1
G
ETTING THE PRIORITIES RIGHT
:
L
ITERATURE VS
P
RACTICE ON
IT
G
OVERNANCE
Mårten Simonsson and Mathias Ekstedt, Ph.D.
Department of Industrial Information and Control Systems
Royal Institute of Technology (KTH), Osquldas väg 12, 7tr S-100 44 Stockholm, Sweden
{ms101, mek101}@ics.kth.se
http://www.ics.kth.se
Abstract. The field of IT governance has emerged in order to address organizational issues for IT value delivery
to the business. However, a shared view of the definition of IT governance is lacking between researchers and
practitioners, and support for decision-making is neither present. A commonly agreed upon definition of IT
governance would be very useful but has until today not been available. This article presents an IT governance
definition based on an extensive literature study. IT governance is the preparation for, making of and
implementation of IT-related decisions regarding goals, processes, people and technology on a tactical or
strategic level. The components of the definition are prioritized in two different ways. A theoretical prioritization
was made to highlight the most important concerns according to 60 different publications. Another prioritization
was carried out with a group of Swedish IT governance experts. The opinions of practitioners and literature did
mostly align, but differences were identified in the importance of understanding the situation at hand prior to
making decisions, and monitoring of the decisions’ impacts.
Keywords: IT Governance, Prioritization, IT governance practitioners, IT governance literature
pg_0002
2
1
Background to Research
IT governance is a topic that has been increasingly discussed since the mid nineties. The topic has inherited much
from the discipline of corporate governance, but has developed into a discipline of its own rights. Today
however, a shared view on important concerns and how they should be handled is missing within IT governance.
The definitions of IT governance are broad and ambiguous which in turn implicate difficult and inaccurate
assessments. Most authors agree on IT governance as a top management concern of controlling IT’s strategic
impact, and its value delivery to the business c.f.
[1], [2], [3], [5], [6]
. But whether the core of IT governance is a
set of structures, processes and relational mechanisms
[5]
, bundled performance metrics to aid IT process
monitoring
[7]
or cascaded Balanced Scorecards (BSC)
[8], [9]
is not agreed upon. There is also a gap between
what is stated in literature and the opinions of practitioners: The theories developed in literature are not
frequently used by consultants and CIOs [10], [11].
1.1
Purpose and Scope
The IT governance field is broad and covers a broad range of concerns, and the purpose of this paper is to
illustrate the differences in priority of IT governance concerns between literature and practitioners. In order to
perform the comparison, a previously created IT governance definition was used [12]. The definition and the
prioritizations are parts of an on-going research project focusing on the development of a method for assessment
of IT governance. The research is conducted within the Enterprise Architecture Research Program (EARP) at the
Royal Institute of Technology (KTH) in Stockholm, Sweden. EARP exploits the discipline of Enterprise
Architecture as an approach for managing the company’s total information system portfolio. A similar approach
has previously been used to define the overarching discipline of Enterprise Architecture
[13
], and some of its
constituents, e.g. Enterprise Information Security
[14
], IT Management Responsibilities
[15]
, and Modifiability
[16]
.
1.2
Outline
In the next section, the ambiguity of prevalent IT governance definitions is discussed. Section 3 describes the
literature study that was conducted in order to define IT governance, while the definition itself is presented in
pg_0003
3
Section 4. The definition describes the many dimensions in the field of IT governance, rather than just being a
one-liner. Section 5 discusses the literature’s prioritization of the so called dimensional units of the definition.
Section 6 features the results of a survey with 14 Swedish IT governance experts. Section 7 compares the two
prioritizations and discusses how results can be used. The penultimate section features acknowledgements, and
the references are presented in Section 8.
2
The Various Definitions of IT Governance
The field of IT governance is defined differently in the numerous articles and books written on the topic. The
lack of consensus is clear. Some of the prevalent definitions of IT governance are stated below:
IT governance is the responsibility of the Board of Directors and executive management. It is an integral part
of enterprise governance and consists of the leadership and organizational structures and processes to ensure
that the organization sustains and extends its strategy and objectives. [3]
IT governance is the organizational capacity exercised by the board, executive management and IT
management to control the formulation and implementation of IT strategy and in this way ensure the fusion of
business and IT. [4]
IT governance: Specifying the decision rights and accountability framework to encourage desirable behavior
in the use of IT. [1]
IT governance is the selection and use of relationships such as strategic alliances or joint ventures to obtain
key IT competencies. This is analogous to business governance, which involves make- vs.-buy choices in
business strategy. Such choices cover a complex array of interfirm relationships, such as strategic alliances,
joint ventures, marketing exchange, and technology licensing. [17]
pg_0004
4
IT governance is the strategic alignment of IT with the business such that maximum business value is
achieved though the development and maintenance of effective IT control and accountability, performance
management, and risk management. [18]
The fact that the discipline lacks a uniform definition has previously been addressed by Webb et al [18], who also
present a definition of their own, see last bullet above. Webb’s definition is derived from literature, but is based
on a rather small amount of articles, and the methodology used to create the methodology remains unclear.
The literature and its authors can be divided into several different groups, a few of which are listed in the
remainder of this section. Sambamurthy and Zmud are working on IT governance arrangements and the platform
logic of organizing IT activities
[19], [20]
. A similar but perhaps slightly less theoretical approach is featured by
researchers related to MIT Sloan School of Management. Their papers discuss best practice IT governance
structures, cf Weill & Ross
[1]
, Weill & Woodham
[21], [22]
, and Ross
[23]
. Another group of researchers work
closely to the Control Objectives for IT and related Technology (Cobit) framework, c.f.
[24], [25], [26]
. Luftman
has for a long time been one of the most cited authors within IT-business alignment, and his work also adjoins IT
governance
[17], [28]
.
During the past decades, several frameworks that support implementation of IT governance have been created.
Cobit is a framework based on best practice, focusing on the processes of the IT organization and how their
performance can be assessed and monitored [7]. Although the problem has been partly addressed in the latest
version of Cobit, little support is given on the arrangement of decision rights within the enterprise [
27]
. The IT
Infrastructure Library (Itil) provides useful best practice in the field of service management and service delivery,
but does not cover the strategic impact of IT and the relation between IT and the business
[29], [30].
The
information security standard BS 7799/ISO 17799 is often mentioned together with IT governance, see e.g.
[25],
[31], [32]
. The common denominator here is IT risk management, separation of concerns and segregation of
duties. Finally, Weill & Ross have developed a framework for IT governance evaluation based on just a few
questions. The framework has been used to map top-level assignment for IT responsibilities in 250 enterprises
worldwide but cannot be used for in-depth assessments of IT governance
[1].
An attempt to overview IT
governance frameworks, standards and legislations, can be found in [33].
Now that there are several different frameworks and definitions of IT governance, do practitioners within the
field agree with them and strictly follow them in their quest for IT governance improvement? A survey
pg_0005
5
conducted by Information Systems Audit and Control Association (ISACA) Sweden Chapter in late 2004
suggests that this might not be the case. Even though a grand part of the ISACA members responding the survey
claimed knowing Cobit, Itil and ISO/IEC 17799 on a superficial level, few actually used the frameworks to
support their work [34]. This has been stated previously, c.f. [10], [11], but the different priorities of IT
governance concerns between literature and practitioners have not been fully investigated.
In order to detail distinct priorities within IT governance, a definition onto which both practitioners and
theoreticians could map their opinions would be useful. Such definition should span the entire field of IT
governance, and be able to use pragmatically from both points of view.
3
Creating a Comprehensive Definition of IT Governance
The first step towards creating a definition of IT governance was to gather information previously written of the
topic. Only articles presented in academic journals, conferences or workshops were sought for. In February 2005,
several search engines were queried for articles on IT governance. Search engines include ACM Digital Library,
ACM The Guide, IEEE Xplore, Science direct/Elsevier, Article Sciences, Compendex, Google Scholar,
Springer/Kluwer, Emerald, and Wiley Intersciences
[37], [38], [39], [40], [41], [42], [43], [44], [45], [46]
. Among the
articles, several kinds of publications were excluded, e.g. consultancy reports, publications not accessible online,
and publications with few occurrences of the term queried for. In the end, 102 unique sources of information
were identified. The forums in which the articles have been published include the MIS Quarterly, Information
Systems Control Journal, Information Systems Research, International Journal of Information Management,
International Journal of Accounting Information Systems, and the Hawaii International Conference on System
Sciences, see e.g.
[47], [48], [19], [49], [50], [26]
. The articles comprise the state-of-the-art knowledge about IT
governance. Noticeable, it is therefore reasonable to believe, that these articles together would form a
comprehensive definition of IT governance. In order to create such a definition, a structured analysis of different
statements made in the articles was needed. The creation of a definition is just outlined in this paper, but
described more thoroughly in a previous paper by Simonsson & Johnson [12].
pg_0006
6
3.1
Statement Selection
Of the 102 articles containing the state-of-the-art knowledge about IT governance, 60 were selected randomly for
further analysis. 58 of these contained relevant statements according to the statements below
[6], [19]-[23], [25]-
[26], [32][47]-[95].
From the articles, 150 statements dealing with IT governance were identified according to the
following criteria:
1.
The statement explicitly includes the word IT governance, or implicitly refers to it.
2.
The semantic contents of the statement either:
a) defines one or several parts of IT governance (definitional relation)
or
b) describes something that implies or affects IT governance (causal relation)
3.
Figures and tables that illustrate IT governance in compliance to the requirements 1 and 2 should also be
considered.
3.2
Preliminary Dimensions
Unnecessary syntax such as conjunctions and pronouns was removed for each statement to ease further analysis.
All statements were then classified according to a set of questions firstly used for witness interrogation by the
Roman Marcus Fabius Quintilianus, c.A.D. 35–c.A.D. 95, who wrote several books on rhetoric and pedagogy
and one of his most famous sayings is a set of interrogative pronouns: Quis, quid, ubi, quibus auxiliis, cur,
quomodo, quando? (Who, what, where, by what means, why, how, when?). Quintilianus stated that by answering
these questions, any given problem could be solved. A similarity can be found between Quintilianus’ questions
and the Zachman framework for Enterprise Architecture, cf
[96], [97]
. Zachman uses the dimensions what, how,
where, who, when, and why. Quintilianus’ questions also feature the by what means-interrogative, which in the
case of IT governance, this would be translated into “Which tools and methods can be used to achieve, or
defines, good IT governance”. The statements were classified according to the seven questions which resulted in
a matrix with 7 columns (dimensions). As an example of the content of each preliminary dimension, all
references to persons, roles and responsibilities were gathered in the who-dimension, while tools and methods
pg_0007
7
such as Itil, Cobit and Balanced Scorecards, appeared in the by what means-dimension. Now, a preliminary
definition of IT governance was created.
3.3
Refined Dimensions
Upon classifying the statements, it appeared that some dimensions were frequently used, while others hardly at
all. The classifications according to Quintilianus’ dimensions allowed for further analysis, and it was easy to find
new, more relevant dimensional units. Refined dimensions began to take shape. Not surprisingly, according to
what was stated in the articles and revealed when using Quintilianus’ dimensions, the core of IT governance is
decision-making. With respect to this, an IT governance definition with dimensions to represent IT decision-
making was extracted. The entire definition with its dimensions and dimensional units is presented in Section 4.
4
A Comprehensive Definition of IT Governance
Based on the analysis of the articles, it was concluded that IT governance is mainly about the decision-making
upon certain assets, i.e. the hardware and software used, the processes employed, the personnel, and the strategic
IT goals of the enterprise. But what should the decisions consider, how should they be carried out and followed-
up, and who should make them? Three dimensions are used for the definition of IT governance, namely the
domain, phases and scope in which IT decisions are made and carried out, c.f. Fig. 1. More detailed information
about the definition, along with examples on how the dimensions are traced to the original articles can be found
in a previous article by Simonsson and Johnson [12]. In the next three subsections, the content of each dimension
is clarified.
pg_0008
8
Fig. 1 The definition of IT governance, represented as a three-dimensional cube. Each dimension (e.g. Domain)
contains dimensional units (e.g. Goal, Technology). The definition is based on analysis of more than 60 different
sources.
4.1
Domain
The domain denotes what the decisions should consider. It comprises four dimensional units: Goals, processes,
people and technology. Goals include strategy-related decisions, development and refinement of IT policies and
guidelines, and control objectives to be measured against. Processes include the implementation and
management of IT processes, e.g. acquisition, service level management, and incident management. People
includes the relational architecture within the organization, and the roles and responsibilities of different
stakeholders. Finally, IT governance is of course about managing the technology itself. The dimensional unit
Technology represents the physical things that the decisions consider, such as the actual hardware, software and
facilities. The practitioners prioritized the dimensional units as they are presented below. Results of the
prioritization are further discussed in Section 6.
Decisions on Goals. The development and refinement of an IT strategy, policies, guidelines, and control
objectives used to monitor whether the goals are achieved. Examples of issues to decide upon:
Policies guiding IT use
IT Strategy setting the direction of IT and its alignment with corporate strategy
Control Objectives used to monitor the performance of IT processes
Road maps describing how to reach the goals set in the IT strategy
pg_0009
9
Decisions on Processes. The implementation and management of IT processes and related activities and
procedures. Examples of issues to decide upon:
Activities needed to perform IT related tasks
Processes with standardized workflows for e.g. acquisition, service level management, and incident
management
Procedures describing how to accomplish IT related tasks
Decisions on People. The relational structure within the organization, and the roles and responsibilities of
different stakeholders. Examples of issues to decide upon:
Roles defining who’s doing what within IT
Responsibilities describing the actions that each role is accountable for
Stakeholder groups, such as committees for decision-making
Corporate structure, the arrangement of roles and stakeholder groups
Decisions on Technology. The physical IT-related assets. Examples of issues to decide upon:
Infrastructure, such as servers, UPSs, firewalls and the corporate LAN
Applications, such as the CRM system, ERP modules, operating systems, and desktop software
Information storage, structure and use
Facilities that host physical assets and personnel
4.2
Decision-Making Phase
The decision-making phases denote different steps required to make each decision. This dimension deals with the
relation between the real world IT, and the models of the reality used for decision-making. Before making any
decision regarding e.g. the outsourcing of a helpdesk function, the organization must be clearly understood. Facts
have to be thought over and investigated, and transformed into a model. The model might be a simple cognitive
map, present nowhere else but in the head of the decision-maker, or a more formalized, abstract model put on
print. This process of analysis and understanding is denoted the Understanding phase. Once the model is created,
the actual decision can be made according to corporate IT principles, in a timely manner, by the right individuals,
pg_0010
10
etc. In the IT governance definition, this is represented by the Decide phase, which also includes planning of how
to make the decision. Finally, a decision is of little use unless its implementation is followed up and Monitored.
This can be accomplished by implementing control objects for each process in order to assess real-world
performance. The decision-makers compare the state of the reality with the should-be values obtained from the
models. The practitioners prioritized the dimensional units as they are presented below. Results of the
prioritization are further discussed in Section 6.
Understand. The collection of information needed to make a correct decision. Examples of activities in the
understand-phase:
Understanding the organization and the implications of a certain decision
Modeling complex problems to make them understandable for all stakeholders
Stakeholder negotiations
Decide. How and by whom the decision is made. Decisions are made according to corporate IT principles, at the
correct level in an adequate forum, e.g. by a steering committee. Examples of activities in the decide-phase:
Assigning decision-making authority
Coordinating resources
Aligning IT decision-making with external factors
Monitor. How the implications of a decision are monitored. Examples of activities in the monitor-phase:
Selecting control objectives
Ensuring that the organization’s performance is assessed
Providing for audits
Assigning accountability for IT monitoring
4.3
Scope
The scope denotes different impacts implied by each decision. There is a long term aspect and a short time aspect
of every decision that is made, and a connection between the timeline of the decision and the level at which it is
made. Top management and CIOs make long time plans and set strategic goals, while lower management is just
pg_0011
11
authorized to make decisions affecting the near time. Further, strategically important decision requires more
preparation than a tactic decision. The scope dimension is used to differentiate between different levels of
decision-making. Firstly, there are detailed, rapidly carried out, IT-focused Tactic decisions. Examples of tactic
decisions include whether to upgrade a certain workstation today or tomorrow, how to configure a user interface
that is only used internally, or the manning of a single IT project. There also exists top management, low
detailed, business oriented Strategic decisions with long timeline. A strategic decision might consider whether it
is most appropriate to develop an application in-house or to purchase it off the shelf, or how the performance of
IT processes should be reported to top management. The practitioners prioritized the dimensional units as they
are presented below. This is further discussed in Section 6.
Tactic decisions. Low-level management decisions, with many details and an impact primarily on IT. The
decision features an IT operations focus with a short timeline. Examples of tactical decisions:
Whether to upgrade a server today or tomorrow
How to configure a user interface
How to man a single IT project
Strategic decisions. Top-level management decisions, with few details and primarily a business impact. The
decision features a business oriented focus with long timeline. Examples of strategic decisions:
Whether to develop an application in-house or to purchase it off the shelf
Whether to outsource IT operations
The choice of decision-making structures
5
Prioritization According to Literature
All statements used to create the definition were again analyzed, using a database to store the information. A
screenshot from the database and an example of a classification is shown in Fig. 2. The analysis was made in a
structured manner and operations were traceable at all times. The statements were classified and the number of
times that each dimensional unit (process, people, tactics, etc) was mentioned explicitly or implicitly was
counted. Fig. 3. shows the results for this theoretical prioritization. Results are normalized within each
pg_0012
12
dimension, i.e. the total score for the each dimension (e.g. Domain) is 100%. The theoretical prioritization shows
that the dimensional units “Strategic”, Monitoring”, “People”, and “Goal” were most frequently used within the
60 articles. As can be seen in the figure, IT governance mainly comprises strategic concerns according to
literature. The daily use of IT, all the operational concerns for bread-and-butter IT are surely important, but they
are not in the scope of IT governance. Regarding the decision-making phases, monitoring of IT-related decisions
is emphasized. In literature, IT control frameworks and legislations stipulating the need for internal control are
often referred to, which is clearly reflected to in the figure. Not surprisingly, technology itself is not the mayor
concern to decide upon. Literature rather stresses the importance of establishing roles and responsibilities, and an
accountability framework that supports the organization’s strive to achieve its business goals.
Fig. 2. A database for classification of IT governance statements was created. The picture shows the
classification of a statement taken from [81].
IT Governance Pri oritiza ti on a cco rding to L ite rature
0%
20%
40%
60%
80%
100%
Domain Decision-making Phase Scope
Literature
Fig. 3. The 60 IT governance articles were classified according to the previously identified dimensions of the IT
governance definition. The figure shows the percentage of statements in each dimension explicitly or implicitly
mentioning the occurrence of the dimensional units. Results are normalized within each dimension.
pg_0013
13
6
Prioritization According to Practitioners
Since the scope of this article was to perform a comparison between different views of IT governance in theory
and practice, a survey with IT governance experts was conducted. In December 2005, a web survey was sent out
to 19 Swedish IT governance experts, asking them to prioritize the dimensional units of the IT governance
definition. The respondents were consultants and CIOs previously known for having been involved in IT
governance projects as external advisors or in their companies respectively.
The survey was made using a commercial, web-based tool for online surveys.
1
A traceable link to the survey was
sent out in December 2005. A notification was sent to those not having responded within a week. 14 participants
responded the survey. Among these, 70% primarily had the role of consultants in IT governance change projects,
but a few CIOs, security and risk managers, and internal auditors also participated. To assure each respondent’s
relevance for the study, a question on the number of IT governance change projects they had participated in was
asked. All respondents claimed having done so at least once, and 85 percent claimed to have actively participated
in at least two IT governance change projects.
Fig. 4. Screenshot from the online survey tool used to let practitioners prioritize the IT governance definition.
Except from the introductory questions above, the survey comprised just three regular questions and a final open-
ended question for suggestions and further comments. The exact descriptions for the three dimensions of the IT
governance definition in section 4.1- 4.3 were used and for each dimension, the respondents were asked to
distribute 100 points between the dimensional units, to state what was most important to them in the achievement
of good IT governance. In total, it took about ten minutes to answer the survey. Fig. 4. shows a screenshot from
the survey. The mean values for the practitioners’ priorities of the dimensional units can be found in Fig. 5. To
pg_0014
14
test the credibility of the results, confidence intervals for (a=0.05) were calculated and are also displayed in the
figure. The differences between dimensional units for Domain and Scope dimensions are statistically assured at
that level, while the relative priorities for the Decision-Making Phase dimension remain a bit more uncertain.
IT Governance Prioritization according to Practitioners
0%
20%
40%
60%
80%
100%
Domain Decision-Making Phase Scope
P ractitioners
Fig. 5. 14 IT governance experts prioritized which dimensional units of the IT governance definition they
deemed mostly important in order to achieve good IT governance. Diagram displays mean values with
confidence intervals for (a=0.05).
According to the 14 practitioners that responded the survey, IT governance decision-making is mainly a strategy
issue while tactic decisions are less important. Emphasis is put on understanding the situation at hand prior to
making a decision, and practical issues regarding how each decision is carried out (such as assigning decision-
making authority, coordinating resources, and aligning IT decision-making with external factors). Monitoring the
implementation of decisions already made, receives somewhat less attention from the practitioners, according to
the survey. Practitioners do however agree that IT decisions are mainly about IT goal setting; strategy
development, alignment of IT and business goals, etc. Another important topic is the establishment of a corporate
decision-making structure with clear assignment of roles and responsibilities, while IT processes and technology
issues receive less attention. Note the small confidence intervals for the Domain dimension in Fig. 5, indicating a
large level of mutual understanding between the practitioners. The exercise shows that it is clearly possible for
practitioners to prioritize the dimensional units of the IT governance definition.
1
Survey Monkey,
http://www.surveymonkey.com
pg_0015
15
7
Theory versus Practice
The results from the literature’s prioritization was compared to the one made by practitioners, cf. Fig. 6. The
diagram shows the relative differences between literature and practitioners, the previous was normalized to a
value of 100 % for each dimensional unit. As can be seen, no major differences between the two prioritizations
are found in the Domain dimension. Processes and Goals are somewhat more important according to
practitioners, while technology and people receive less attention. Both literature and practitioners agree on
People and Goals to be the most important concerns for IT governance, according to Fig. 3. & Fig. 5. Literature
and practitioners also agree on Strategic issues being the most important part of the IT governance agenda, but
practitioners are even more polarized in their view of Tactical issues not being IT governance.
IT Governa nce P ri oriti zati on: Practi tioners relative to Literature
0%
100%
200%
Domain Decision-making process Scope
Pra ct it io ner s
Lit er at ur e
Fig. 6. The IT governance definition is somewhat differently prioritized in literature and by practitioners. The
diagram illustrates relative differences.
Larger differences can be found in the Decision-Making Phase dimension. Practitioners strongly emphasize the
importance of understanding the organization and its assets before decisions can be carried out. Literature, on the
other hand, claims that monitoring is the most highly prioritized activity within IT decision-making. A possible
explanation is that most practitioners struggle just to set the structures and extinguish the outbreaks of fire in the
IT department. Many of the respondents are consultants, probably more often working with setting up IT
governance frameworks than monitoring the same. Few organizations today are mature enough to be able to fully
monitor the performance of their IT and make the necessary decisions supported by KPIs and other metrics from
monitoring. This is confirmed by one of the respondents, coming from an organization well-known for its state-
of-the-art IT department, who prioritized Monitoring twice as high as the colleagues representing other
pg_0016
16
organizations. Even though practitioners struggle with understanding, literature, acting in an idealized world,
stresses the importance of monitoring to excel in long-term IT value delivery to the business. The overall
maturity of IT governance and the awareness of the importance of monitoring will probably increase in the
future. If for no other reason, this behavior will be forced by compliance to new legislations for internal control.
Given the discussion above, the support needed by practitioners in their quest to achieve effective IT governance
should focus on Goals, Processes and People dimensional units. Strategic concerns are more important than
Tactics. There are two prevalent best practice frameworks present today: Itil and Cobit. Itil is process-based but
mostly support the tactic scope of IT governance and provides little support on e.g. development of strategic IT
plans. Cobit, being a process based framework for performance monitoring of IT and at all times stating its clear
relation to the business provides better IT governance support according to the findings of this study. Perhaps
Co bit is only falling short in providing input on the creation of an accountability framework with roles and
responsibilities for IT. This will be further investigated in a future study.
8
Summary
This article has shown that within IT governance literature, a shared definition of the topic is not to be found.
Based on a study of 60 articles, a new definition was created. IT governance is the preparation for, making of and
implementation of IT-related decisions regarding goals, processes, people and technology on a tactical or
strategic level. In order to investigate the gap between IT governance priorities of IT governance experts and
literature, two different studies were conducted. Results show that the greatest differences are within the
priorities of the decision-making phases. The literature highlights the important of monitoring decision-making at
all time, while practitioners claim that understanding the current situation and providing good input for decision-
making is higher on their agenda.
9
Acknowledgements
The authors would like to thank Pontus Johnson (Ph.D) for his valuable support when creating the IT governance
definition. We are also deeply grateful to the IT governance experts that participated in the survey.
pg_0017
17
10
References
1.
Maizlish, B., Handler, R.: IT portfolio management step by step – Unlocking the business value of technology. John
Wiley & Sons (2005)
2.
Weill, P., Ross, J. W.: IT governance – How top performers manage IT decision rights for superior results. Harvard
Business School Press (2004)
3.
IT Governance Institute: Board briefing on IT governance. Available online at
www.itgi.org
(2000)
4.
Van Grembergen, W.: Introduction to the minitrack IT governance and its mechanisms. Proceedings of the 35
th
Hawaii International Conference on System Sciences. IEEE (2002)
5.
De Haes, S. Van Grembergen, W.: IT Governance Structures, Processes and Relational Mechanisms – achieving
IT/Business alignment in a major Belgian financial group. Proceedings of the 38
th
Hawaii International Conference
on system Sciences (2005)
6.
Ribbers, P.M.A., Peterson, R.R., Parker, M.M.: Designing information technology governance processes:
Diagnosing contemporary practices and competing theories. Proceedings of the 35th Hawaii International
Conference on System Sciences (2002)
7.
IT Governance Institute: Cobit Management Guidelines, 3
rd
Edition. Availible online at
www.isaca.org
(2000)
8.
Kaplan, R., Norton, D.: The Balanced Scorecard. Harvard Business School Press (1996)
9.
Van Grembergen, W. Saull, R., De Haes, S.: Linking the IT Balanced Scorecard to the Business Objectives at a
Major Canadian Financial Group. In (Ed. Van Grembergen, W., Strategies for Information Technology
Governance. Idea Group Publishing (2004)
10.
Cumps, B., Viaene, S., Dedene, G., Vandenbulcke, J: An Empirical Study on Business/ICT Alignment in European
Organizations, Proceedings of the 39th Hawaii International Conference on System Sciences (2006)
11.
Dahlberg, T., Kivijärvi, H.: An Integrated Framework for IT Governance and the Development and Validation of an
Assessment Instrument, Proceedings of the 39th Hawaii International Conference on System Sciences (2006)
12.
Simonsson, M., Joh