT controllability, interviewees also point out IT risk mitigation, which refers to the extent to which IT is able to mitigate IT risks. Lee et al. (2008b) also stresses that ITG is a means for organizations to mitigate their IT risks because vulnerability to IT failures is decreased. The more controllable the IT organization (for instance, by having clear, transparent, and established structures and processes), the better IT risks can be addressed and thus mitigated. In turn, in organizations in which IT has developed over years without ITG (where there are no clear, transparent, or established structures and processes), interviewees hold that IT risks cannot be comprehensively addressed and thus not mitigated. This consequence of strategic IT controllability is especially highlighted in the five financial services organiza- tions (organizations 2, 4, 6, 10, and 18), which supports this proposition. Accordingly, we propose:
Proposition 15: The greater the strategic IT controllability, the greater the IT risk mitigation.
Similar to IT risks, interviewees describe IT compliance as another consequence of the strategic controllability of an IT organization. IT compliance refers to the extent to which IT is able to facilitate compliance with legal and regulatory require- ments. Lee et al. (2008b) also highlight IT compliance as one of the objectives that organizations tried to achieve by implementing ITG. Financial services organizations, in parti- cular, are continuously exposed to governmental regulations. Interviewees hold that, without the strategic IT controllability, such regulations would be extremely difficult to obey and that the consequence of noncompliance would be severe. Empirical evidence from five organizations (2, 4, 6, 10, and 18) supports this proposition. The CIO of a manufacturing organization puts it in nutshell: ‘Compliance is of significance to us, even though we are not yet very good at it. The better IT governance is understood and practiced throughout the entire organization, the more likely we are to be compliant, which would in turn be good for the firm’s standing.’ Accordingly, we propose:
Proposition 16: The greater the strategic IT controllability, the greater the IT compliance.
The final consequence of the strategic IT controllability is the transformational readiness of IT. It refers to the extent to which the IT organization is able to adopt new strategic objectives. These strategic objectives may involve a merger of IT organizations or the decision to significantly change the way in which IT services are being sourced. While the construct transformational readiness of IT has, to the best of our knowledge, not yet been discussed in research on ITG, its proposition is empirically supported in three organi- zations (11, 16, and 18). An interviewee from the telecommu- nication organization concludes: ‘The ability to steer an organization ensures in case of a merger of two organizations or the acquisition of another organization that the IT services of the target organization can be more easily integrated. The process is much more efficient, since the IT governance provides a point of reference in which the third party will be integrated. Otherwise, the question in which direction the
two organizations should be heading will be raised all over again with every merger or acquisition.’ Accordingly, we propose:
Proposition 17: The greater the strategic IT controllability, the greater the transformational readiness of IT.
The chain of the ITG impact finally concludes with business impact. Business impact refers to the extent to which IT has a positive effect on corporate performance. The interviewees highlight that the efficiency of the IT organization is closely related to a positive business impact. In other words, the more efficiently the IT organization achieves its goals with the available resources in an economic and optimized manner, the better the business impact will be. The CIO of a chemical and pharmaceutical organization comments: ‘By practicing advanced IT governance, we strive to become […] more efficient, and, thus, better support our divisions.’ Empirical evidence from 11 organizations (4, 5, 7, 9, 10, 11, 12, 14, 15, 16, and 18) supports the following proposition:
Proposition 18: The greater the IT efficiency, the greater the business impact.
Moreover, interviewees point out the positive relationship between IT effectiveness and business impact. The better the IT organization provides the appropriate services to the organization, the more the organization can benefit from those services. Empirical evidence from eight organizations (3, 4, 5, 7, 11, 12, 16, and 18) supports this relationship. Therefore, we propose:
Proposition 19: The greater the IT effectiveness, the greater the business impact.
IT risk mitigation also results in a positive business impact. Interviewees summarize that IT risk mitigation often implies some short-term expenses, but saves the organization signifi- cant amounts in the mid and long term. Empirical evidence from five organizations (2, 4, 14, 16, and 18) supports this proposition. The CIO of a chemical and pharmaceutical organization provides an insight into his own organization: ‘When I started my current position, some of our business divisions used and relied on applications on ancient IT systems. Those IT systems were mission-critical, and their failure was seriously anticipated every day. Accordingly, spare parts had to be bought on a major global online marketplace since they were beyond their lifecycle and official vendors no longer stocked them. The business divisions only focused on their short-term profits, did not invest in IT, and just ignored this significant IT risk. Thereby, they increased the risk to regular business operations to such an extent that I immedi- ately had to take corrective measures.’ Accordingly, we propose:
Proposition 20: The greater the IT risk mitigation, the greater the business impact.
The second last proposition concerns IT compliance. In the investigated organizations, the IT organization is required to facilitate compliance with legal and regulatory requirements. Noncompliance with those regulations not only involves a significant financial risk, but sometimes also a major threat to the company’s continued existence. Empirical evidence from
IT governance success and its impact Buchwald et al. 142
Table 6 Constructs and their description
Construct Description
Comprehensibility of regulations
Extent to which the regulations defined by the ITG are clear, simple, and consistent, and thus understandable to the whole organization
Adequacy of regulations Extent to which ITG is designed to support the efficient steering and controlling of the IT organization
Understanding of the IT value chain
Extent to which the process of the IT value generation is understood in the IT organization
Top management commitment
Extent to which top management promotes the ITG activities by means of steering, communicating, providing resources, and advising
Persuasiveness of communication
Extent to which the IT management has the necessary persuasiveness to establish ITG throughout the organization
IT’s business orientation Extent to which the IT organization (and its employees) has the necessary skills and attitudes to adequately support the business function and act as business enablers
ITG success Extent to which a clearly defined and transparent set of structures, processes, and standards exists that is accepted throughout the organization and integrated into the daily work routines
Alignment of business and IT activities
Extent to which the IT activities directly or indirectly aim to satisfy business needs
Transparency of IT costs Extent to which the IT costs are transparent to the whole organization Transparency of IT services Extent to which the IT service portfolio is transparent to the whole organization Strategic controllability of IT Extent to which the IT management has the information required to assess the strategic situation
of the IT organization in order to improve its positioning IT efficiency Extent to which IT is able to deliver IT service quickly and cost-efficiently IT effectiveness Extent to which IT delivers the right services to the organization in order to create value for the
business IT risk mitigation Extent to which IT is able to mitigate IT risks IT compliance Extent to which IT is able to facilitate compliance with legal and regulatory requirements Transformational readiness of IT
Extent to which the IT organization is able to adopt new strategic objectives
Business impact Extent to which IT has a positive effect on corporate performance
Adequacy of Regulations
Understanding of the IT value
chain
Persuasiveness of
Communication
Top Management Commitment
Comprehen- sibility of
Regulations
IT’s Business Orientation
IT Governance Success
Alignment of Business and IT
Activities
Transparency of IT Services
Strategic Controllability
of IT
IT Risk Mitigation
IT Effectiveness
IT Efficiency
Business Impact
IT Governance Success
IT Governance Impact
Transparency of IT Costs
IT Compliance
Transformational Readiness
of IT
Figure 1 Model of ITG success and its impact.
IT governance success and its impact Buchwald et al. 143
five organizations (2, 4, 14, 16, and 18) supports this proposi- tion. Thus, we propose:
Proposition 21: The greater the IT compliance, the greater the business impact.
The last proposition concerns the link between the trans- formational readiness of IT and business value. The better an IT organization is prepared for a transformation, the less the management is constrained in its strategic decision-making process and the more strategic decision-making alternatives it has available. Multiple options allow the management to opt for the best strategic alternative, which results in the highest business value possible. Empirical evidence from three orga- nizations (11, 16, and 18) supports this proposition. Inter- viewees highlight: ‘The objective of our IT governance is to prepare the IT organization for the challenges ahead and for acquisitions in the time to come. This way, we have target architectures available in which acquired organizations are integrated.’ Thus, we propose:
Proposition 22: The greater the transformational readiness of IT, the greater the business impact.
The introduced constructs (summarized in Table 6) and propositions based on the 25 interviews of our study are synthesized into an ITG model that portrays both antecedents of ITG success and its impact on the business. More precisely, we propose a model that describes how the various observed constructs are interrelated and how they contribute to or result from successful ITG (Figure 1).
Discussion and conclusion This study was carried out as an integral part of an ongoing research program to understand how ITG helps organizations handle the growing complexity of managing corporate IT departments in the context of an increasing business orienta- tion. We consequently set out to identify the factors that influence and result from successful ITG and to understand how knowledge of these factors can be translated into a model for explaining ITG success and its impact. On the one hand, our results advance the theoretical discourse on ITG. On the other hand, practitioners will benefit from this model, because it enables them by drawing on the ITG success determinants that we propose in our model to better set up and develop ITG, as well as to understand and promote its potential impact. We explicitly address ITG from an end-to-end perspective, that means starting with ITG success determinants and their subsequent impact, in order to provide practitioners with a holistic view on ITG. We subsequently discuss both our practical and research contributions and show how each of them contributes to achieving a more effective IS organization, which ultimately leads to real business value.
In terms of managerial implications, we find that most IT decision makers in our study recognize ITG’s potential and importance for the future development of their IT organizations. However, most of them also acknowledge that the status quo of the implementation is retrogressing. Accordingly, we suggest increasing the relative importance of ITG by showing active management support. This involves empowering and cham- pioning the ITG implementation project as well as continuously ensuring sufficient resources. This requires a sufficient budget
and competent people, since ITG, as one interviewee puts it, cannot be developed and implemented ‘on Friday afternoons.’
Second, managers should proactively strive to achieve the commitment of their business divisions. As our interviewees point out, insufficient commitment is likely to become a showstopper, especially if the business divisions are rather autonomous in the overall hierarchy. To overcome this chal- lenge, interviewees were particularly successful at starting work groups in which they discuss the appropriate depth and breadth of ITG’s scope. By choosing this approach, managers are found to be more likely to avoid the ‘not-invented-here’ syndrome. We discovered that, in such work groups, it is much easier to convey the reasons why, for instance, the IT personnel next door should not be directly approached (e.g., for implementing new IS functionality), but why an intermediary (ITG) is beneficial to the overall organization in the long run.
As a third implication, managers should work toward changing business divisions’ perception of the IT organization to that of a business-enabler. By and large, the interviewees in our study describe that their IT organizations used to be perceived as a group of narrowly focused IT specialists in an ivory tower, which changed in the course of the ITG imple- mentation in a sustainable manner. In other words, if applied with good judgment, managers may benefit from the oppor- tunity to implement a successful ITG whose consequences, as our model illustrates, will result in increased business value.
Our investigation also contributes to research in multiple ways. While previous studies have investigated individual aspects of ITG success and its impact, none have combined these factors into a comprehensive and integrated model that would lead to a more complete understanding of the ITG concept. Therefore, we empirically investigated relevant fac- tors that influence and result from successful ITG. Part of this undertaking was to reconciliate the different notions of and fragmented research on ITG.
Our research identified several constructs and relationships that are strongly supported by empirical evidence, three of which previous research – to our knowledge – has not investigated. Specifically, we identified two new constructs, namely, the adequacy of regulations and the understanding of the IT value chain, as two major antecedents of successful ITG. Even though the idea of adequate regulations is popular in other streams of research (conceptualized as the degree of organizational leeway or empowerment; e.g., Psoinos et al., 2000), the construct has not received the attention in research on ITG, which the strong empirical grounding of this construct in our study suggests. We therefore propose including this construct in future research on ITG. Second, we found the understanding of the IT value chain to be an additional important success determinant for successful ITG. It involves that the IT organization is aware how the IT processes with its respective predecessors and successors engage with one another. As a result, a meaningful ITG can be defined which is in accordance with the value chain of the IT organization.
Finally, we discovered an innovative impact of ITG, namely, the transformational readiness of IT. This impact describes how ITG improves the transformational readiness of IT organizations. Structures, processes, and procedures are not only available, but actively support the transformation of the IT organization toward the new strategic objectives. ITG provides a reference framework that can be leveraged for
IT governance success and its impact Buchwald et al. 144
business value, for instance in case of mergers or acquisitions. While there is research on IT transformation itself (e.g., Möller et al., 2011), it has not yet been discovered and discussed as a consequence of ITG, which is why we suggest including it in future research endeavors. Before discussing suggestions for future research, we acknowledge a few limita- tions. The generalizability of our results is limited due to the qualitative approach based on convenience sampling. How- ever, despite the variation in the interviewees’ companies, we did find stable elements and relationships. While acknowl- edging that our results must be tested on a larger sample, we believe that the model developed is a promising basis for future research on the success and impact of ITG.
Future research activities should comprise the testing of our inductive propositions by means of a large-scale quantitative study that includes structural equation modeling (Straub et al., 2004; Urbach and Ahlemann, 2010). While we recognize the substantial work that remains to be done in the context of operationalizing our constructs and collecting survey data, testing our propositions will produce a deeper understanding of how the various concepts relate to one another in an integrated model of ITG success and its impact.
Acknowledgements We thank the Institute for Research on Information Systems at EBS Business School and the CIO & Project Advisory competence center of Horváth & Partners Management Consultants for supporting the empirical study presented in this paper.
References
Ali, S. and Green, P. (2005). Determinants of Effective Information Technology Governance: A study of IT intensity, in Proceedings of the International IT Governance Conference; Auckland, New Zealand.
Ali, S. and Green, P. (2007). IT Governance Mechanisms in Public Sector Organisations: An Australian context, Journal of Global Information Management 15(4): 41–63.
Benbasat, I., Goldstein, D. and Mead, M. (1987). The Case Research Strategy in Studies of Information Systems, MIS Quarterly 11(3): 369–386.
Bowen, P.L., Cheung, M.-Y.D. and Rohde, F.H. (2007). Enhancing IT Governance Practices: A model and case study of an organization’s efforts, International Journal of Accounting Information Systems 8(3): 191–221.
Brown, A.E. and Grant, G.G. (2005). Framing the Frameworks: A review of IT governance research, Communications of the AIS 15: 696–712.
Brown, C.V. (1997). Examining the Emergence of Hybrid IS Governance Solutions: Evidence from a single case site, Information Systems Research 8(1): 69–95.
Buckby, S., Best, P. and Stewart, J. (2008). The Current State of Information Technology Governance Literature, in A. Cater-Steel (ed.) Information Technology Governance and Service Management Frameworks and Adaptations, Hershey, PA: Idea Group Publishing, pp. 1–43.
Cubeles-Márquez, A. (2008). IT Project Portfolio Management – The strategic vision of IT projects, European Journal for the Informatics Professional 9(1): 31–36.
De Haes, S. and Van Grembergen, W. (2008). An Exploratory Study into the Design of an IT Governance Minimum Baseline through Delphi Research, Communications of AIS 2008(2): 443–458.
De Haes, S. and Van Grembergen, W. (2009a). An Exploratory Study into IT Governance Implementations and Its Impact on Business/IT Alignment, Information Systems Management 26(1): 123–137.
De Haes, S. and Van Grembergen, W. (2009b). Exploring the Relationship between IT Governance Practices and Business/IT Alignment through Extreme Case Analysis in Belgian Mid-to-Large Size Financial Enterprises, Journal of Enterprise Information Management 22(5): 615–637.
Dooley, L.M. (2002). Case Study Research and Theory Building, Advances in Developing Human Resource 4(3): 335–354.
Eisenhardt, K.M. (1989). Building Theories from Case Study Research, Academy of Management Review 14(4): 532–550.
Eisenhardt, K.M. (1991). Better Stories and Better Constructs: The case for rigor and comparative logic, Academy of Management Review 16(3): 620–627.
Fröhlich, M., Glasner, K., Goeken, M. and Johannsen, W. (2007). Sichten Der IT-Governance, IT-Governance 1(1): 3–8.
Garrity, J. (1963). Top Management and Computer Profits, Harvard Business Review 41(4): 6–174.
Guldentops, E. (2004). Key Success Factors for Implementing IT Governance: Let’s not wait for regulators to tell us what to do, Information Systems Control Journal 2: 22–23.
Heart, T., Maoz, H. and Pliskin, N. (2010). From Governance to Adaptability: The mediating effect of IT executives’ managerial capabilities, Information Systems Management 27(1): 42–60.
Henderson, J.C. and Venkatraman, N. (1993). Strategic Alignment: Leveraging information technology for transforming organizations, IBM Systems Journal 31(1): 4–16.
Huang, R., Zmud, R.W. and Price, R.L. (2010). Influencing the Effectiveness of IT Governance Practices through Steering Committees and Communication Policies, European Journal of Information Systems 2010(19): 288–302.
IT Governance Institute (ITGI) (2003). Board Briefing on IT Governance, 2nd edn, Rolling Meadows: IT Governance Institute.
IT Governance Institute (ITGI) (2007). Cobit 4.1: Framework, control objectives, management guidelines, maturity models, Rolling Meadows: IT Governance Institute.
Klein, H.K. and Myers, M.D. (1999). A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems, MIS Quarterly 23 (1): 67–93.
Lazic, M., Groth, M., Schillinger, C. and Heinzl, A. (2011a). The Impact of IT Governance on Business Performance, in Proceedings of the 17th Americas Conference on Information Systems, 4–7 August, Detroit, Michigan.
Lazic, M., Heinzl, A. and Neff, A. (2011b). IT Governance Impact Model: How mature IT governance affects business performance. Sprouts: Working Papers on Information Systems, 11(147): 1–43.
Lee, C.-H., Lee, J.-H., Park, J.-S. and Jeong, K.-Y. (2008a). A Study of the Causal Relationship between IT Governance Inhibitors and ITs Success in Korea Enterprises, in Proceedings of the 41st Hawaii International Conference on System Sciences, Big Island, Hawaii, USA.
Lee, J., Lee, C. and Jeong, K.-Y. (2008b). Governance Inhibitors in IT Strategy and Management: An empirical study of Korean enterprises, Global Economic Review 37(1): 1–22.
Liang, T.-P., Chiu, Y.-C., Wu, S.P.J. and Straub, D. (2011). The Impact of IT Governance on Organizational Performance, in Proceedings of the 17th Americas Conference on Information Systems; Detroit, Michigan.
Loh, L. and Venkatraman, N. (1992). Diffusion of Information Technology Outsourcing: Influence sources and the kodak effect, Information Systems Research 3(4): 334–358.
Meyer, M., Zarnekow, R. and Kolbe, L.M. (2003). IT-Governance: Begriff, Status quo und Bedeutung, Wirtschaftsinformatik 45(4): 445–448.
Möller, D., Legner, C. and Heck, A. (2011). Understanding IT Transformation – An explorative case study, in Proceedings of the 19th European Conference on Information Systems (ECIS 2011); Helsinki, Finland.
Nfuka, E. and Rusu, L. (2010). Critical Success Factors for Effective IT Governance in the Public Sector Organizations in a Developing Country: The case of Tanzania, in Proceedings of the European Conference on Information Systems; Pretoria, South Africa.
Nfuka, E.N. and Rusu, L. (2011). The Effect of Critical Success Factors on IT Governance Performance, Industrial Management & Data Systems 111(9): 1418–1448.
Olson, M.H. and Chervany, N.L. (1980). The Relationship between Organizational Characteristics and the Structure of the Information Services Function, MIS Quarterly 4(2): 57–69.
Peterson, R. (2004). Crafting Information Technology Governance, Information Systems Management 21(4): 7–22.
Psoinos, A., Kern, T. and Smithson, S. (2000). An Exploratory Study of Information Systems in Support of Employee Empowerment, Journal of Information Technology 15(3): 211–230.
Ribbers, P.M., Peterson, R.R. and Parker, M.M. (2002). Designing Information Technology Governance Processes: Diagnosing contemporary practices and competing theories, in Proceedings of the 35th Hawaii International Conference on System Sciences; Big Island, Hawaii, USA.
IT governance success and its impact Buchwald et al. 145
Sambamurthy, V. and Zmud, R.W. (1999). Arrangements for Information Technology Governance: A theory of multiple contingencies, MIS Quarterly 23(2): 261–291.
Segars, A.H. and Hendrickson, A.R. (2000). Value, Knowledge, and the Human Equation: Evolution of the information technology function in modern organizations, Journal of Labor Research 21(3): 431–445.
Sethibe, T., Campbell, J. and McDonald, C. (2007). IT Governance in Public and Private Sector Organizations: Examining the differences and defining future research directions, in Proceedings of the 18th Australasian Conference on Information Systems; Toowoomba, Australia.
Simonsson, M. and Johnson, P. (2005). Defining IT Governance – A consolidation of literature, Stockholm, Sweden: KTH Royal Institute of Technology.
Simonsson, M., Johnson, P. and Ekstedt, M. (2010). The Effect of IT Governance Maturity on IT Governance Performance, Information Systems Management 27(1): 10–24.
Straub, D., Boudreau, M.-C. and Gefen, D. (2004). Validation Guidelines for IS Positivist Research, Communications of the AIS 13: 380–427.
Suddaby, R. (2010). Construct Clarity in Theories of Management and Organization, Academy of Management Review 35(3): 346–357.
Urbach, N. and Ahlemann, F. (2010). Structural Equation Modeling in Information Systems Research Using the Partial Least Squares Approach, Journal of Information Technology Theory and Application 11(2): 5–40.
Van Grembergen, W. (2002). Introduction to the Minitrack ‘IT Governance and its Mechanisms’, in Proceedings of the 35th Hawaii International Conference on System Sciences; Big Island, Hawaii, USA.
Van Grembergen, W., De Haes, S. and Guldentops, E. (2004). Structures, Processes and Relational Mechanisms for IT Governance, in W. Van Grembergen (ed.) Strategies for Information Technology Governance, Hershey, PA: IGI Publishing, pp. 1–36.
Webb, P., Pollard, C. and Ridley, G. (2006). Attempting to Define IT Governance: Wisdom or folly? in Proceedings of the 39th Hawaii International Conference on System Sciences; Kauai, Hawaii, USA.
Weill, P. (2004). Don’t Just Lead, Govern: How top-performing firms govern IT, MIS Quarterly Executive 3(1): 1–17.
Weill, P. and Ross, J.W. (2004). IT Governance – How top performers manage IT decision rights for superior results, Boston: Harvard Business School Press.
Wu, W.W., Lin, S.-H., Cheng, Y.-Y., Liou, C.-H., Wu, J.-Y., Lin, Y.-H. and Wu, F.H. (2006). Changes in Mis Research: Status and themes from 1989 to 2000, International Journal of Information Systems and Change Management 1(1): 3–35.
Yin, R.K. (2009). Case Study Research – Design and methods, Thousand Oaks: Sage Publications.
Zwicky, F. (1967). The Morphological Approach to Discovery, Invention, Research and Construction, in F. Zwicky and A. Wilson (eds.) New Methods of Thought and Procedure, Berlin Heidelberg: Springer, pp. 273–297.
About the Authors
Arne Buchwald is a Doctoral Student and Research Assistant at the University of Bayreuth, Germany. Previously, he was a Research Assistant at EBS Business School in Wiesbaden, Germany. Additionally, he is a consultant with Horváth & Partners Management Consultants. He studied business administration from 2006 to 2009 at EBS Business School and proceeded with his master studies at the School of Business and Economics at Maastricht University, The Neth- erlands. During his study, he gained hands-on experience, both at home and abroad, at a consultancy and at an IT service provider. His recent research focuses on project portfolio management, IT governance, and cloud computing. His work has been published in internationally renowned conference proceedings, such as the International Conference on Infor- mation Systems (ICIS) and the European Conference on Information Systems (ECIS).
Nils Urbach is a Professor of Information Systems and Strategic IT Management at the University of Bayreuth.
Furthermore, he is Deputy Director of the Finance & Informa- tion Management Research Center and the Project Group Business & Information Systems Engineering of Fraunhofer FIT. Before, he held the position of an Assistant Professor at EBS Business School in Wiesbaden, where he was head of the Strategic IT Management Competence Center at the Institute of Research on Information Systems. He also received his doctorate from EBS. Furthermore, he holds a diploma in information systems from the University of Paderborn. He gathered international experience during his research stays at the University of Pittsburgh and at Université de Lausanne. Complementary to his academic work, he was Consultant with Horváth & Partners and Accenture. In research and teaching, he mainly addresses questions in the areas of strategic IT management as well as communication and IT- based collaboration. In recent research projects, he is engaged in topic such as IT governance, IT outsourcing, and project portfolio management, among others. His work has been published in several international journals and in the proceed- ings of key international conferences.
Frederik Ahlemann obtained an Information Systems Diploma from the University of Münster, Germany, and worked as a Project Management Consultant for 2 years. Following this period, he joined the Faculty of Economics and Business Administration at the University of Osnabrück, where he obtained his doctorate in 2006. He subsequently joined the European Business School, Germany, as an Assistant Professor where he headed a competence center for strategic IT/IS management. In 2012, he was appointed full professor at the University of Duisburg-Essen, Germany, where he holds the Information Systems and Strategic IT Management chair. His research interests are project portfolio management, enterprise architecture management, and IS strategy. His projects are funded by major German enterprises from the automotive, software, and professional services industries. He has authored and co-authored more than 80 scientific and professional publications, has won several research and teach- ing awards, and is a renowned speaker and consultant.
Appendix
Interview guide
Demographic details
1. Interview partner
a. What is your name? b. In which department are you employed? c. What is your role in the company? d. How many subordinates do you have? e. How long have you been working for this company? f. How would you rate your experience in the field of ITG
(on a scale of 0 [low] to 5 [high])?
2. Company
a. What is the name of your company? b. To which industry does your company belong? c. Over how many locations is your company spread?
International subsidiaries?
IT governance success and its impact Buchwald et al. 146
d. How many people are employed in your company? e. How high were the sales of your company in the last
financial year?
3. IT organization
a. How many employees (internal, external) can be attrib- uted to the IT organization of your company?
b. How much were the total IT costs (expenses for internal and external services) for the last financial year? More IT outsourcing in the past years?
c. Does the IT organization of your company provide services for external customers?
d. What is the legal structure of the IT organization (business division/department, group, separate entity, etc.)?
e. How is the IT organization organized (cost center, service center, profit center, etc.)?
f. To whom does the CIO report in your company? g. Does the IT organization create value for your company
(on a scale of 0 [low] to 5 [high])? h. How would you estimate the customers’ appreciation of
IT (on a scale of 0 [low] to 5 [high])?
Interview questions
1. Understanding
a. What does ITG mean to you personally? b. According to your individual understanding, what are
the most important elements and topics of ITG? c. How is the term ITG defined in your company? d. Where do you draw the line between ITG, IT strategy,
and IT management?
2. Level of implementation
a. How would you characterize ITG in your company? b. How would you characterize the degree of matu-
rity of ITG in your company (according to CoBIT)? What are open topics in the field of ITG in your company?
c. Does your company have documentation for ITG? Would you make this available to us?
d. Is ITG in your company defined as a part of corporate governance or is it derived from it?
e. What methods and standards of ITG are used in your company (CoBIT, ITIL, etc.)?
f. Who is responsible for ITG in your company? Dedicated function of ITG? Management staff unit or line func- tion? In your opinion, who in your company should be responsible for ITG?
g. How would you assess the significance of the topic of ITG in your company?
3. Development
a. How has ITG in your company developed over the past years?
b. What challenges or problems were faced regarding the establishment or development of ITG?
c. Are there currently any projects or other initiatives dealing with ITG in your company?
d. Is there a concrete plan for developing ITG in your company?
4. Goals and benefits
a. What goals have been pursued to establish the current corporate governance in your company? Which of these goals have actually been achieved?
b. From your perspective, what are the potential benefits of ITG in general?
c. From your point of view, when is ITG successful? How can the potential benefits of ITG be achieved best?
d. In your opinion, by how far does ITG have the potential to positively influence the performance of the IT organization and of the company?
5. Success and contextual factors
a. From your point of view, what are the most important critical success factors of ITG?
b. From your point of view, what are the most important critical constraining factors of ITG?
c. From your perspective, how do contextual factors influence ITG? What are the most important contextual factors from your point of view?
d. How important do you consider an improved under- standing of the success and constraining factors of ITG?
Finally, are there any further comments or suggestions you would like to make with regard to the topic of ITG?
IT governance success and its impact Buchwald et al. 147
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
- Business value through controlled IT: toward an integrated model of IT governance success and its impact
- Introduction
- Foundations
- IT governance
- ITG success determinants
- Table 1
- Consequences of ITG success
- Table 2
- Methods
- Research approach
- Data collection
- Table 3
- Data analysis
- Table 4
- Empirical findings
- Understanding of ITG
- Table 5
- Trigger for ITG
- Implementation of ITG
- Organizational impact of ITG
- Model development
- Table 6
- Figure 1Model of ITG success and its impact.
- Discussion and conclusion
- We thank the Institute for Research on Information Systems at EBS Business School and the CIO & Project Advisory competence center of Horváth & Partners Management Consultants for supporting the empirical study presented in this pa
- ACKNOWLEDGEMENTS
- AliS.GreenP.2005Determinants of Effective Information Technology Governance: A study of IT intensity, in Proceedings of the International IT Governance Conference; Auckland, New ZealandAliS.GreenP.2007IT Governance Mechanisms in Public Sector Organisation
- About the Authors
- Appendix
- Interview guide
- Demographic details
- Interview questions