This chapter presents the state of the art in research on the practice of information technology (IT) governance. The authors have chosen to present this state of the art by means of a frame of reference inspired by the four “worlds” framework that was initially introduced to characterize IT engineering problems. This framework, complemented by facets, provides a structure for characterizing governance approaches that facilitate their comparison. Each facet corresponds to an essential characteristic of IS governance. A facet is associated with a set of values that allow a finer comparison of approaches with each other. This chapter will provide a comprehensive understanding of the current state of IT governance standards and best practices.
TopIntroduction
As information and communication technology develops, an increasing number of companies are recognizing the potential value of IT resources in delivering their firm’s strategic vision. IT is no longer a supporting tool for business, but a fundamental component of company strategy in such roles as operations, internal audit, compliance and decision support. A recent survey conducted by the IT Governance Institute (ITGI) with CEO/ CIOs drawn from 22 countries shows that 87% of respondents agree that IT plays an important role in achieving company goals in the broadest sense (Simonsson & Johnson, 2006).
In recent years, leading international organizations have focused attention on effective corporate governance as means of improving the performance of firms’ IT assets. These efforts have intensified in the wake of large-scale frauds such as Enron and WorldCom in the United States and shareholders ensuing dissatisfaction with companies. Multinationals and others have devised corporate governance structures to clarify and monitor the respective roles and responsibilities of shareholders, management, and employees. These structures have laid greater emphasis on the importance of IT assets and IT governance (ITG) structure, aiming to minimize financial risks on IT investment by providing transparency, accountability, and management processes. These criteria entail the effective allocation of IT resources in terms of clear structures and decision-making procedures for IT management. In this juncture, it has become imperative to redefine effective ITG, seeking to understand governance’s role in aligning organizations’ information assets with their strategic goals (Webb, Pollard, & Ridley, 2006). This alignment contributes to the creation of value in companies, through suggesting optimal amounts of risk for companies to take both in designing their management structures and in proactively responding to new business circumstances.
IT governance consists of structures, processes, and operational mechanisms that work together in harmony to ensure that IT investments and business objectives are aligned (De Haes & Van Grembergen, 2005). The cornerstone of IT governance is to provide decision-makers an acceptable level of assurance that an organization’s strategic objectives are not jeopardized by IT failures (Benaroch & Chernobai, 2017). A conventional or, rather, inevitable approach for attaining a level of assurance includes the evaluation of the IT governance system in place. The evaluation was born of the need to assess the degree of conformation with standard practice through the utilization of methodologies and frameworks (Vlietland, van Solingen, & van Vliet, 2016). This in particular means that, by engaging in IT governance evaluation, organizations can periodically measure IT governance performance using well-proved worldwide frameworks or methods such as Control Objectives for Information and Related Technology (COBIT), IT Infrastructure Library ITIL, or the International Standards Organization’s ISO 38500, to name few.
A range of research in literature examines IT governance structures and mechanisms (De Haes & Van Grembergen, 2005; Guldentops, Van Grembergen & De Haes, 2002; McKay, Marshall, & Smith, 2003; Ryan Peterson, Parker, Ribbers, Peterson, & Parker, 2002; Wim van Grembergen & de Haes, 2009). Explores factors inflecting adoption and implementation of IT governance systems (Aasi, Rusu & Han, 2014; Reich & Benbasat, 2000), and the use of codified frameworks and their impact on IT governance (El-Mekawy, Rusu, & Perjons, 2015; Guldentops, 2002; Wim van Grembergen & de Haes, 2009; Weber, 2014). The literature also indicates that, while there is widespread use of governance frameworks, there is a need for more research to investigate how these frameworks could be modified to fit a specific circumstance or context (Maleh, Zaydi, Sahid, & Ezzati, 2018). By the same token, aspects that involve the user behaviour in IT governance, although they have long been acknowledged (Grunwel & Sahama, 2016; Herath & Rao, 2009), have received far less attention from academics (Smits & Hillegersberg, 2015).