Research Paper on the attached document - ICT Governance
Smart2211
ICTGovernanceAreferenceframework.pdf
Information Systems Management, 30:150–167, 2013 Copyright © Taylor & Francis Group, LLC ISSN: 1058-0530 print / 1934-8703 online DOI: 10.1080/10580530.2013.773808
ICT Governance: A Reference Framework
Raffaello Balocco, Alessia Ciappini, and Andrea Rangone Department of Management, Economics and Industrial Engineering Politecnico di Milano, Milan, Italy
This article deals with information and communication tech- nology (ICT) governance, a topic that has been discussed in the literature over the last 20 years. In order to offer a conceptualized view of the ICT governance models adopted by companies, a the- oretical framework has been developed. A review of the available literature dealing with ICT governance, as well as a critical analy- sis of 27 case studies, was carried out, with the aim of highlighting the variables of the proposed framework.
Keywords ICT; information and communication technology; ICT strategic role; ICT governance; ICT-business alignment; ICT decisions; ICT governance actors; ICT governance decision-making mechanisms
INTRODUCTION The role of information and communication technology
(ICT) within companies has undergone major changes in the last 15 years. Many companies from various industries and geographical locations are affected by the growing importance of ICT, which is recognized as an important lever to support enterprise processes, increase the effectiveness of products and services, and enable important strategic and organizational changes.
The increasing importance of ICT in a company’s corpo- rate strategy and, consequently, the growing role of the Chief Information Officers [CIO] in the definition and achievement of the strategic goals, requires—in the management of ICT—the involvement and the joint efforts of managers belonging to both the ICT department and to other organizational areas (Boynton, Jacobs, & Zmud, 1992; Kearns & Sabherwal, 2007; McFarlan & Nolan, 2005).
In the last years, the studies have begun to shift the focus toward important ICT-related issues, such as capabilities, orga- nizational models, governance, and management activities, all of which explain how the companies can exploit ICT’s business
Address correspondence to Raffaello Balocco, Department of Management, Economics and Industrial Engineering Politecnico di Milano, Via Lambruschini, 4b - 20156 Milan, Italy. E-mail: Raffaello. [email protected]
potential (De Haes & Van Grembergen, 2009; Peterson, 2004; Rockart, Earl, & Ross, 1996).
In today’s information-intensive environment, companies need to align ICT strategy with corporate strategy, in order to attain business goals, optimize information value, and cap- italize on the use of technology (Balocco, Perego, & Perotti, 2010; Chan & Reich, 2007; Cohen & Toleman, 2006; Corso, Martini, & Balocco, 2008). In order to guarantee a true align- ment between ICT and business, increasing attention should be paid to “ICT governance” (Broadbent & Weill, 2003; Robinson, 2007; Symons, 2004). There are several contributions in the literature which address ICT governance issues from varying perspectives. In this article, ICT governance is defined as how ICT decisions are made within a company. This definition requires all those company members involved in ICT-related decision-making processes (i.e., the Chief Executive Officer [CEO], all the C-levels, the CIO, the ICT suppliers, the ICT users) to be included when analyzing ICT governance (Rau, 2004; Xue, Liang, & Boulton, 2008). The ultimate goal of ICT governance is to guarantee that ICT support the achievement of company business goals through value-added contributions that balance the risks and returns (Bowen, Cheung, & Rohde, 2007; Peterson, 2004).
Starting from a literature analysis and the observation of 27 real cases, this article proposes a framework that details all the important variables to be considered in designing (ex ante) or analyzing (ex post) the ICT governance of a specific com- pany. In particular, these variables are grouped in the following main categories (Boynton et al., 1992; Huang, Zmud, & Price, 2010; Monnoyer & Willmott, 2005; Weill & Ross, 2004):
• the actors involved in the decision-making process (e.g., CIO, CEO, top managers from the ICT depart- ment, top managers and key users from the Lines of Business, etc.);
• the ICT decision-making areas (e.g., ICT strategic plan proposal and approval, ICT budget definition and approval, specific ICT investment proposal and approval, etc.);
• the decision-making mechanisms (e.g., hierarchical centralization, decentralization, etc.);
150
ICT GOVERNANCE: A REFERENCE FRAMEWORK 151
• the prevalent governance styles (e.g., autocratic gover- nance style, participatory style, ICT centric style, etc.).
CONCEPTUALIZING ICT GOVERNANCE: CONTRIBUTIONS IN THE LITERATURE
The literature dealing with ICT governance is rich and well- developed, as the topic has been discussed since the beginning of the 1990s (Boynton et al., 1992; De Haes & Van Grembergen, 2006; Duffy, 2005; Huang et al., 2010; Monnoyer & Willmott, 2005; Robinson, 2007; Weill & Ross, 2005; Willcocks, Feeny, & Olson, 2006). Some studies focus on ICT governance as an offshoot of the more general discussion on corporate gover- nance (Gillan, 2006; Kay & Silberston, 1995; Monks, 2002). Other authors analyze ICT governance as a fundamental lever to guarantee better alignment between ICT and the business goals (Bowen et al., 2007; Chan & Reich, 2007; Dahlberg & Kivijarvi, 2006; Peterson, 2004).
ICT Governance Definitions Several articles in the literature over the last 20 years
have attempted to provide an exhaustive definition of ICT governance. Some authors consider ICT governance from an organizational and managerial point of view, analyzing the ICT processes that sustain a company’s strategic goals (Cater- Steel, 2009; De Haes & Van Grembergen 2009; Monnoyer & Willmott, 2005). In this light, Monnoyer and Willmott (2005) state that “Most companies have such frameworks—commonly referred to as IT governance—in place today. In the best cases these systems help IT and business work together to make smarter IT investments that deliver real value” (para. 33).
Other authors (Boynton et al., 1992; Huang et al., 2010; Peterson, 2004; Symons, 2004; Weill & Ross, 2004) view ICT governance as the way to define ICT decision-making rights and responsibilities in order to guarantee the correct use of tech- nologies within a company. Weill and Ross (2004) define IT governance as “specifying the decision rights and the account- ability framework to encourage desirable behaviour in using IT” (p. 8). Symons (2004) refers to IT governance as “the process by which decisions are made around IT investments. How decisions are made, who makes the decisions, who is held accountable, and how the results of decisions are measured and monitored are all parts of IT governance” (p. 1).
Even in practitioner literature, various ICT governance defi- nitions and frameworks can be pointed out. For instance, within the Control Objectives for Information and related Technology (COBIT) framework1, Van Grembergen and De Haes (2009) define the Enterprise governance of IT as the “the definition and implementation of processes, structures and relational mecha- nism that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of value from IT-enabled business investments” (p. 3).
The analysis of academic and practitioner literature reveals the lack of a common and accepted definition of ICT governance. Some authors focus on the process related to ICT
decisions, while others adopt a broader perspective considering the management of ICT processes.
In this article, ICT governance is defined as how ICT deci- sions are taken within a company. In more detail, we define ICT governance as: “the control of ICT decisions in order to ensure their alignment with corporate objectives, and the conse- quent distribution of decision-making rights and responsibilities among the various actors within and outside the ICT depart- ment.” Our choice is made considering the difference between ICT governance and ICT management, highlighted by a num- ber of authors: ICT governance is about decision rights and responsibilities, whereas ICT management refers to the imple- mentation of specific ICT decisions (Boynton et al., 1992; Huang et al., 2010; Peterson, 2004; Robinson, 2007; Weill & Ross, 2004).
Company Actors Involved in ICT Decisions In the literature analyzed, three groups of actors involved
in ICT decisions are considered, each with varying degrees of authority: corporate ICT, divisional ICT, and line management (Bowen et al., 2007; Brown & Magill, 1994; Huang et al., 2010; Robinson, 2007; Sambamurthy & Zmud, 1993; Sambamurthy & Zmud, 1999). A recent study of ICT governance models in the health sector extends these categories of actors to top man- agement, IT professionals, administrative staff, and business line managers (Xue et al., 2008). Recent literature publications reveal that an increasing number of company employees are involved in ICT governance issues, due also to the fact that ICT has become a strategic and pervasive lever within company activities (Ribbers, Peterson, & Parker, 2002).
ICT Decision-Making Areas A number of studies highlight the various ICT activi-
ties which must be controlled by specific actors in order to guarantee real support from ICT to the company busi- ness. A widely accepted classification considers three cat- egories of ICT activities: IT infrastructure management, IT use management, and project management (Weill & Ross, 2005). IT infrastructure management involves decisions that address the nature of hardware and software platforms, annual enhancements to these platforms, the nature of network and data architectures, and the corporate standards for procure- ment and deployment of IT assets. IT use management con- cerns decisions that address application prioritization, short- term and long-term planning, budgeting, and the day-to-day delivery of operations and services. Project management deals with blending the knowledge of IT infrastructure capabil- ities and capacities with the expertise associated with the conceptualization, acquisition, development, and deployment of information system applications (Sambamurthy & Zmud, 1993; von Simson, 1990; Walz, Elam, & Curtis, 1993; Wilder, 1990).
More recent publications have expanded this first classifica- tion, in order to consider other ICT decision-making areas: IT
152 R. BALOCCO ET AL.
principles management, which clarifies the business role of IT; IT architecture management, which aims to define integration and standardization requirements; IT infrastructure manage- ment, which determines shared services and enables these facilities; business application needs management, which speci- fies the business needs for purchased or internally developed IT applications; and IT investment and prioritization management, which attempts to identify the projects to be funded (Korac- Kakabadse & Kakabadse, 2001; Peterson, 2004; Weill & Ross, 2004; Xue et al., 2008).
ICT Governance Models: The Allocation of Responsibility for the Various ICT Decisions
For more than two decades, discussions concerning the characteristics of ICT governance models have flourished in academic and practitioner communities. Three main ICT gov- ernance models can be identified (Bowen et al. 2007; Huang et al., 2010; Sambamurthy & Zmud, 1999).
• the centralized governance model: in this case, the head of the ICT department controls all the main issues related to the ICT activities;
• the decentralized governance model: the divi- sions of the ICT department and the Lines of Business management assume authority over all ICT operations;
• the federal governance model: both the head of the ICT department and the Lines of Business control specific issues related to ICT activities (Brown & Magill, 1994; Kayworth & Sambamurthy, 2000; LaPlante, 1991; von Simson, 1990).
Posed as a question of centralization during the 1970s, ICT governance drifted towards decentralization in the 1980s, and back to centralization in the 1990s (Peterson, O’Callaghan, & Ribbers, 2000). As the network economy is developing, there is evidence that decentralized ICT governance is, once again, best suited to align ICT to business objectives (Herman, 1999). A number of authors point out that ICT governance is indeed undergoing another redesign phase and continues to be a com- plex and evolving phenomenon (Huang, Zmud, & Price, 2009; Schwarz & Hirschheim, 2003; Van Grembergen, De Haes, & Guldentops, 2003; Xue et al., 2008).
ICT Governance Archetypes In discussing the question of the centralization and decentral-
ization of ICT governance models, some authors have adopted a more detailed approach, identifying the archetypes for allo- cating decision-making rights, mixing “governance models” (centralized, decentralized, etc.) and the actors involved (De Haes & Van Grembergen, 2009; Weill & Ross, 2004; Xue et al., 2008; Zmud, 1988). The political archetypes—monarchy, feudal, federal, duopoly and anarchy—are referred to by these studies and are defined as follows:
• business monarchy, when a group of business exec- utives or individual executives have decision-making rights;
• IT monarchy, when this role is assigned to individuals or groups of ICT executives;
• feudal, when business unit leaders, key process own- ers, or their delegates make the decisions;
• federal, when the C-level executives and business groups are involved (this may also include ICT execu- tives);
• IT duopoly, when IT executives and one other group (e.g. CxO or business unit or process leaders, etc.) have the decision-making rights;
• anarchy, when the decision-making role is assigned to each individual user.
Factors Influencing the ICT Governance Models A number of authors have examined how the design of a spe-
cific ICT governance model is influenced by a variety of factors, including industry-related factors (Clark, 1992), company size (Brown & Magill, 1994; Clark, 1992; Tavakolian, 1989), a com- pany’s corporate strategy (Brown & Magill, 1994; Peterson, Parker, & Ribbers, 2002; Tavakolian, 1989) and its organiza- tional structure (Brown & Magill, 1994; Olson & Chervany, 1980; Tavakolian, 1989). Moreover, researchers highlight that the corporate governance model can significantly influence ICT governance. Companies that have centralized their corpo- rate governance also tend to centralize their ICT governance (Brown & Magill, 1994; Leifer, 1988; Olson & Chervany, 1980; Tavakolian, 1989). Another result shows that when companies seek to exploit economies of scope through ICT assets, the primary logic is that the ICT assets dispersed across the organi- zation must be consolidated and managed through a centralized entity (e.g. corporate ICT; von Simson, 1990; Wilder, 1990). Efforts to achieve such objectives generally benefit from cen- tralized governance arrangements. Although these researches have increased the understanding of the factors influencing a company’s choice of ICT governance, the vast majority of prior studies have focused on the individual impacts of specific con- tingency factors. However, the evolution of ICT governance actually depends on the confluence of many contingency factors that interact with one another. In this perspective, the theory of multiple contingencies has been used (for example, by Gresov, 1989) to explain how several contingency forces actively influ- ence a company’s ICT governance models (Brown & Magill, 1998; Sambamurthy & Zmud, 1999; Weill & Ross, 2005).
RESEARCH OBJECTIVES Starting from a literature analysis and from the observation
of 27 real cases, this article proposes a framework that details all the important variables to be considered in designing (ex ante) or analyzing (ex post) the ICT governance of a specific
ICT GOVERNANCE: A REFERENCE FRAMEWORK 153
company. Moreover, the article shows how a “contextual fac- tor” (i.e., the role played by ICT in a company) may impact the characteristics of the ICT governance model implemented.
Research Methodology The research is based on a literature analysis and on case
studies, defined by Yin (2003) as “empirical inquiries that investigate a contemporary phenomenon within its real-life con- text, especially when the boundaries between phenomenon and context are not clearly evident” (p. 116).
Since the objective of the present work is to highlight all the variables to be considered in designing (ex ante) or ana- lyzing (ex post) the ICT governance of a specific company, this methodology is appropriate for two reasons. First, through the case studies, we can obtain both qualitative and quantitative data by combining different data collection methods (i.e., interviews, archives, qualitative and quantitative observations; Eisenhardt, 1989). Second, the case study research method is well suited to provide complete descriptions (Kidder, 1982) and to generate theory (Gersick, 1988).
When using a case study research method, at least three spe- cific choices have to be made: first, the number of studies to carry out, second, the type of study (explanatory, descriptive and exploratory; Kinnear and Taylor, 1996), third, the selec- tion of the companies to be analyzed. In this study, multiple, exploratory case studies seem to be appropriate, since we seek a comprehensive in-depth analysis of an area of literature hereto- fore covered in a fragmented and, in many cases, incomplete way. Despite their complexity, multiple case studies are valu- able when the amounts of data required for statistical analyses are either not necessary, not available, or simply too expensive to collect (Andersen, 1997). The selection of the companies to be analyzed was made on the basis of the companies’ size (i.e., large companies with more than 500 million Euros and more than 1000 employees were selected, since ICT governance issues can be easily analyzed) and on the basis of the sector (i.e. companies belonging to various sectors were selected, in order to guarantee a range of different cases and perspectives regarding the role of ICT in supporting business).
Designing the Research As suggested by Yin (2003), we first identified the research
questions. Given the research objectives, the research questions are:
• What are the elementary variables that constitute an ICT governance model?
• Is it possible to define a comprehensive framework that links together all the variables?
• What are the main factors (both internal and exter- nal) that influence the ICT governance frameworks in different companies?
Conducting the Case Studies A total of 32 semi-structured interviews were carried out in
27 Italian companies from different industries (see Table 1, in the Appendix). The concept of population is crucial, as it defines the set of entities from which the research sample is drawn (Yin, 2003).
The cases were not selected randomly, because, as Pettigrew (1988) noted, with the limited number of cases that can usually be studied, it makes sense to choose examples of particular sit- uations or polar types in which the topic under examination is “transparently observable.”
A multiple case study approach reinforced the generaliza- tion of results and allowed us to perform a cross analysis on polar types or niche situations within the theoretical sample, due to the presence of extreme cases (Meredith, 1998). As the validity and reliability of case studies rest heavily on the cor- rectness of the information provided by the interviewees and can be assured by using multiple sources or “looking at data in multiple ways” (Eisenhardt, 1989; Yin, 2003), multiple sources of evidences or research methods were employed: interviews (to be considered the primary data source), analysis of internal documents, and study of secondary sources—research reports, websites, newsletters, white papers, databases, and international conferences proceedings. This combination of sources allowed to obtain “data triangulation,” essential for assuring rigorous results in qualitative research (Bonoma, 1985). Throughout the research, theory—determined from the literature review—is used as “part of an iterative process of data collection and anal- ysis” (Eisenhardt, 1989, p. 124), meaning that it is employed as an initial guide to design the study and the process of data gathering, though it is never intended to constrain emergent issues coming from the qualitative analysis (so as to preserve the suggested considerable degree of openness to the field data; Orlikowski, 1993; Walsham, 1995; Yin, 2003).
In this light, 27 large companies operating in Italy in differ- ent sectors entered the study. Eight CEOs and 24 CIOs were interviewed on the same topic, in order to obtain, where pos- sible, a dual perspective. In order to carry out the interviews, an interview protocol was used, comprising the following five sections:
1. general company information (e.g., turnover, number of employees, sector, organizational structure, etc.);
2. the various ICT roles within the company (i.e., strategic, enabling the company’s competitive advantages in pro- cesses, products and services versus operative, characterized by a less-pervasive impact);
3. the most important ICT-related decisions (e.g., ICT strategy, ICT budget, etc.);
4. the actors involved in each ICT decision (e.g., the CIO, the CEO, the Board, etc.);
5. the decision-making mechanisms implemented for each ICT decision (e.g., ad hoc organizational units, bilateral relations, committees, etc.)
154 R. BALOCCO ET AL.
Before the interviews, some tests were made during a work- shop organized at the Politecnico di Milano, which involved 10 CIOs from large national and multinational companies, all of whom were asked to review a first draft of the questionnaire and point out missing or unclear issues.
The wording of some of the questions was then modified for clarity. All the interviews were conducted in the same way to ensure comparable results (each subject was offered the same stimulus), and were completed successfully, as all the questions were answered by the respondents. The interviews were con- ducted either in person (12, 8 CEOs and 4 CIOs) or by telephone (20 CIOs), lasted two hours on average, and were tape-recorded and transcribed. At the end of the interviews, the protocol was approved by the interviewees. Then, the protocol was completed and controlled, using the information collected from the com- pany websites, business records (e.g., annual reports, financial highlights, etc.), and internal documents provided by the com- panies analyzed (e.g., IT budget, organizational charts showing roles and responsibilities, etc.).
ANALYZING THE DATA AND INTERPRETING THE EVIDENCE
Since the transcript data were closely regulated by interview protocol, formal data coding was not applied. The transcripts of interviewee responses were summarized, interpreted, and tab- ulated by research question. Specifically, data was recorded in two documents: the central database (i.e., Excel spreadsheet), and a Word document containing the complete interview sum- mary. Discrepancies due to unclear or incomplete data were resolved by follow-up phone contact with respondents.
The data analysis was conducted using two complemen- tary approaches: a within-case and a cross-case analysis. The former aimed at generating insight (Gersick, 1988, Pettigrew, 1988) using—when possible—both the CEO and CIO view- point, while the latter strived to enable intra-case comparisons, highlighting response similarities and differences. The anal- ysis was carried out independently by each of us, in order to guarantee a cross-checking of the interpretation of the data.
Information from case studies was used to accurately detail the values of the framework’s variables (controlling and com- pleting the measures found in the literature), to build up the complete framework, and to apply it in real cases.
Determining the Research Quality The validity and reliability of case studies rests heavily on
the correctness of the information provided by the interviewees and can be ensured by using multiple sources or by looking at data in multiple ways (Eisenhardt, 1989; Yin, 2003). We have used multiple sources of evidence: interviews, archives, and both qualitative and quantitative observation. Reports and mod- els developed were reviewed by interviewees.
The ICT Governance Framework The data were interpreted in light of the four dimensions—
actors, decision-making areas, decision-making mechanisms, and governance style—identified previously.
The ICT Governance Framework: The Actors Involved In order to highlight the company actors involved in ICT
decisions, a cross-case comparison of the information collected through the case studies was carried out (see Table 1 in the Appendix). The analysis was integrated with a literature review (Sambamurthy & Zmud, 1999; Xue et al., 2008; etc.). Several actors within the companies play an important role in making ICT decisions. In the ICT governance framework, these actors are classified on the basis of their position in the company’s organization as follows:
• top managers from the ICT department: they can be classified based on the vertical organization of the ICT department (e.g., corporate, divisions, local branches, etc.), and the different ICT lines (e.g., Demand Management, Development, Operations, etc.; Brown & Magill, 1994; Huang et al., 2010; Sambamurthy & Zmud, 1993; Sambamurthy & Zmud, 1999);
• top managers and key users from other organizational areas: in this case, two main categories of actors can be pointed out—the strategic head represented by the Board of Directors (e.g., the CEO and all the other C-levels, such as the Chief Financial Officer [CFO] and the Chief Procurement Officer [CPO], etc.; Xue et al., 2008), and the internal ICT users from the vari- ous organizational units of the company (i.e., the Lines of Business; Huang et al., 2010).
Through the case studies, it is revealed that the CIO is always involved in the ICT decisions. On the other hand, the CEO has ICT decision-making responsibilities in 11 cases, the CFO in 5 cases, the Board in 6, the Lines of Business in 18 cases, and so on (Table 1, column 7).
Based on the position within the organization of the actors involved in making ICT decisions, two different forms of ICT governance emerge (Figure 1):
External ICT Governance External ICT Governance
Lines of the ICT department Lines of the ICT departmentCIOCIO
Key UsersKey Users
CEO and the Board of Directors
CEO and the Board of Directors
Levels of the ICT department
Levels of the ICT department
Internal ICT Governance Internal ICT Governance
FIG. 1. Actors involved (color figure available online).
ICT GOVERNANCE: A REFERENCE FRAMEWORK 155
• internal governance, involving actors within the ICT department;
• external governance, involving actors from other orga- nizational areas within the company.
In Figure 1, the ovals represent the two forms of ICT gov- ernance: the green one refers to the external ICT governance, including the CIO, the ICT users, and the Board of Directors; and the blue one indicates the internal ICT governance, consid- ering the CIO and the different ICT department lines and levels. The orange arrows indicate the CIO’s relationship with all the other actors involved.
The ICT Governance Framework: The ICT Decision-Making Areas
From the case studies (see Table 1 in the Appendix) and literature review (Korac-Kakabadse & Kakabadse, 2001; von Simson, 1990; Weill & Ross, 2004; Xue et al., 2008, etc.) a list of the most important2 ICT decisions has been highlighted. The ICT decisions are classified in six macro-areas:
• ICT strategic plan proposal and approval within the overall company strategic plan (von Simson, 1990; Wilder, 1990). For example, the CIO of the Utility company N. 2, talking about the formulation of the strategic plan, stated:
The areas of the ICT department consolidate the plans and integrate them according to the group’s guidelines and then the Board reviews the proposal. The planning has a five-year horizon, but it is made in detail for 24 months.
• ICT budget definition and approval (considering both investments [capex] and current costs [opex]) within the overall company budgeting process (von Simson, 1990; Weill & Ross, 2004). Many CIOs mentioned this decision-making area; for instance, a CIO from the Service company N. 3 stated:
The whole ICT budget is discussed in the committees, with a plan- ning system that considers the current needs and the future project areas.
• specific ICT investments proposal and approval (Korac-Kakabadse & Kakabadse, 2001; Xue et al., 2008). The necessity to manage this decision-making area is stressed by almost all the CIOs. One of them stated:
In many companies there is an Investment Committee, managed by the CIO and the CEO, in which the Lines of Business heads are brought together. They discuss the ICT investment proposals.
• definition and control of standards and architectures (von Simson, 1990; Weill & Ross, 2004, etc.). In the case studies, this decision-making area is mentioned; for example, the CIO of Media company N. 2 said:
We have a Committee made up of the CIO and the business area heads. Every two weeks, this committee deals with different topics principally related to architectures and application revision.
• control of the ICT performances (both at the project development and daily management levels) and defini- tion of corrective activities. This decision-making area appears very interesting in the case studies. One CIO stated:
Every two months, there is a formal meeting for the analysis of ICT performances.
• ICT resources quantification and procurement/ sourcing decisions (Korac-Kakabadse & Kakabadse, 2001). Specific mechanisms referring to this decision can be identified in the case studies, for example:
The figures of supplier manager and cost staff manager were intro- duced, to interface with the external partners.
Analyzing the ICT decisions considered important in the companies of the sample, it emerges that, in the contexts in which ICT has a strategic role (it enables the company’s com- petitive advantage in processes, products, and services), ICT strategy, Standards and Architectures, and finally, ICT perfor- mances and corrections are the most commonly cited decision- making areas; in companies in which ICT has an operative role (less pervasive), the ICT budget and ICT investments are the most prevalent.
In these cases, many combinations of actors for each decision-making area were identified. We decided to simplify this complexity by using a matrix which puts together the classification of actors (represented in Figure 1) and the ICT decision-making areas. The matrix allows us to define, for each area, the actors involved in the decision-making process. This result allows the consideration of each individual ICT decision and each individual actor involved.
The ICT Governance Framework: The Decision-Making Mechanisms
The case studies also enabled the investigation of another important variable: the decision-making mechanisms adopted in making ICT decisions. For each company, information about the different mechanisms used was gathered. In Table 1 in the Appendix, an example is reported for each company. The decision-making mechanisms can be represented on a spec- trum between the following two extremes (Huang et al., 2010; Kayworth & Sambamurthy, 2000; Sambamurthy and Zmud, 1999; Schwarz & Hirschheim, 2003; etc.):
• hierarchical centralization, that concentrates decision- making power in the hands of the highest level man- ager in the organization’s structure;
• hierarchical decentralization, that attributes power to one or more lower-level employees within the organi- zation.
156 R. BALOCCO ET AL.
FIG. 2. Decision-making mechanisms (color figure available online).
Shifting from centralization to decentralization, the follow- ing decision-making mechanisms can be identified in the cases analyzed (Figure 2):
• ad hoc organizational units. In this case, the decision- making power that is related to a specific area (e.g., ICT strategy, ICT budget, etc.) is explicitly delegated to an organizational unit, created for this purpose. The CIOs of Insurance company N.2 and Bank company N. 2 reported the following:
A specific Standards and Architectures Unit is in charge of the ICT architecture decisions.
I created a central Platform Structure which keeps an eye on the technology standards.
• bilateral relations, that can involve managers with equal decision-making power (symmetric bilateral relations) or with unequal decision-making power (asymmetric bilateral relations; Weill & Ross, 2004; Xue et al., 2008). For example, the CIOs of Telecommunication company N. 2 stated:
The ICT budget is defined through the collaboration of the CEO and myself, with equal power, and then it is checked and approved by a Budget committee.
• true committees, in which decision-making power is shared among a group of managers (Kayworth & Sambamurthy, 2000; Xue et al., 2008). This cate- gory only includes real decision-making committees, in which the decision is truly in the hands of the group of participants; we did not consider “formal only” committees, in which decisions, already defined using other mechanisms (i.e., hierarchical or bilat- eral), are merely formally accepted. Two examples can be presented from the case studies, the first from Manufacturing company N. 1, the second from Services company N. 6:
The ICT governance model has two phases, the collection of the demand and the approval of requests by an IT Committee and by the Board.
In the Investment Committee—which is represented by the CEO, the CPO, the CFO, the Controller, and the CIO—new ICT investments are discussed.
After the identified decision-making mechanisms are clas- sified into defined categories, the matrix that links actors and decision-making areas can be completed with the specific mech- anisms for each case (Figure 3). In this way, an overarching view of the ICT governance models in the companies analyzed can be provided. The novelty in respect to the literature lies in the identification of both the specific people involved in the decision-making process and the decision-making mechanisms used for each ICT decision.
The ICT Governance Framework: The Prevalent Governance Styles
The case studies allowed the identification of a number of possible governance style archetypes according to the preva- lence of one or more decision-making mechanisms adopted for the different ICT decisions. The identification of general governance styles was conducted separately for external ICT governance and for internal ICT governance, in order to take the different actors into account.
As far as external ICT governance is concerned, the follow- ing prevalent styles were defined:
• autocratic, when most ICT decisions are in some way in the hands of the enterprise head (the CEO and the executives). For example, in the interview with the CIO of Insurance company N. 1, the following information was collected:
The ICT requests are approved by an executive committee. The com- mittee is supervised by the CEO and also involves those reporting directly to him, such as the CFO, the people defining the group strategies, the CHRO, the people responsible for the Organization Department and for the Management Control Department.
• participatory, when prevalent decision-making mech- anisms are (for the main decisions, at least) collegial structures with effective roles and power. For example, as stated by the CIO of Telecommunication company N. 4:
In terms of roles and responsibilities, there are also many Committees. In the Investment Committee, represented by the CEO, the CPO, the CFO, the Controller, and the CIO, ICT investments are discussed; in the Quality Committee, where all the operative depart- ments and the Commercial department can be found, problems related to projects and to company operations are discussed.
ICT GOVERNANCE: A REFERENCE FRAMEWORK 157
FIG. 3. The ICT governance framework (color figure available online).
• ICT-centric, when asymmetric, bilateral decision- making mechanisms are very common, with strong power in the hands of the ICT department, as in the case of an important Utility company:
When the budget for the ICT department is ready, it is divided among the departments that request and use ICT services. The budget for the specific Business Unit is controlled by the ICT Demand Manager.
• user-centric, when asymmetric, bilateral decision- making mechanisms favoring the Lines of Business prevail. For example, the CIO of Service company N. 7 stated:
ICTs propose a technical-economic offer, which is given to the line of business heads for their signature. The line of business manager therefore has a direct control on ICT expenses.
The last two situations represent an exception, and conse- quently, the need for some clarification. ICT-centric or user- centric situations are often hidden behind formal committees that represent only “declared but not used” collegial struc- tures. The real decision-making power is in the hands of the stronger department (ICT in the first case, Lines of Business in the second), which makes decisions using asymmetric, bilat- eral interactions. It is very important to identify these situations, comparing information collected by different sources (inter- views, documents, observation, etc.).
As far as internal ICT governance is concerned, when analyzing the case studies, the following prevalent styles emerged:
• centralized, when decision-making power is concen- trated in the first level manager of the organization
(CIO corporate in the case of an ICT department orga- nized in a number of vertical levels), such as in the case of a Bank:
Compared to the past, the CIO is a more important actor in ICT governance: this choice is related to the need for stronger governance than in previous years.
• coordinated, when collegial or bilateral mechanisms prevail. These enable discussion between different ICT department units at vertical and horizontal levels. Actually, the CIO of Utility company N. 1 stated:
To ensure a common view, the Operating Review Meetings are scheduled every two weeks and involve the four Demand and Delivery managers. The ICT structures consolidate the plans and integrate them according to group guidelines.
• autonomous, when there is a strong delegation of responsibilities towards ICT department units (at vertical and horizontal level), as we found in the Manufacturing company N. 5:
We have a committee comprising the different ICT areas. It deals with different topics related mainly to architecture and application revision and Lines of Business relations management. In terms of processes, the ICT areas have a good level of autonomy.
These styles are archetypes that we created to schematize the prevalent decision-making behavior in different companies. In most cases, a predominant governance style was accom- panied by particular decision-making mechanisms for specific areas.
158 R. BALOCCO ET AL.
The Application of the ICT Governance Framework Two organizations from different sectors have been analyzed
through the proposed framework:
• a company in the manufacturing sector; • a company in the telecommunications sector.
These sectors represent “polar types”: the first one is a part of the “physical economy”; the second one is a part of the “infor- mation economy.” The analyzed companies were not part of the original sample of 24 companies. First, in the selected cases, the interviewees indicated the actors involved in ICT governance as in Figure 4 and Figure 5.
In the two cases, specific decision-making areas were men- tioned by the interviewees. CIOs were asked to identify the most important ICT decisions in their company. The decisions for each case were then listed and are represented in Figures 6 and 7.
Finally, the ICT decision-making mechanisms identified were represented. The ICT governance models that we were able to produce for the two selected cases are depicted in Figures 8 and 9.
In Figure 8, the power to make some ICT decisions, in the case of external governance, is prevalently in the hands of the users/Lines of Business. In relation to internal governance, the different ICT levels make the decisions independently. In Figure 9, the decision-making power for the two ICT deci- sions (ICT strategy and ICT budget) is either symmetrically divided between the CIO and the enterprise head, or it is col- legially distributed. For internal governance, the decision about the standards and architectures is centrally controlled by the head of the ICT department or managed using a collegial mechanism.
The application of the ICT governance framework reveals that the problem of governance is not faced through a structured
Lines of the ICT department: IT&TLC infrastructure, IT applications
Lines of the ICT department: IT&TLC infrastructure, IT applications
CIOCIO
Key Users: Line of Business
(product development unit, Logistics, etc.)
Key Users: Line of Business
(product development unit, Logistics, etc.)
CEO (not very in volved)
CEO (not very in volved)
ICT levels: ICT regional and
local organizations
ICT levels: ICT regional and
local organizations
FIG. 4. Actors involved in the manufacturing sector case (color figure avail- able online).
Different ICT lines: Systems, Network, IT Different ICT lines: Systems, Network, ITCIOCIO
Key Users: Line of Business
(not very in volved)
Key Users: Line of Business
(not very in volved)
CEO, BoardCEO, Board
Different ICT levelsDifferent ICT levels
FIG. 5. Actors involved in the telecommunications sector case (color figure available online).
method. An incremental approach which first considers those areas deemed most critical is often exploited.
The Relation Between ICT Governance and the Role of ICT to Support Business
A useful exercise in applying the ICT governance framework was the study of the predominant governance style implemented by companies on the basis of some contextual factors. It is evident that the prevalence in external or internal governance of one or another style is determined by a multiplicity of fac- tors that intimately characterize the organization: management style, culture, organizational strategy, power structure, pres- ence of specific people, interpersonal relationships between top managers, and so forth (Brown & Magill, 1994; Sambamurthy & Zmud, 1999; Weill & Ross, 2005). In our research, we focused on the correlation between ICT governance styles and the specific ICT roles supporting the business, for two reasons:
• to concentrate on a single factor that impacts on ICT governance. Considering a single contextual variable is not new in the literature, but it helps to understand the usefulness of the model. Other variables and the study of their correlated impact on the ICT governance model will be the subject of future research;
• to consider the role played by ICT, which is very important and distinctive in different enterprises. The role of ICT is obviously a factor impacting on the ICT governance model and on different levels of involve- ment of organizational actors in ICT decisions.
To simplify the analysis, the companies were clustered in two macro-classes:
• “ICT-intensive” organizations in which technologies play a key strategic role, enabling the company’s competitive advantages in value chain processes,
ICT GOVERNANCE: A REFERENCE FRAMEWORK 159
FIG. 6. Decision-making areas cited in the manufacturing sector case (color figure available online).
FIG. 7. Decision-making areas cited in the telecommunications sector case (color figure available online).
FIG. 8. The ICT governance model in the manufacturing sector case (color figure available online).
160 R. BALOCCO ET AL.
FIG. 9. The ICT governance model in the telecommunications sector case (color figure available online).
FIG. 10. ICT governance models in companies with different ICT roles in supporting business (color figure available online).
products, and services. In this category, for exam- ple, telecommunication companies and banks were considered;
• “Not ICT-intensive” organizations that are in contexts in which information and communication technologies have a less-strategic role (e.g., some traditional sectors, such as manufacturing industry).
Through the analysis of prevailing governance styles in these two groups of enterprises, a certain polarization of behav- ior (Figure 10) was identified. In “ICT-intensive” companies, external governance collegial mechanisms based on the Board or on strong bilateral relations between the CIO and the CEO (participative style, Cluster 1, Figure 10) prevail. In these
enterprises, the ICT play a strategic role and it is often a part of the output of the companies (i.e., the services offered), deter- mining a close relationship between the CEO, the CIO, and the Board of Directors. As far as internal governance is con- cerned, a trend towards greater centralization can be pointed out (Cluster 2, Figure 10). An example is a Bank in which there is (especially for Strategic Planning) a collegial mecha- nism called “Action Plans,” sponsored by the General Director and involving the CFO, the Systems department, the Network, and IT. The “Investment committee” comprising the CEO, the General Director, and the CFO is another collegial struc- ture. Considering internal governance, the CIO and the ICT managers define and monitor technological ICT performances collaboratively.
ICT GOVERNANCE: A REFERENCE FRAMEWORK 161
In “Non ICT-intensive” enterprises, external governance is often based on bilateral relations, often with more power given to the Lines of Business (except for infrastructural- related decisions managed autonomously by the CIO; Cluster 3, Figure 10). In these enterprises, the ICT is often considered as a “commodity-service” provided by the ICT department to the line of business, that have an higher power in taking the ICT decisions. In internal governance, there is a gradual shift from coordination mechanisms to a more autonomous logic (Cluster 4, Figure 10). In one Food Industry company, ICT projects and investments are initially discussed by ICT management and the Lines of Business. The Lines of Business have significant input in determining project prioritizations. In terms of internal governance, the different ICT levels tend to monitor ICT per- formances and to manage their resources and sourcing choices autonomously.
CONCLUSIONS The research analysis presented in this article started from
a review of academic and practitioner literature, in order to identify the variables important in the definitions of an ICT governance model. The variable values were checked and inte- grated through 27 case studies in order to propose a complete ICT governance framework, and then the theoretical framework was applied to 27 companies, in order to highlight the actual differences in the ICT governance models adopted.
In terms of theoretical implications, our research provides a general framework, combining elements found in different and partial contributions in the literature. In the framework, all the variables and corresponding values cited in the literature were checked and completed through case studies, and a systemic view of an ICT governance model was created. The strong point of the research is its application of the complete framework in real contexts, focusing as well on contingent factors.
As far as implications for practitioners are concerned, this study can be considered a first basis for both understanding the ICT governance model implemented within the company and for choosing mechanisms to improve implementation in relation to contextual factors.
The limitations of this study are related to the sample, which is focused on large Italian companies, even if no country- specific issues (e.g., specific laws, Italian economic structure, etc.) seem to have an impact on the definition of the ICT governance framework. Moreover, for 19 companies out of 27 analyzed, only the CIO has been interviewed; even if these CIOs were well informed about the governance issues at the Board Level, this can represent a limitation of the research study.
It is probable that the proposed ICT governance framework is particularly suited to large organizational contexts, with revi- sions necessary for adaptation to the characteristics of medium and small companies. In addition, the contextual factor analyzed
(i.e., the role of ICT in supporting company’s business) rep- resents a snapshot of all the contextual elements which can determine different models’ characteristics.
Future studies will aim to apply the ICT governance frame- work in more organizations from different sectors and of varying sizes. A further step will be the analysis of the mod- els according to other contextual variables that can impact the ICT governance model implemented.
NOTES 1. The COBIT framework is aimed at giving managers, auditors, and ICT
users a set of generally accepted measures, indicators, processes, and best prac- tices to help maximize the benefits derived from the use of ICT within this framework.
2. A decision is considered “important” if it impacts on ICT functioning and on the alignment with business needs.
AUTHOR BIOS Raffaello Balocco, PhD, is Assistant Professor at Politecnico di
Milano. He is co-director of the Executive MBA at the MIP, the Politecnico di Milano Business School, and Scientific Director of the Observatory dealing with the strategic use ICT in SMEs.
Alessia Ciappini, PhD, is a research fellow at Politecnico di Milano. She has been responsible for the research of the Observatory on ICT & CIOs in Fashion-Retail.
Andrea Rangone, PhD, is Full Professor of Business Strategy at Politecnico di Milano, where he also teaches eBusiness. He is Director of the Executive MBA ICT and of many other executive courses at MIP, the Politecnico di Milano Business School. He is coordinator of the ICT & Management Observatories research group within Politecnico di Milano
REFERENCES Andersen, S. S. (1997). Case-studier og generalisering, forskningsstrategi og
design. Fagbokforlaget, Bergen. Balocco, R., Perego, A., & Perotti, S. (2010). B2b eMarketplaces: A classifi-
cation framework to analyse business models and critical success factors, Industrial Management and Data Systems, 110(8), 1117–1137.
Bonoma, T. V. (1985). Case research in marketing: Opportunities, problems, and a process. Journal of Marketing Research, 22, 199–208.
Bowen, P. L., Cheung, M.-Y. D., & Rohde, F. H. (2007). Enhancing IT governance practices: A model and case study of an organization’s efforts. International Journal of Accounting Information Systems, 8(3), 191–221.
Boynton, A. C., Jacobs, G. C., & Zmud, R. W. (1992). Information technology management: Just whose responsibility is it? Sloan Management Review, 33(4), 32–38.
Broadbent, M., & Weill, P. (2003). Tailor IT governance to your enterprise. Gartner.
Brown, C. V., & Magill, S. L. (1994). Alignment of the IS function with the enterprise: Toward a model of antecedents. MIS Quarterly, 18(4), 371–403.
Brown, C. V., & Magill, S. L. (1998). Reconceptualizing the context-design issue for the information systems function. Organization Science, 9(2), 177–195.
162 R. BALOCCO ET AL.
Cater-Steel, A. (2009). Information technology governance and service man- agement: Frameworks and adaptations. Hershey, NY: Information Science Reference.
Chan, Y., & Reich, B. (2007). IT alignment—What have we learned? Journal of Information Technology, 22(4) 297–315.
Clark, T. D. (1992). Corporate systems management: An overview and research perspective. Communications of the ACM, 35(2), 61–75.
Cohen, J. F., & Toleman, M. (2006). The IS–business relationship and its implications for performance: An empirical study of South African and Australian organizations. International Journal of Information Management, 26, 457–468.
Corso, M., Martini, A., & Balocco, R.(2008). Organizing for continuous innovation: A community of practice approach. International Journal of Technology Management, 44, N. 3/4.
Dahlberg, T., & Kivijarvi, H. (2006, January). An integrated framework of IT governance and the development and validation of an assessment instru- ment. In Proceedings of the Hawaii International Conference on System Sciences, Kauai, HI.
De Haes, S., & Van Grembergen, W. (2006, January). IT Governance best prac- tices in Belgian Organisations. In Proceedings of the Hawaii International Conference on System Sciences, Kauai, HI.
De Haes, S., & Van Grembergen, W. (2009). An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management, 26(2), 123–137.
Duffy, J. (2005). IT governance: Driving value and mitigate risk. Idc Canada. Eisenhardt, K. M. (1989). Building theories from case study research. Academy
of Management Review, 14(4), 532–550. Gersick, C. (1988). Time and transition in work teams: Toward a new model of
group development. Academy of Management Journal, 31, 9–41. Gillan, S. L. (2006). Recent developments in corporate governance: An
overview. Journal of Corporate Finance, 12(3), 381–402. Gresov, C. (1989). Exploring fit and misfit with multiple contingencies.
Administrative Sciences Quarterly, 34(3), 431–453. Herman, J. (1999). The impact of e-business on enterprise IT management.
Business Communications Review, October, 22–24. Huang, R., Zmud, R. W., & Price, R. L. (2009). IT governance practices in small
and medium-sized enterprises: Recommendations from an empirical study. In Information Systems—Creativity and Innovation in Small and Medium- sized Enterprises, 158–179. Boston, MA: Springer.
Huang, R., Zmud, R. W., & Price, R. L. (2010). Influencing the effec- tiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, 19, 288–302.
Kay, J., & Silberston, A. (1995). Corporate governance. In National Institute Economic Review (pp. 84–96). London: Kluwer Law International.
Kayworth, T., & Sambamurthy, V. (2000). Managing the information technol- ogy infrastructure. Baylor Business Review, 18(1), 13–15.
Kearns, G. S., & Sabherwal, R. (2007). Strategic alignment between busi- ness and information technology: A knowledge-based view of behaviors, outcome, and consequences. Journal of Management Information Systems, 23(3), 129–162.
Kidder, T. (1982). Soul of a new machine. New York: Avon. Kinnear T. C., & Taylor, J. R. (1996). Marketing research: An applied approach.
New York: McGraw Hill. Korac-Kakabadse, N., & Kakabadse, A. (2001). IS/IT governance: Need for an
integrated model. Corporate Governance, 1(4), 9–11. LaPlante, A. (1991). Here come the hybrids. Computerworld, June, 57–61. Leifer, R. (1988). Matching computer-based information systems with organi-
zational structures. MIS Quarterly, 1(l), March, 63–74. McFarlan, F. W., & Nolan, R. L. (2005). Information technology and the board
of directors. Harvard Business Review, 83(10), 96–106. Meredith, J. (1998). Building operations management theory through case and
field research. Journal of Operations Management, 16, 441–454. Monks, R. A. G. (2002). Creating value through corporate governance.
Corporate governance: An international review, 10(3), 116–123. Monnoyer, E., & Willmott, P. (2005). What IT leaders do: Companies that rely
on IT governance systems alone will come up short. McKinsey on IT , 2–6.
Olson, M., & Chervany, N. (1980). The relationship between organizational characteristics and the structure of the lnformation service function. MIS Quarterly, (4), 57–68.
Orlikowski, W. J., (1993). CASE tools as organizational change: Investigating incremental and radical changes in systems development. MIS Quarterly, 17(3), 309–340.
Peterson, R. (2004). Crafting information technology governance. Information Systems Management, 21(4), 7–22.
Peterson, R. R., O’Callaghan, R., & Ribbers, P. M. A. (2000). Information technology governance by design: Investigating hybrid configurations and integration mechanisms. Proceedings of the twenty first inter- national conference on Information systems, Brisbane, Queensland, Australia.
Peterson, R., Parker, M. M., & Ribbers, P. (2002, December). Information tech- nology governance processes under environmental dynamism: Investigating competing theories of decision making and knowledge sharing. In Proceedings of the 23th International Conference on Information Systems, Barcelona, Spain.
Pettigrew, A. (1988). The management of strategic change. Oxford, UK: Blackwell.
Rau, K. G. (2004). Effective governance of It: Design objectives, roles, and relationships. Information Systems Management, 21(4), pp. 35–42.
Ribbers, P. M. A., Peterson, R. R., & Parker, M. M. (2002). Designing informa- tion technology governance processes: Diagnosing contemporary practices and competing theories. In Proceedings of the 35th Hawaii International Conference on System Sciences, Big Island, HI, January 7–10.
Robinson, N. (2007). The many faces of IT governance: Crafting an IT governance architecture. Information Systems Control Journal, 1, 14–16.
Rockart, J. F., Earl, M. J., & Ross, J. W. (1996). Eight imperatives for the new IT organization. Sloan Management Review, Fall, 43–56.
Sambamurthy, V., & Zmud, R. W. (1993). A conceptual and measure- ment approach for examining IT management architectures. In P. Todd & B. Gallupe (Eds.), Proceedings of the Annual Conference of the Administrative Sciences Association of Canada, Information Systems Division (pp. 194–204). Lake Louise, Alberta, Canada.
Sambamurthy, V., & Zmud, R. W. (1999). Arrangements for information tech- nology governance: A theory of multiple contingencies. MIS Quarterly, 23(2), 261–290.
Schwarz, A., & Hirschheim, R. (2003). An extended platform logic perspective of IT governance: Managing perceptions and activities of IT. The Journal of Strategic Information Systems, 12(2), 129–166.
Symons, C. (2004). IT governance and the balanced scorecard. Forrester Research, August. Retrieved from http://www.forrester.com/The+IT+ Balanced+Scorecard/-/E-EVE4879
Tavakolian, H. (1989). Linking the information technology structure with organizational competitive strategy: A survey. MIS Quarterly, 13, (3), 309–317.
Van Grembergen, W. V., & De Haes, S. (2009). Enterprise governance of information technology. New York: Springer.
Van Grembergen, W., De Haes, S., & Guldentops, E. (2003). Structures, pro- cesses and relational mechanisms for IT governance. In Van Grembergen (Ed.), Strategies for information technology governance (pp. 1–36). Hershey, PA: Idea Group Publishing.
von Simson, E. (1990). The “centrally” decentralized IS organization. Harvard Business Review, July–August, 158–162.
Walsham, G. (1995). Interpretive case-studies in IS research—Nature and methods. European Journal of Information Systems, 4(2), 74–81.
Walz, D., Elam, J. J., & Curtis, B. (1993). Inside a software design team: Knowledge acquisition, sharing, and integration. Communications of the ACM, 36(l0), 63–76.
Weill, P., & Ross, J. W. (2004). IT governance. How top performers manage IT decision rights for superior results. Boston, MA: Harvard Business School Press.
Weill, P., & Ross, J. W. (2005). A matrixed approach to designing IT gover- nance. MIT Sloan Management Review, Winter.
Wilder, C. (1990). Bend me, shape me: What’s the best shape for IS in the 1990s?. Computerworld, December 24, 14.
ICT GOVERNANCE: A REFERENCE FRAMEWORK 163
Willcocks, L., Feeny, D., & Olson, N. (2006). Implementing core IS capabili- ties: Feeny-Willcocks IT governance and management framework revisited. European Management Journal, 24(1), 28–37.
Xue, Y., Liang, H., & Boulton, W. R. (2008). Information technology gover- nance in information technology investment decision processes: The impact of investment characteristics, external environment, and internal context. MIS Quarterly, 32(1), 67–96.
Yin, R. K. (2003). Case study research: Design and method (3rd ed.), Thousand Oaks, CA: Sage Publications.
Zmud, R. W. (1988). Building relationships throughout the corporate entity. In M. J. Elam, P. Ginzberg, & R. W. Zmud (Eds.), Transforming the IS organi- zation: The mission, the framework, the transition (pp. 55–82). Washington, DC: ICIT Press.
A P
P E
N D
IX T
A B
L E
1 F
or ea
ch ca
se :
G en
er al
da ta
an d
IC T
go ve
rn an
ce va
ri ab
le s
an al
ys is
(a ct
or s
de cl
ar ed
to be
in vo
lv ed
in IC
T de
ci si
on s,
IC T
de ci
si on
-m ak
in g
ar ea
s co
ns id
er ed
m os
t im
po rt
an t
an d
ex am
pl es
of de
ci si
on -m
ak in
g m
ec ha
ni sm
s ad
op te
d)
C om
pa ny
S ec
to r
S iz
e N
.o f
E m
pl oy
ee s
(2 00
7)
R ev
en ue
(m il
li on
s; 20
07 )
In te
rv ie
w w
it h
C IO
In te
rv ie
w w
it h
C E
O
A ct
or s
de cl
ar ed
to be
in vo
lv ed
in IC
T de
ci si
on s
IC T
de ci
si on
-m ak
in g
ar ea
s co
ns id
er ed
m os
t im
po rt
an t
D ec
is io
n- m
ak in
g m
ec ha
ni sm
s ad
op te
d (e
xa m
pl es
)
C om
pa ny
1 S
er vi
ce s
91 30
3, 10
3, 52
3 N
O Y
es C
IO ,L
in es
of B
us in
es s,
IC T
di ff
er en
t le
ve ls
IC T
bu dg
et ,
st an
da rd
s an
d ar
ch it
ec tu
re s,
IC T
re so
ur ce
s an
d so
ur ci
ng
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e L
in es
of B
us in
es s
H ea
ds C
om pa
ny 2
S er
vi ce
s (t
ra ns
po rt
) 85
99 67
0, 09
6 N
O Y
es C
IO ,L
in e
of B
us in
es s,
IC T
di ff
er en
t li
ne s
IC T
bu dg
et ,
IC T
in ve
st m
en ts
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s,
IC T
re so
ur ce
s an
d so
ur ci
ng
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e pe
op le
re sp
on si
bl e
of th
e IC
T li
ne s
C om
pa ny
3 B
an k
45 00
N / A
Y es
N O
C IO
,C E
O ,C
F O
,I C
T li
ne s
IC T
st ra
te gy
,I C
T in
ve st
m en
ts ,I
C T
pe rf
or m
an ce
s an
d co
rr ec
ti on
s
e. g.
,P re
se nc
e of
a co
m m
it te
e th
at in
vo lv
es th
e C
IO ,t
he C
E O
,a nd
th e
C F
O C
om pa
ny 4
B an
k N
/ A
N / A
Y es
N O
C IO
,C E
O an
d th
e B
oa rd
,I C
T di
ff er
en t
li ne
s
IC T
st ra
te gy
,I C
T in
ve st
m en
ts ,
st an
da rd
s an
d ar
ch it
ec tu
re
e. g.
,P re
se nc
e of
an sp
ec ifi
c or
ga ni
za ti
on al
un it
C om
pa ny
5 M
an uf
ac tu
ri ng
(f oo
d) 19
,7 70
3, 95
0, 62
3 Y
es Y
es C
IO ,C
E O
,B oa
rd ,
L in
es of
B us
in es
s, IC
T di
ff er
en t
le ve
ls
IC T
bu dg
et ,
IC T
in ve
st m
en ts
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s,
IC T
re so
ur ce
s an
d so
ur ci
ng
e. g.
,P re
se nc
e of
a co
m m
it te
e th
at in
vo lv
es th
e C
IO an
d th
e L
in es
of B
us in
es s
H ea
ds
C om
pa ny
6 B
an k
N / A
N / A
N O
Y es
C IO
,C F
O ,C
E O
,I C
T di
ff er
en t
li ne
s IC
T st
ra te
gy ,I
C T
bu dg
et ,I
C T
in ve
st m
en ts
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e C
E O
C om
pa ny
7 M
an uf
ac tu
ri ng
26 54
76 2,
96 6
Y es
N O
C IO
,L in
es of
B us
in es
s, IC
T di
ff er
en t
le ve
ls an
d li
ne s
IC T
in ve
st m
en ts
,I C
T re
so ur
ce s
an d
so ur
ci ng
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e L
in es
of B
us in
es s
H ea
ds
164
C om
pa ny
8 M
an uf
ac tu
ri ng
(f oo
d) 76
55 2,
31 1,
25 4
Y es
N O
C IO
,L in
es of
B us
in es
s, IC
T di
ff er
en t
le ve
ls
IC T
bu dg
et ,
IC T
in ve
st m
en ts
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e pe
op le
re sp
on si
bl e
of th
e IC
T le
ve ls
C om
pa ny
9 In
su ra
nc e
N / A
N / A
Y es
N O
C IO
,C E
O ,C
F O
, C
H R
O IC
T in
ve st
m en
ts ,
st an
da rd
s an
d ar
ch it
ec tu
re s,
IC T
pe rf
or m
an ce
s an
d co
rr ec
ti on
s
e. g.
,P re
se nc
e of
a co
m m
it te
e th
at in
vo lv
es th
e C
E O
,t he
C F
O ,t
he C
H R
O ,e
tc .
C om
pa ny
10 U
ti li
ty 58
,5 48
37 ,4
97 ,0
00 Y
es N
O C
IO ,L
in es
of B
us in
es s,
IC T
di ff
er en
t li
ne s
IC T
st ra
te gy
,I C
T bu
dg et
,I C
T in
ve st
m en
ts ,I
C T
pe rf
or m
an ce
s an
d co
rr ec
ti on
s, IC
T re
so ur
ce s
an d
so ur
ci ng
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e L
in es
of B
us in
es s
H ea
ds an
d be
tw ee
n th
e C
IO an
d th
e IC
T li
ne s
C om
pa ny
11 U
ti li
ty 73
,5 72
86 ,1
05 ,0
00 Y
es N
O C
IO ,B
oa rd
,L in
es of
B us
in es
s, IC
T di
ff er
en t
li ne
s an
d le
ve ls
IC T
st ra
te gy
,I C
T in
ve st
m en
ts ,I
C T
pe rf
or m
an ce
s an
d co
rr ec
ti on
s
e. g.
,P re
se nc
e of
a co
m m
it te
e th
at in
vo lv
es th
e C
IO ,t
he pe
op le
re sp
on si
bl e
of th
e IC
T li
ne s,
an d
th e
L in
es of
B us
in es
s H
ea ds
C om
pa ny
12 T
el ec
om m
un ic
at io
n 33
36 1,
22 8,
77 9
Y es
N O
C IO
,C E
O ,B
oa rd
,I C
T di
ff er
en t
le ve
ls an
d li
ne s
IC T
st ra
te gy
,I C
T bu
dg et
,s ta
nd ar
ds an
d ar
ch it
ec tu
re s
e. g.
,P re
se nc
e of
co m
m it
te es
th at
in vo
lv e
th e
C IO
,t he
B oa
rd ,a
nd th
e fi
rs t-
li ne
m an
ag er
s C
om pa
ny 13
M an
uf ac
tu ri
ng (f
oo d)
N / A
N / A
Y es
N O
C IO
,L in
es of
B us
in es
s, IC
T di
ff er
en t
li ne
IC T
st ra
te gy
,I C
T bu
dg et
,s ta
nd ar
ds an
d ar
ch it
ec tu
re s
e. g.
,B il
at er
al re
la ti
on s
be tw
ee n
th e
C IO
an d
th e
L in
es of
B us
in es
s H
ea ds
(C o
n ti
n u
ed )
165
T A
B L
E 1
(C on
ti nu
ed )
C om
pa ny
S ec
to r
S iz
e N
.o f
E m
pl oy
ee s
(2 00
7)
R ev
en ue
(m il
li on
s; 20
07 )
In te
rv ie
w w
it h
C IO
In te
rv ie
w w
it h
C E
O
A ct
or s
de cl
ar ed
to be
in vo
lv ed
in IC
T de
ci si
on s
IC T
de ci
si on
-m ak
in g
ar ea
s co
ns id
er ed
m os
t im
po rt
an t
D ec
is io
n- m
ak in
g m
ec ha
ni sm
s ad
op te
d (e
xa m
pl es
)
C om
pa ny
14 M
an uf
ac tu
ri ng
17 3,
72 6
51 ,8
32 ,0
00 Y
es N
O C
IO ,L
in e
of B
us in
es s
IC T
bu dg
et ,
IC T
in ve
st m
en ts
, st
an da
rd s
an d
ar ch
it ec
tu re
s, IC
T re
so ur
ce s
an d
so ur
ci ng
e. g.
,S pe
ci fi
c de
ci si
on s
au to
no m
ou sl
y ta
ke n
by th
e di
ff er
en t
IC T
li ne
s
C om
pa ny
15 S
er vi
ce s
(t ra
ns po
rt )
98 ,0
02 5,
45 3,
32 8
Y es
N O
C IO
,L in
es of
B us
in es
s, IC
T di
ff er
en t
le ve
ls
IC T
bu dg
et ,
st an
da rd
s an
d ar
ch it
ec tu
re s,
IC T
pe rf
or m
an ce
s an
d co
rr ec
ti on
s
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e B
oa rd
C om
pa ny
16 T
el ec
om m
un ic
at io
n N
/ A
N / A
Y es
N O
C IO
,C E
O ,a
nd th
e B
oa rd
IC T
st ra
te gy
,I C
T bu
dg et
,I C
T in
ve st
m en
ts
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e C
E O
C om
pa ny
17 M
an uf
ac tu
ri ng
22 ,8
68 5,
85 4,
10 1
Y es
Y es
C IO
,L in
es of
B us
in es
s IC
T bu
dg et
, IC
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s,
IC T
re so
ur ce
s an
d so
ur ci
ng
e. g.
,P re
se nc
e of
a co
m m
it te
e th
at in
vo lv
es th
e C
IO an
d th
e L
in es
of B
us in
es s
H ea
ds C
om pa
ny 18
S er
vi ce
s 24
14 54
6, 05
9 Y
es Y
es C
IO ,L
in es
of B
us in
es s,
IC T
di ff
er en
t le
ve ls
IC T
bu dg
et ,
st an
da rd
s an
d ar
ch it
ec tu
re s
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e pe
op le
re sp
on si
bl e
of th
e IC
T li
ne s
C om
pa ny
19 S
er vi
ce s
15 5,
34 7
9, 77
4, 37
1 Y
es N
O C
IO ,B
oa rd
,L in
es of
B us
in es
s, IC
T di
ff er
en t
le ve
ls
IC T
bu dg
et ,
IC T
re so
ur ce
s an
d so
ur ci
ng
e. g.
,P re
se nc
e of
a co
m m
it te
e be
tw ee
n th
e C
IO an
d th
e pe
op le
re sp
on si
bl e
of IC
T le
ve ls
an d
li ne
s C
om pa
ny 20
M ed
ia 11
,4 36
3, 08
3, 90
0 Y
es N
O C
IO ,C
E O
,B oa
rd ,L
in e
of B
us in
es s
IC T
st ra
te gy
,s ta
nd ar
ds an
d ar
ch it
ec tu
re s,
IC T
pe rf
or m
an ce
s an
d co
rr ec
ti on
s
e. g.
,P re
se nc
e of
a sp
ec ifi
c or
ga ni
za ti
on al
un it
C om
pa ny
21 In
su ra
nc e
N / A
N / A
Y es
N O
C IO
,C P
O ,B
oa rd
IC T
st ra
te gy
,I C
T in
ve st
m en
ts ,
st an
da rd
s an
d ar
ch it
ec tu
re s
e. g.
,P re
se nc
e of
a sp
ec ifi
c or
ga ni
za ti
on al
un it
166
C om
pa ny
22 M
ed ia
66 61
1, 46
0, 18
3 Y
es Y
es C
IO ,C
E O
,C F
O ,L
in es
of B
us in
es s
IC T
st ra
te gy
,I C
T in
ve st
m en
ts ,
st an
da rd
s an
d ar
ch it
ec tu
re s
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e B
oa rd
C om
pa ny
23 S
er vi
ce s
N / A
N / A
Y es
N O
C IO
,C E
O ,C
F O
,C P
O ,
C on
tr ol
le r,
L in
es of
B us
in es
s, IC
T di
ff er
en t
li ne
s
IC T
bu dg
et ,
IC T
in ve
st m
en ts
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s
e. g.
,P re
se nc
e of
a co
m m
it te
e th
at in
vo lv
es th
e C
IO ,t
he C
E O
,t he
C F
O ,t
he C
P O
,a nd
th e
C on
tr ol
le r
C om
pa ny
24 M
an uf
ac tu
ri ng
10 ,5
30 1,
62 0,
26 3
Y es
N O
C IO
,L in
es of
B us
in es
s, IC
T di
ff er
en t
li ne
s an
d le
ve ls
IC T
bu dg
et ,
IC T
in ve
st m
en ts
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s,
IC T
re so
ur ce
s an
d so
ur ci
ng
e. g.
,S om
e de
ci si
on s
au to
no m
ou sl
y ta
ke n
by th
e di
ff er
en t
IC T
le ve
ls
C om
pa ny
25 T
el ec
om m
un ic
at io
n 76
,4 54
31 ,0
39 ,0
00 Y
es N
O C
IO ,C
E O
,L in
es of
B us
in es
s IC
T st
ra te
gy ,I
C T
in ve
st m
en ts
, st
an da
rd s
an d
ar ch
it ec
tu re
s, IC
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s
e. g.
,P re
se nc
e of
tw o
sp ec
ifi c
st ru
ct ur
es
C om
pa ny
26 S
er vi
ce s
30 97
65 3,
82 1
Y es
N O
C IO
,L in
es of
B us
in es
s IC
T bu
dg et
, IC
T re
so ur
ce s
an d
so ur
ci ng
e. g.
,B il
at er
al re
la ti
on be
tw ee
n th
e C
IO an
d th
e L
in es
of B
us in
es s
H ea
ds C
om pa
ny 27
T el
ec om
m un
ic at
io n
N / A
N / A
Y es
Y es
C IO
,C E
O ,C
P O
,C F
O ,
C on
tr ol
le r,
IC T
di ff
er en
t le
ve ls
an d
li ne
s
IC T
in ve
st m
en ts
,I C
T pe
rf or
m an
ce s
an d
co rr
ec ti
on s
e. g.
,P re
se nc
e of
a co
m m
it te
e w
hi ch
in vo
lv es
th e
C IO
,t he
L in
es of
B us
in es
s H
ea ds
,t he
C om
m er
ci al
D ep
ar tm
en t
167
Copyright of Information Systems Management is the property of Taylor & Francis Ltd and its content may not
be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written
permission. However, users may print, download, or email articles for individual use.
