IT Governance and its Mechanisms
Permanent URI for this collectionhttps://hdl.handle.net/10125/112544
Browse
Recent Submissions
Item type: Item , Emergence of Decentralized Data Ecosystems as Meta-organizations(2026-01-06) Kazemargi, Niloofar; Saadatmand, Fatemeh; Ceci, FedericaMost research on data ecosystems focuses on proprietary models governed by a single actor, offering limited insights into how decentralized data ecosystems can be collectively organized and governed. Drawing on a case study of Gaia-X, a large-scale European initiative, this study examines how a decentralized data ecosystem can emerge as a meta-organization. We analyze three interlinked features of meta-organizations—sources of authority, drivers of engagement, and coordination and governance mechanisms—while also identifying a fourth dimension: the role of technological architecture. Our findings reveal a paradigm shift in organizational authority from control-based to legitimacy-based forms; a dual incentive system tailored to data complementors and coordinators; and a governance model that is decentralized, interdependent, and self-organizing. Furthermore, we identify a novel layered technology architecture composed of a core protocol layer and a core extension layer, both of which support generativity and collective innovation. These findings advance the understanding of how decentralized data ecosystems can be structured and governed without a dominant keystone actor, contributing to research on meta-organizations, digital infrastructures, and data governance.Item type: Item , When One Size Does Not Fit All: A Systematic Literature Review and Taxonomy of Multidimensional Maturity Models(2026-01-06) Sprengel, Alexander; Ulrich, PatrickThis paper presents the findings of a systematic literature review (SLR) of 47 peer-reviewed studies on digital maturity models, focusing on their multidimensionality. First, it introduces a taxonomy that distinguishes Multi-Aspect Coverage (MAC) from Interdependent Multidimensionality (IMD), which employs formal weighting to reflect dimension-specific priorities and thereby improves diagnostic accuracy. Second, it reconfigures 977 indicators into 29 sub-dimensions and nine overarching dimensions through a deductive-inductive coding procedure. Third, drawing on contingency theory, the discussion offers context-sensitive implications for selecting an aggregation stance, thereby offering actionable guidance on balancing methodological rigor with pragmatic considerations. Hence, this review offers a systematic delineation of weighting processes in digital-maturity models, providing an operational boundary between MAC and IMD.Item type: Item , Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls(2026-01-06) Nguyen, Minh; Jung, Jaekon; Dang, Hiep; Tran, ThiThis study develops a novel firm-level metric, termed cybersecurity readiness, by leveraging text mining techniques on corporate conference call transcripts to measure a firm’s preparedness and commitment to cybersecurity. Analyzing the impact of cybersecurity readiness this year on financial performance next year, we employ linear regression models and demonstrate that it moderately improves key outcomes such as Return on Assets (ROA) and Earnings Before Interest and Taxes on Assets (EBITAT). By capturing the discourse between executives and external stakeholders, our approach provides a forward-looking and dynamic measure of cybersecurity effectiveness. The findings underscore the strategic importance of cybersecurity readiness, not only as a protective measure but also as a driver of superior financial performance. This research offers empirical evidence linking cybersecurity to firm success and introduces a scalable methodology for evaluating organizational cybersecurity, contributing actionable insights for corporate leaders and policymakers. The code is publicly available.Item type: Item , From Cyber Risk Transfer to Resilience: Security Information Governance Across the Cyber Insurance Ecosystem(2026-01-06) Sauerwein, Clemens; Zollner, Jakob Sylvester; Ristov, Sashko; Breu, RuthThe rapid digital transformation and growing reliance on complex information systems have increased organisations’ exposure to cyber risks. Cyber incidents are becoming more frequent, sophisticated, and damaging, leading to significant financial losses, operational disruptions, and reputational harm. Cyber insurance plays an increasingly important role in information security governance by enabling financial risk transfer and providing access to incident response services. However, assessing cyber risk remains difficult for both insurers and policyholders due to the intangible nature of digital assets, the global scale of threats, and limited sharing of actionable threat intelligence. Concerns over privacy, competition, regulation, and trust often hinder data sharing, impairing accurate risk assessment and systemic resilience. This study develops a model of information security information flows within the cyber insurance ecosystem. It explores the types of accessible data and factors shaping security information sharing. The findings offer insights into how improved information sharing can strengthen cyber risk assessment and support cyber resilience.Item type: Item , AI, Uncertainty and Unethical Pro-Organizational Behavior (UPOB)(2026-01-06) Mchugh, Patrick; Duane, Ja-Nae; Aamodt, AdrianUncertainty, unlike risk, cannot be analyzed using informed probabilities for alternative outcomes. Many pre-deployment technology outcomes are inherently uncertain, as is the case with generative AI. Such innovative developments are non-monotonic due to uncertainty, requiring design reconsiderations as new information emerges. Development teams must nevertheless weigh uncertain outcomes when deciding how to proceed. This paper introduces the concept of ‘Uncertain UPOB’ (U2POB) to distinguish behaviors where the unethical outcome is not guaranteed but remains possible due to uncertainty. Data was collected via a vignette-based survey of 101 technology professionals (606 decisions), with UPOB support found to be 22.1% higher under uncertain the conditions. Overall 35% of respondents were found to be supportive of at least one UPOB decision. Regression analyses indicated that subject UPOB propensity and personal responsibility psychometrics were predictive of UPOB behaviors in both the certain and uncertain contexts.Item type: Item , Leadership That Clicks: The Impact of CIO Presence on Employees' Digital Performance in Organizations(2026-01-06) Sayeed, Sayed AbuThis study explores how the presence of a Chief Information Officer (CIO) in an organization impacts employee digital performance. While prior research has focused on firm-level outcomes, this paper focuses on the employee level and investigates how CIOs influence both routine and innovative digital tasks of employees. The study proposes that CIO presence enhances IT knowledge sharing and improves employee digital performance within the organization. It further examines how a CEO’s IT background and the board’s R&D experience moderate CIOs’ influence on employees’ performance. The research employs surveys and firm-level data to measure CIO presence, IT knowledge sharing, and employee digital task and innovative performance using data from a broad range of U.S. firms across various sizes and industries. This study contributes to understanding the strategic value of CIOs in enabling digital transformation at the individual employee level.Item type: Item , Enriching the COBIT 2019 IT Governance Framework through a Structured Comparison with Selected IS Theories(2026-01-06) Steuperaert, Dirk; Poels, GeertCOBIT 2019 is a globally used IT Governance Framework. In the context of our research on COBIT as an artefact, we have compared COBIT with selected Information Systems theories to identify potential new concepts to include in COBIT to improve the inherent quality of COBIT. We have selected TAM (‘Technology Acceptance Model), SHT (Stakeholder Theory), VSM (Viable Systems Model) and CT (Contingency Theory) as theories to compare COBIT with and made a structured comparison at the level of key concepts. We have thus identified multiple potential enhancements to COBIT, and illustrated how our suggestions can improve the COBIT conceptual model, and provide better governance systems to practitioners.Item type: Item , Navigating Disruptive Change: The Evolution of IT Governance and Management Processes from 2020 to 2023(2026-01-06) Van Giel, Ziggy; Joshi, Anant; Huygh, Tim; De Haes, StevenThe rapid acceleration of digitalization driven by recent disruptions such as the COVID-19 pandemic and the emergence of generative AI (genAI) tools, has affected organizations’ dependence on and investments in information technology (IT). This paper investigates how these events have influenced IT governance and IT management processes by examining changes in achievement of 40 COBIT 2019 IT governance and management objectives between 2020 and 2023. Using data from two large-scale international surveys and applying non-parametric techniques, including the Mann-Whiteny U test and Cliff’s delta effect size estimations, this study reveals shifts in IT governance and IT management achievement levels. Findings indicate significant evolutions particularly within IT governance (EDM), IT development (BAI), and IT support (DSS) domains. Furthermore, stratified analyses identified specific IT governance and IT management aspects depending on organizational strategy and the strategic role of IT. As such, this paper provides insights into the IT governance and management processes that are primarily impacted by disruptions impacting digital transformation.Item type: Item , Introduction to the Minitrack on IT Governance and its Mechanisms(2026-01-06) De Haes, Steven; Huygh, Tim; Joshi, Anant