IT Governance and its Mechanisms

Permanent URI for this collection


Recent Submissions

Now showing 1 - 9 of 9
  • Item
    Between the Rock and the Hard Place - Conflicts in Implementing Integration Platforms
    ( 2023-01-03) Hyrynsalmi, Sonja ; Smolander, Kari
    The world is digitalizing in fast pace and the number of connections between different digital systems, i.e. integrations, is growing at the same time. That has created a need for more efficient integration management. For that reason, many companies are now implementing modern integration platforms to manage their external and internal integrations. Although these platforms are fast and easy to take in use technically, the main problems tend to be organizational. In this research, we study the experiences of the professionals, who have gone through an integration platform adoption project in their company recently. In our analysis, we found out that the technical challenges of the companies were easier to solve. However, if the organization does not have clear management, strategy or understanding on how to get the most from the new integration platforms, the capabilities of the integration platform are not used in their full scale. In the paper, we make visible the intervention points for a successful integration project.
  • Item
    Open Source Software Governance: A Case Study Evaluation of Supply Chain Management Best Practices
    ( 2023-01-03) Harutyunyan, Nikolay ; Riehle, Dirk
    Corporate open source governance aims to manage the increasing use of free/libre and open source software (FLOSS) in companies. To avoid the risks of the ungoverned use, companies need to establish processes addressing license compliance, component approval, and supply chain management (SCM). We proposed a set of industry-inspired best practices for supply chain management organized into a handbook. To evaluate the handbook, we ran a one-year case study at a large enterprise software company, where we performed semi-structured interviews, workshops, and direct observations. We assessed the initial situation of open source governance, the implementation of the proposed SCM best practices, and the resulting impact. We report the results of this study by demonstrating and discussing the artifacts created while the case study company implemented the SCM-focused governance process. The evaluation case study enabled the real-life application and the improvement of the proposed best practices.
  • Item
    Perennializing Information Technology Infrastructures: A Dynamic Capabilities Perspective
    ( 2023-01-03) Bourdeau, Simon ; Coulon, Thibaut ; Vieru, Dragos ; Bonneau, Claudine
    In an era of heightened uncertainty and urgency, robust and flexible information technology infrastructures (ITI) – arrangements of shared IT services and technical components that power and support an organization’s strategy and processes – are vital to organizations. ITI play key strategic roles, are at the core of business operations and directly affect performance. However, managing the evolution and sustaining transformations of ITI can be very challenging. To cope with this sustainability challenge, organizations must develop specific dynamic capabilities to sustain ITI and their evolution under turbulent and changing business contexts. Still, the question for managers is: What actions should be deployed to sustain ITI and their transformations? Twenty key organizational actions that were identified by twenty-nine ITI experts, were grouped into three interrelated vectors: (1) Watching and developing knowledge and know-how to sustain ITI; (2) Visioning and governing ITI; (3) Standardizing and adopting a flexible approach to ITI.
  • Item
    IT investment and Firm Performance: The Role of Board Gender Diversity
    ( 2023-01-03) Jung, Eunju ; Wang, Yen-Yao
    While the U.S. government requires diversity in providing equal opportunities, it is still doubtful how such governance-related corporate enforcement affects firm performance. This study investigates how gender diversity, the proportion of female board members in a firm, moderates the impact of IT investment on firm performance. We found a positive moderating effect of gender diversity on the effect of IT investment on firm performance. We believe that this study contributes to existing IS and corporate governance studies. In addition, it provides managerial and practical implications by providing empirical evidence of the effect of board diversity and IT investment and how their interaction leads to positive firm performance.
  • Item
    Digital Security Governance: What Can We Learn from High Reliability Organizations (HROs)?
    ( 2023-01-03) Schinagl, Stef ; Shahim, Abbas ; Khapova, Svetlana ; Van Den Hooff, Bart
    With the growing digitalization of businesses, digital security governance (DSG) is becoming central to organizational survival strategies. However, many organizations fail to establish successful DSG practices and, consequently, fail to understand how DSG can lower the severity of cybersecurity failures. This paper aims to contribute to filling this gap. By putting the five principles of the High Reliability Organization (HRO) central to the design of our qualitative investigation, we engage in interviewing forty-two chief information security officers (CISOs) and chief information officers (CIOs) of large organizations in the Netherlands about their views on why organizations fail to successfully achieve DSG. Our data show that HRO principles are partly relevant but lacking in DSG approaches, which potentially increases security failure. We conclude this paper by discussing these findings in light of future research and practice.
  • Item
    Cybersecurity Governance – An Adapted Practical Framework for Small Enterprises
    ( 2023-01-03) Asprion, Petra ; Gossner, Patrick ; Schneider, Bettina
    Digitalization is advancing and the associated risks are a strategic task for enterprises of all sizes. One risk area to which small businesses often do not pay enough attention are cyber risks. Often, the governance of cyber risks is not embedded at the owner or management level. However, it is important to evaluate, direct and monitor cyber risk mitigation activities by a company's leaders or its owner. A ´cybersecurity governance framework´ for small enterprises was developed and validated by applying Design Science Research. The framework focuses on criteria that are essential for small businesses, such as simplicity of understanding and ease of use (both for non-experts). Six principles identified relevant build the common thread of the framework, which guides the main activities to be implemented: 'responsibility', 'strategy', 'cybersecurity threats and risks', 'development and change', 'conformance' and 'people, skills and competencies'.
  • Item
    Adaptive Governance Model with a Sociotechnical Approach
    ( 2023-01-03) Ortega, Jose Antonio ; Pedreira, Óscar ; Piattini , Mario
    Digitalisation is imposing a strong pace of change on the business ecosystem, which implies the need for an adaptive governance model that moves away from the mechanistic approach of Command & Control. In this sense, we have considered complexity thinking and sociotechnical systems design as the key elements for designing such a governance model. Using an action-research approach with international Spanish organisations, we have developed a governance model based on Agile Portfolio Management. Our conclusions show that it is possible to use this approach to create an adaptive governance model, which allows to take on business transformation initiatives, regardless of their level of complexity. At the same time, the organisation is encouraged to embrace a new working mindset, one that is more organic, more transparent and gives autonomy to staff
  • Item
    A Domino Effect: Interdependencies among Different Types of Technical Debt
    ( 2023-01-03) Mäki, Netta ; Penttinen, Esko ; Rinta-Kahila, Tapani
    The paper examines the accrual of technical debt, which represents an increasingly pressing concern for many organizations. To advance understanding of how this debt-accumulation process unfolds, an in-depth case study was conducted with a large manufacturing firm for identifying particular types of technical debt and potential interdependencies among them. The findings point to architecture debt being "the root of all evil" at the case company, setting in motion dynamics that led to the development of other types of technical debt. Scholarship should benefit from this nuanced articulation and illustration of interdependencies across the various types of technical debt.
  • Item
    Introduction to the Minitrack on IT Governance and its Mechanisms
    ( 2023-01-03) De Haes, Steven ; Van Grembergen, Wim ; Huygh, Tim ; Joshi, Anant