Article Preview
TopIntroduction
The governance of information technology (IT) has since the advent of the technology itself been a fundamental activity in large organizations. Corporations and public organizations alike have invested substantial amounts of time and money in the creation of the right settings for the management of their technological infrastructure (Weill & Ross, 2004; Bowen, Cheung, & Rohde, 2007; Xue, Liang, & Boulton, 2008).
Despite this, the concept of IT Governance was not introduced until the early 1990’s and, at present there are a multitude of different definitions. Some of these definitions differentiate between governance and management (Schwartz & Hirschheim, 2003), while others are less categorical in their demarcation (Sambamurthy & Zmud, 2000).
In Weill and Ross (2004), IT Governance is seen as the framework for decision rights and accountabilities. Following along the same tradition, Van Grembergen and De Haes (2009) expand this to encompass the organizations capacity to ensure the fusion of business and IT. This could be contrasted with the definitions offered by commercial research firms such as Forrester Research and Gartner Group, that limit IT Governance to the processes for IT investments decisions (Symons, 2006) and the processes for enabling an organization to fulfill its goals through IT (Gerard, 2006).
In this article I pursue a grounded-theory (Glaser & Strauss, 1986) inspired, practice-based definition of IT Governance. Through defining IT Governance as “What the Chief Information Officer (CIO) must do”, it is defined through the collection of actions that the CIO is involved in. This could be argued to be a step away from the definitions that differentiate between IT Governance and IT Management (Schwartz & Hirschheim, 2003), such as the popular definitions by Weill and Ross (2004) and Van Grembergen and De Haes (2009).
The first part of this practice-based definition implies that IT Governance is practiced (and thereby defined) by the top executive(s) of the IS organization. Through this, the IT Executive him- or herself is an active actor (Law, 1992) in the construction of the overall concept itself (Berger & Luckmann, 1967). Another important aspect is that the global concept of IT Governance is constituted by a series of local histories (Smith, 1984), and hence not something that exists in a stable form. Instead it is constantly set in a state of genesis, thereby being always in the making (Latour, 1986).
The second part of this definition is related to the role of norms and institutions in the construction of the concept of IT Governance. In this case, norms are regarded as socially enforced rules of behavior (Elster, 1989), and institutions are regarded as actors enacting social control (Scott, 2001).
This in turn implies that the creation of IT Governance is set in a field of tension between different sets of norms and institutions striving for control and influence. Hence, there are a multitude of different agendas for the different actors involved in the construction of IT Governance, each of these influencing the ever-changing content of the concept.