Search results
1 – 10 of 80S. De Haes and W. Van Grembergen
Many thought leaders are promoting information technology (IT) governance and its supporting practices as an approach to improve business/IT alignment. This paper aims to further…
Abstract
Purpose
Many thought leaders are promoting information technology (IT) governance and its supporting practices as an approach to improve business/IT alignment. This paper aims to further explore this assumed positive relationship between IT governance practices and business/IT alignment.
Design/methodology/approach
This paper explores the relationship between the use of IT governance practices and business/IT alignment, by creating a business/IT alignment maturity benchmark and qualitatively comparing the use of IT governance practices in the extreme cases.
Findings
The main conclusion of the research is that all extreme case organisations are leveraging a broad set of IT governance practices, and that IT governance practices need to obtain at least a maturity level 2 (on a scale of 5) to positively influence business/IT alignment. Also, a list of 11 key enabling IT governance practices is identified.
Research limitations/implications
This research adheres to the process theory, implying a limited definition of prediction. An important opportunity for future research lies in the domain of complementary statistical correlation research.
Practical implications
This research identifies key IT governance practices that organisations can leverage to improve business/IT alignment.
Originality/value
This research contributes to new theory building in the IT governance and alignment domain and provides practitioners with insight on how to implement IT governance in their organisations.
Details
Keywords
Sabine Khalil and Maksim Belitski
This paper aims to investigate the role of dynamic capabilities in the Information Technology (IT) Governance view framework and explores the relationship between three domains of…
Abstract
Purpose
This paper aims to investigate the role of dynamic capabilities in the Information Technology (IT) Governance view framework and explores the relationship between three domains of IT governance (Strategy, Management and Operations) and firm performance.
Design/methodology/approach
In this study, the authors used a mixed methods approach and using a survey instrument and its validation with interviews, to collect data from 134 successful European SMEs in the multi-country setting of Belgium, Bulgaria, Denmark, Spain and the UK.
Findings
The findings show that various IT governance mechanisms function as dynamic capabilities and are directly associated with firm performance. The impact of each mechanism is different.
Originality/value
This study highlights the relationship between IT governance acumens and organisational performance. It contributes to the field of IT Governance Framework in management, and the results may be generalisable to wider economies and different organisation types.
Details
Keywords
Baidyanath Biswas and Arunabha Mukhopadhyay
Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the…
Abstract
Purpose
Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.
Design/methodology/approach
The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.
Findings
Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.
Research limitations/implications
Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.
Practical implications
The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.
Originality/value
Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.
Details
Keywords
Edephonce N. Nfuka and Lazar Rusu
The purpose of this paper is to analyse the effect of critical success factors (CSFs) on information technology (IT) governance performance in public sector organizations in a…
Abstract
Purpose
The purpose of this paper is to analyse the effect of critical success factors (CSFs) on information technology (IT) governance performance in public sector organizations in a developing country such as Tanzania.
Design/methodology/approach
Based on a previous study and a further literature review, a research model was developed for analysing the relationship between the CSFs found for effective IT governance in this environment and their effect on IT governance performance. A survey research method was applied for data collection and sample data from Tanzanian public sector organizations (this environment) obtained. Subsequently, a second‐generation structural equation modelling technique, namely partial least squares, was applied to test statistically the correlated effect.
Findings
The results indicate significant small to strong positive correlated effects on IT governance performance. The CSF with the most significant correlated effect was “involve and get support of senior management” and the one with the least “consolidate, standardize and manage IT infrastructure and application to optimize costs and information flow across the organization”. Finally, a CSF model for effective IT governance in this environment was proposed.
Research limitations/implications
The findings imply that decision makers can optimize IT‐related plans and use of scarce resources by concentrating on the CSFs that have a significant effect on IT governance performance that could lead to an improvement of public service delivery. This study is limited to a single developing country but future studies can involve more such countries to broaden the insights into the effect of CSFs on IT governance performance in such environments.
Originality/value
By establishing the correlated effects between these CSFs and the IT governance performance, this study has revealed a significant impact of CSFs on IT governance performance. It also suggests a CSFs model for effective IT governance in this less‐resourced environment in which such studies have not been conducted before, yet which are vital for analysing and improving IT governance.
Details
Keywords
Kallaya Jairak and Prasong Praneetpolgrang
– The purpose of this paper is to identify the current situation and the future improvement for IT governance and controls in developing country like Thailand.
Abstract
Purpose
The purpose of this paper is to identify the current situation and the future improvement for IT governance and controls in developing country like Thailand.
Design/methodology/approach
Thai universities were selected and used as subjects for capturing the perception of IT executives on IT governance performance measures. In the first step, a global IT governance perspective was drawn from the literature review. In the second step, the important-performance analysis was applied to the metrics of IT governance balanced scorecard with collected survey data from 64 IT executives.
Findings
From a global perspective, the critical points that need to be concerned before implementing IT governance have been illustrated. From a regional perspective, the paper generated the strategic IT governance guidance for Thai universities.
Practical implications
This paper is beneficial for chief information officers, executive managers, IT managers, and academics. They will gain more knowledge and understanding about the mixed method of using metrics in IT governance balanced scorecard and importance-performance analysis in order to identify the current situation of IT governance and controls in their organizations. Additionally, the practical idea with this method can be applied to draw IT governance strategy in their contexts.
Originality/value
This paper specifies the critical points and directions of IT governance for Thai universities. The analysis covers global and regional viewpoints. This paper also provides the method for applying IT governance balanced scorecard metrics and importance-performance analysis to contribute IT governance strategy.
Details
Keywords
Denise Ko and Dieter Fink
The aim of this paper is to provide an understanding of information technology (IT) governance, from both a theory and practice perspective, and to identify current…
Abstract
Purpose
The aim of this paper is to provide an understanding of information technology (IT) governance, from both a theory and practice perspective, and to identify current theory‐practice gaps within the organisations studied.
Design/methodology/approach
This study developed a complementary and collaborative model of IT governance and used a multiple case approach in which IT governance is examined against the model in four major universities. Case study research is qualitative in nature enabling insights into the “how” and “why” of IT governance to be gained.
Findings
Based on underlying theory, the study was able to develop propositions regarding IT governance practices, observe current practices within the participating universities and establish gaps between theory and practice. The study identified theory‐practice gaps in each of three IT governance dimensions: structure, process and people. Gaps ranged in significance from small to large. Two large gaps existed which require attention: they are in respect of integrating IT governance mechanisms and raising the awareness and understanding of the concept among senior management.
Research limitations/implications
The model of IT governance developed for the research can be further developed and refined. In addition, the university context may have imposed limitations as different findings could arise in different contexts. Furthermore, the participating CIOs and IT directors could have brought their own values and beliefs to the research when interpreting the IT governance objectives of their university.
Practical implications
The model of IT governance developed for the research enables organisations to assess and map their IT governance against theoretical dimensions. By mapping observed practice against theory, the study was able to provide a mechanism of identifying theory‐practice gaps, where they existed.
Originality/value
IT is ubiquitous in nature because modern IT crosses organisational activities and has become strongly aligned with business activities. Thus IT governance can be viewed as an integral part of corporate governance and requires senior management's attention. However, because of the specialised nature of IT, governance in this domain has unique characteristics. Yet, current literature reflects a lack of maturity and points to diverse and inconsistent concepts of IT governance as well as variations in how IT governance is implemented. The paper reduces uncertainty for corporate executives by systematically synthesising current literature, developing a theoretical model and testing it against current practice.
Details
Keywords
Fábio Luís Falchi de Magalhães, Marcos Antonio Gaspar, Edimara Mezzomo Luciano and Domingos Márcio Rodrigues Napolitano
investigate and analyze the aspects of legitimation, theorization and trends for the evolution of research in information technology governance (ITG) in Brazil, according to…
Abstract
Purpose
investigate and analyze the aspects of legitimation, theorization and trends for the evolution of research in information technology governance (ITG) in Brazil, according to researchers familiar with the matter.
Design/methodology/approach
By means of a qualitative and quantitative research of exploratory-descriptive approach, the Delphi method was applied using a questionnaire supported by content analysis.
Findings
ITG is an increasingly interdisciplinary research field, with significant help from other fields of knowledge, such as administration, computer science and engineering. The main means of ITG publication are periodicals (MISQ, JMIS, JISTEM RESI), scientific events (AMCIS, ECIS, HICSS, EnANPAD, CONTECSI) and researchers, such as Peter Weill and Edimara Mezzomo Luciano. Best practice models are the most significant theoretical frameworks, and the main trend of research are on emerging technologies such as cloud computing and Internet of things (IoT) in the context of ITG.
Research limitations/implications
To the unavailability of some researchers to participate in the second phase of the Delphi research performed, as well as the non-completion of a third Delphi round. Likewise, the “Block B (open answer questions)” it was not contemplated in the second phase for a new collection of answers, which could partially change the results presented here.
Practical implications
The results show important insights for ITG researchers that can allow new researches about its applications, jointly reflecting on relevant aspects for the advancement of this research field.
Social implications
There are several research contributions to broaden the discussion and the evolution of this new scientific field in Brazil and that can be grouped for each set of stakeholders: academia and related researchers; the practicing community of business managers and private and public organizations; the academic legitimizing bodies; the non-academic legitimating bodies and researchers from other areas of knowledge.
Originality/value
ITG is a concept that emerged as part of corporate governance (CG), which has evolved as an emerging theme and is expanding in the international academic arena. However, the current stage of legitimation, theorization and trends of ITG in the Brazilian researches are lacked greater understanding, in order to provide better targeting for new researches.
Details
Keywords
Michele Rubino and Filippo Vitolla
The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper…
Abstract
Purpose
The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.
Design/methodology/approach
This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.
Findings
The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.
Originality/value
The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.
Details
Keywords
Vincent Dutot, Francois Bergeron and Andrea Calabrò
With the increasing digitalization processes taking place in different industries, the success of family small and medium-sized enterprises (SMEs) appears to be more under threat…
Abstract
Purpose
With the increasing digitalization processes taking place in different industries, the success of family small and medium-sized enterprises (SMEs) appears to be more under threat than for any other types of organizations, especially when information technologies (ITs) are not adequately used and managed. To grow and increase the chances of survival, family SMEs need more than ever IT. Stemming from agency theory, the aim of this article is to understand whether family harmony impacts the performance of family SMEs and to what extent IT mediates this relationship.
Design/methodology/approach
The research follows a quantitative approach, based on a sample of 182 family SMEs. Structured equation modeling, through SmartPLS, was employed to validate the research model.
Findings
This study’s main findings suggest that family harmony positively impacts firm performance and that IT governance and strategy mediate positively this relationship.
Research limitations/implications
First, the relatively limited number of respondents limits the degree of representativeness of all family SMEs. Replicating the research with a larger number of respondents could strengthen the findings. Second, this study is limited to French firms and future research could extend the findings by looking at cross-country comparisons.
Practical implications
Family SMEs are encouraged to link their IT governance with their IT strategy in order to increase their organizational performance. A favorable family harmony will make it easier to choose and implement a richer IT strategy and put in place an adequate IT governance function.
Originality/value
This research offers an enriched knowledge of the roles of family harmony and technological innovation in family SMEs and IT contexts as significant predictors of organizational performance. It contributes to family firm theory through the identification of three determinants of family SMEs' performance.
Details
Keywords
Amrita Priyadarsini and Ajit Kumar
Information technology (IT) governance (ITG) is a complex concept that researchers are still exploring in many dimensions. The literature in this area has grown at a fast pace. It…
Abstract
Purpose
Information technology (IT) governance (ITG) is a complex concept that researchers are still exploring in many dimensions. The literature in this area has grown at a fast pace. It required a review article to make sense of the growing body of literature. This study aims to provide a comprehensive view of ITG for understanding this phenomenon.
Design/methodology/approach
The framework of systematicity and transparency is used to search, select and report relevant articles. This study synthesized the identified pool of articles by using thematic analysis, wherein each article was attached to various identified categories.
Findings
This study presents a comprehensive overview of the ITG literature space, including themes and subthemes. It highlights future research avenues and identifies gaps in the ITG area.
Research limitations/implications
Information system researchers and senior practitioners can use this literature review to overview the up-to-date ITG literature. It can also be helpful for non-information system researchers who intend to conduct multi-disciplinary research.
Originality/value
This research looks at the ITG literature space by considering up-to-date literature and a fresh perspective.
Details