Search results

Many thought leaders are promoting information technology (IT) governance and its supporting practices as an approach to improve business/IT alignment. This paper aims to further explore this assumed positive relationship between IT governance practices and business/IT alignment.

This paper explores the relationship between the use of IT governance practices and business/IT alignment, by creating a business/IT alignment maturity benchmark and qualitatively comparing the use of IT governance practices in the extreme cases.

The main conclusion of the research is that all extreme case organisations are leveraging a broad set of IT governance practices, and that IT governance practices need to obtain at least a maturity level 2 (on a scale of 5) to positively influence business/IT alignment. Also, a list of 11 key enabling IT governance practices is identified.

This research adheres to the process theory, implying a limited definition of prediction. An important opportunity for future research lies in the domain of complementary statistical correlation research.

This research identifies key IT governance practices that organisations can leverage to improve business/IT alignment.

This research contributes to new theory building in the IT governance and alignment domain and provides practitioners with insight on how to implement IT governance in their organisations.

This paper aims to investigate the role of dynamic capabilities in the Information Technology (IT) Governance view framework and explores the relationship between three domains of IT governance (Strategy, Management and Operations) and firm performance.

In this study, the authors used a mixed methods approach and using a survey instrument and its validation with interviews, to collect data from 134 successful European SMEs in the multi-country setting of Belgium, Bulgaria, Denmark, Spain and the UK.

The findings show that various IT governance mechanisms function as dynamic capabilities and are directly associated with firm performance. The impact of each mechanism is different.

This study highlights the relationship between IT governance acumens and organisational performance. It contributes to the field of IT Governance Framework in management, and the results may be generalisable to wider economies and different organisation types.

Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.

The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.

Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.

Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.

The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.

Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.

The purpose of this paper is to analyse the effect of critical success factors (CSFs) on information technology (IT) governance performance in public sector organizations in a developing country such as Tanzania.

Based on a previous study and a further literature review, a research model was developed for analysing the relationship between the CSFs found for effective IT governance in this environment and their effect on IT governance performance. A survey research method was applied for data collection and sample data from Tanzanian public sector organizations (this environment) obtained. Subsequently, a second‐generation structural equation modelling technique, namely partial least squares, was applied to test statistically the correlated effect.

The results indicate significant small to strong positive correlated effects on IT governance performance. The CSF with the most significant correlated effect was “involve and get support of senior management” and the one with the least “consolidate, standardize and manage IT infrastructure and application to optimize costs and information flow across the organization”. Finally, a CSF model for effective IT governance in this environment was proposed.

The findings imply that decision makers can optimize IT‐related plans and use of scarce resources by concentrating on the CSFs that have a significant effect on IT governance performance that could lead to an improvement of public service delivery. This study is limited to a single developing country but future studies can involve more such countries to broaden the insights into the effect of CSFs on IT governance performance in such environments.

By establishing the correlated effects between these CSFs and the IT governance performance, this study has revealed a significant impact of CSFs on IT governance performance. It also suggests a CSFs model for effective IT governance in this less‐resourced environment in which such studies have not been conducted before, yet which are vital for analysing and improving IT governance.

The purpose of this paper is to identify the current situation and the future improvement for IT governance and controls in developing country like Thailand.

Thai universities were selected and used as subjects for capturing the perception of IT executives on IT governance performance measures. In the first step, a global IT governance perspective was drawn from the literature review. In the second step, the important-performance analysis was applied to the metrics of IT governance balanced scorecard with collected survey data from 64 IT executives.

From a global perspective, the critical points that need to be concerned before implementing IT governance have been illustrated. From a regional perspective, the paper generated the strategic IT governance guidance for Thai universities.

This paper is beneficial for chief information officers, executive managers, IT managers, and academics. They will gain more knowledge and understanding about the mixed method of using metrics in IT governance balanced scorecard and importance-performance analysis in order to identify the current situation of IT governance and controls in their organizations. Additionally, the practical idea with this method can be applied to draw IT governance strategy in their contexts.

This paper specifies the critical points and directions of IT governance for Thai universities. The analysis covers global and regional viewpoints. This paper also provides the method for applying IT governance balanced scorecard metrics and importance-performance analysis to contribute IT governance strategy.

The aim of this paper is to provide an understanding of information technology (IT) governance, from both a theory and practice perspective, and to identify current theory‐practice gaps within the organisations studied.

This study developed a complementary and collaborative model of IT governance and used a multiple case approach in which IT governance is examined against the model in four major universities. Case study research is qualitative in nature enabling insights into the “how” and “why” of IT governance to be gained.

Based on underlying theory, the study was able to develop propositions regarding IT governance practices, observe current practices within the participating universities and establish gaps between theory and practice. The study identified theory‐practice gaps in each of three IT governance dimensions: structure, process and people. Gaps ranged in significance from small to large. Two large gaps existed which require attention: they are in respect of integrating IT governance mechanisms and raising the awareness and understanding of the concept among senior management.

The model of IT governance developed for the research can be further developed and refined. In addition, the university context may have imposed limitations as different findings could arise in different contexts. Furthermore, the participating CIOs and IT directors could have brought their own values and beliefs to the research when interpreting the IT governance objectives of their university.

The model of IT governance developed for the research enables organisations to assess and map their IT governance against theoretical dimensions. By mapping observed practice against theory, the study was able to provide a mechanism of identifying theory‐practice gaps, where they existed.

IT is ubiquitous in nature because modern IT crosses organisational activities and has become strongly aligned with business activities. Thus IT governance can be viewed as an integral part of corporate governance and requires senior management's attention. However, because of the specialised nature of IT, governance in this domain has unique characteristics. Yet, current literature reflects a lack of maturity and points to diverse and inconsistent concepts of IT governance as well as variations in how IT governance is implemented. The paper reduces uncertainty for corporate executives by systematically synthesising current literature, developing a theoretical model and testing it against current practice.

For the last four decades, the alignment of strategy and digital technology has persisted as one of the most critical and bothersome issues for senior government executives. Against this backdrop and drawing on the fruits of an extended program of collaborative research between 1995 and 2020, this chapter draws attention to how government organizations foster effective alignment and how this is achieved through four distinct cycles of alignment work. Considering that this work is heavily people- and organization-centric, the chapter calls for greater involvement of organization development and change scholars and practitioners in this important area of organizational life and work.

investigate and analyze the aspects of legitimation, theorization and trends for the evolution of research in information technology governance (ITG) in Brazil, according to researchers familiar with the matter.

By means of a qualitative and quantitative research of exploratory-descriptive approach, the Delphi method was applied using a questionnaire supported by content analysis.

ITG is an increasingly interdisciplinary research field, with significant help from other fields of knowledge, such as administration, computer science and engineering. The main means of ITG publication are periodicals (MISQ, JMIS, JISTEM RESI), scientific events (AMCIS, ECIS, HICSS, EnANPAD, CONTECSI) and researchers, such as Peter Weill and Edimara Mezzomo Luciano. Best practice models are the most significant theoretical frameworks, and the main trend of research are on emerging technologies such as cloud computing and Internet of things (IoT) in the context of ITG.

To the unavailability of some researchers to participate in the second phase of the Delphi research performed, as well as the non-completion of a third Delphi round. Likewise, the “Block B (open answer questions)” it was not contemplated in the second phase for a new collection of answers, which could partially change the results presented here.

The results show important insights for ITG researchers that can allow new researches about its applications, jointly reflecting on relevant aspects for the advancement of this research field.

There are several research contributions to broaden the discussion and the evolution of this new scientific field in Brazil and that can be grouped for each set of stakeholders: academia and related researchers; the practicing community of business managers and private and public organizations; the academic legitimizing bodies; the non-academic legitimating bodies and researchers from other areas of knowledge.

ITG is a concept that emerged as part of corporate governance (CG), which has evolved as an emerging theme and is expanding in the international academic arena. However, the current stage of legitimation, theorization and trends of ITG in the Brazilian researches are lacked greater understanding, in order to provide better targeting for new researches.

The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.

This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.

The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.

The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.