Diminishing the Gap Between IT Governance Maturity Theory and Practice: Renewing the Approach

Diminishing the Gap Between IT Governance Maturity Theory and Practice: Renewing the Approach

Daniël Smits (Twente University, Enschede, Netherlands) and Jos van Hillegersberg (Twente University, Enschede, Netherlands)
Copyright: © 2019 |Pages: 21
DOI: 10.4018/IJITBAG.2019010101
OnDemand PDF Download:
No Current Special Offers


IT governance research suggests the existence of a gap between theoretical frameworks and practice. Although current ITG research is largely focused on hard governance (structure, processes), soft governance (behavior, collaboration) is equally important and might be crucial to close the gap. The goal of this study is to determine what IT governance maturity models are available and if there remains a mismatch. The authors conducted a systematic literature review to create an overview of available IT governance maturity models. The study shows five new IT governance maturity models were introduced. Only one of the new IT governance maturity models covers hard and soft IT governance in detail. This model and corresponding instrument was used to illustrate its usability in practice. The authors demonstrate that combining the instrument with structured interviews results in a usable instrument to determine an organization's current maturity level of hard and soft IT governance.
Article Preview


IT governance is a relatively new topic (Van Grembergen, 2004), with the first publications appearing in the late 1990s. The number of IT governance publications began to grow from 2006/2007 (Smits & van Hillegersberg, 2014a). It is widely acknowledged that corporate governance and IT governance are related. However, little is known regarding how this relationship actually works. Corporate governance is of “enormous practical importance” (Shleifer & Vishny, 1997). Various publications suggest that IT governance constitutes an integral part of corporate governance (ITGI, 2003; Lainhart & John, 2000; Van Grembergen, De Haes, & Guldentops, 2004). Corporate governance issues cannot be solved without considering IT (Van Grembergen et al., 2004). We define IT governance as the structures, process, cultures and systems that engender the successful operation of the IT of the (complete) organization, an adaptation of the corporate governance definition of Keasey and Wright (1993). Thus, IT governance is not restricted to the IT organization.

The frameworks used for IT governance vary considerably, as can be seen in several global surveys from the ITGI addressed to 749 CEO-/CIO-level executives in 23 countries, and summarized in Table 1 (ITGI, 2008, 2011). To illustrate the diverse nature of these frameworks, we added the column ‘Content’. Unfortunately, the most recent global survey from 2016 does not include a question concerning the use of IT governance frameworks.

Table 1.
Use of IT governance frameworks (ITGI, 2008, 2011)
ITIL or ISO/IEC 20000Service management28%24%13%
ISO/IEC 17799, ISO/IEC 27000 or other security frameworksInformation security21%10%9%
Internally developed frameworksUnknown/differ14%33%
Six SigmaQuality15%2%5%
COBIT (ISACA)IT governance13%14%9%
PMI/PMBOKProject management13%1%3%
Risk IT (ISACA)Risk management12%
IT assurance framework (ISACA)IT assurance10%
CMM or CMMISoftware development or process improvement9%4%4%
ISO/IEC 38500IT governance8%
BMIS (Business Model for Information Security, ISACA)Information security8%
PRINCE2Project management6%2%
Val IT (ISACA)Enterprise value (IT investments)5%0%
TOGAFEnterprise architecture3%0%
COSO ERMEnterprise risk management2%1%4%

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 10: 2 Issues (2019)
Volume 9: 2 Issues (2018)
Volume 8: 2 Issues (2017)
Volume 7: 2 Issues (2016)
Volume 6: 2 Issues (2015)
Volume 5: 2 Issues (2014)
Volume 4: 2 Issues (2013)
Volume 3: 2 Issues (2012)
Volume 2: 2 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing