Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
DOI: 10.2478/orga-2018-0024
IT Governance Mechanisms and Contingency Factors: Towards an Adaptive IT Governance Model
Aleš LEVSTEK1, Tomaž HOVELJA2, Andreja PUCIHAR3
1 Independent researcher, Radomlje, Slovenia levsteka@gmail.com
2 University of Ljubljana, Faculty of Computer and Information Science, Večna pot 113, 1000 Ljubljana, Slovenia
tomaz.hovelja@fri.uni-lj.si
3 University of Maribor, Faculty of Organizational Sciences, Kidričeva cesta 55a, 4000 Kranj, Slovenia
andreja.pucihar@fov.uni-mb.si
Background and Purpose: In this paper, we aim to propose a guideline for further research towards development of an adaptive strategic IT governance (ITG) model for small and medium-sized enterprises (SMEs). The use of IT has the potential to be the major driver for success, as well it provides an opportunity to achieve competitive advantage and support digital transformation. In order to achieve IT benefits, enterprises need an effective and successful ITG model, which follows and adapts to business needs. Available ITG models are too generic and do not differentiate for enterprises of different industry, size, maturity etc.
Methodology: In order to review existing ITG mechanisms, their definitions and identify contingency factors, we performed an extensive literature review (LR). For the initial set of databases, we used the list of journals, which are indexed in the Journal Citation Reports. We also used Web of Science to identify articles with the highest number of citations.
Results: This paper provides the most important definitions of ITG and proposes its comprehensive definition. Next to this, we introduce ITG mechanisms, which are crucial for the effective implementation and use of ITG. Lastly, we identify contingency factors that influence ITG implementation and its use.
Conclusion: Despite extensive research in ITG area, considerable work is still needed to improve understanding of ITG, its definition and mechanisms. Multiple efforts to develop methods for governing IT failed to achieve any significant adoption rate of ITG mechanisms. To enable ITG to become an integral part of Corporate Governance, further research needs to focus on the development of an adaptive strategic ITG model. In this paper, we propose a next step for more practical method for ITG implementation and its use.
Keywords: IT Governance; ITG mechanisms; ITG contingency factors; ITG framework
1 Introduction
Over the past decades, the role of Information Technology (IT) has changed significantly, from office and process automation to value aggregation and innovation through its use. This means that the role of IT is no longer primarily technical and reactive, but has become proactive
and focused on the core activities of the organizations (Van Grembergen & De Haes, 2016; Walsham, 2001; Weill, Woerner, & Ross, 2016).
Therefore, the use of IT has the potential to be the major driver of economic wealth in the 21st century. IT has not only the potential to support existing business strategies but also to shape new (digital) strategies (Turel, Liu, & Bart, 2017; Van Grembergen, De Haes, & Guldentops,
Received: August 3, 2018; revised: October 19, 2018; accepted: November 2, 2018
286
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
2004a). Following this, IT becomes a success factor for survival and prosperity, as well as an opportunity for enterprises to differentiate and to achieve a competitive advantage (De Haes & Van Grembergen, 2004; Huygh & Haes, 2016).
To ensure that IT is aligned with the objectives of the enterprise and sustains and extends the enterprise's strategy, an effective ITG is needed (Rusu & Gianluigi, 2017). ITG ensures that IT goals are met and IT risks are mitigated. Therefore, IT delivers value to enterprise sustaina-bility and growth. ITG drives strategic alignment between IT and the business needs and must judiciously measure performance.
Previous research has shown positive effects of successful ITG implementations. For example, efficient ITG assures IT benefits (Kan, 2003) and helps to decrease IT risks (Ridley, Young, & Carroll, 2004), which leads to increased control of IT functions (Van Grembergen, De Haes, & Guldentops, 2004b). With well-organized ITG, enterprises may increase their returns on IT investment by as much as 40% (Weill & Ross, 2004a) and make 20% more profit than their competitors (Huo, Liu, Yuan, & Wu, 2010).
Effective ITG also contributes to organizational performance and efficiency, such as increased reputation of the enterprise, enterprise's trust, more successful development of products and services and the efficiency of the enterprise, which is reflected in lower costs per production unit (Gu, Ling Xue, & Ray, 2008).
In the annual MIS Quarterly Executive survey "The 2016 SIM IT Issues and Trends Study", ITG and strategic alignment have been ranked as the most important managerial and organizational challenge (Kappelman, McLean, Johnson, & Torres, 2016).
While ITG has been a subject of considerable debate amongst researchers and practitioners, it remains a poorly understood phenomenon that is continuously evolving with increasing complexity. Since IT has recognizably become crucial for enterprises, the most important decisions regarding IT have moved from the IT department to the management boards and senior management executives calling for a specific focus on the enterprise governance of IT (De Haes, Van Grembergen, & Debreceny, 2013). This situation has reinforced the role of ITG as an integral part of the corporate governance.
Currently available generic ITG models do not work on enterprises of different industry, size, maturity etc. in the same way (Devos, Landeghem, & Deschoolmeester, 2012; Devos, Van Landeghem, & Deschoolmeester, 2009; Rusu & Gianluigi, 2017). What strategically works for one enterprise does not necessarily work for another (Patel, 2002). An ITG model that is successful in one enterprise is not achieving its goals in another enterprise from the same industry. This means that different enterprises may need a combination of different structures, processes and rational mechanisms. Therefore, it is important to select
proper mechanisms and contingency factors to measure the success of the implementation of ITG model. In general, these models are developed for large enterprises and then adjusted for the SMEs segment in such way that their scope is narrowed (Rusu & Gianluigi, 2017).
We should not neglect the convergence of digital technologies like SMACIT (social, mobile, analytics, cloud, and the Internet of Things). These technologies have created new opportunities and need to adapt existing governance models. We must rethink existing governance practices and develop new governance models that support a new digital era.
Despite extensive research in focus areas, considerable work is required to provide further understanding of ITG in the context of digital society. Rapid technological developments, disruptive changes in Information and Communications Technology (ICT) and emergence of new, often digital business models call for new, adaptive and sustainable business practices (Pucihar, Lenart, Marolt, Maletic, & Kljajic Borstnar, 2016; Osterwalder et al., 2010), including ITG practices and measurement models.
To enable ITG to become an integral part of organizational strategic and operational governance process, it is important to develop more practical methods for its implementation and use (Cater-Steel, 2009).
In this respect, the main purpose of the paper was to answer the following research questions: (RQ1) what are the key contingency factors that influence ITG and (RQ2) what are the key ITG mechanisms (organizational structures, processes and rational mechanisms).
In the paper, we provide a comprehensive overview of existing research and best practices of effective implementation of ITG. More particularly, we provide review of different ITG definitions and its mechanisms, which are crucial for effective implementation, and use of ITG. Next to this, we identify contingency factors that influence ITG implementation and its use with a specific focus on SMEs enterprises.
Based on the results of our investigation, we suggest further research directions towards the development of an adaptive ITG model, which can be used for further investigation and assessment of ITG practices with particular focus on SMEs. As mentioned before, the effective ITG is a key element for enterprise's differentiation, competitive advantage and as such, a base for long-term survival and enterprise development. Our research results provide first step towards answering the question on how to set the proper ITG mechanisms to achieve effective ITG that suits enterprise's needs.
2 Research methodology
In order to review ITG mechanisms and their definitions, we did an extensive literature review (LR). A review of prior, relevant literature is an essential feature of any ac-
287
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
ademic research. An effective review creates a foundation for advance knowledge and makes theory development easier, closes areas where there is a substantive research, and uncovers areas where research is needed (Webster & Watson, 2002). A LR is "the use of ideas in the literature to justify the particular approach to the topic, the selection of
i
Figure 1: The research literature review process
methods, and demonstration that this research contributes something new" (Hart, 1998; Nakano & Muniz Jr., 2018).
At the beginning of a literature review, it is recommended to start with a conception of the topic and a definition of the key terms in order to derive meaningful search terms (Vom Brocke et al., 2009). Using those terms, we
Databases	Web of Science ScienceDirect Scopus ProQuest SpringerLink IEEEXplore
Journals	European Journal of Information Systems Government Information Quarterly Information Systems Journal Information Systems Research Journal of Association of Information Systems Journal of Information Technology Journal of Management Information Systems Journal of Strategic Information Systems MIS Quarterly Sloan Management Review
Conference proceedings	AMCIS - Americas Conference on Information Systems ECIS - European Conference on Information Systems eGov - International Conference on Electronic Government HICCS - Hawaii International Conference on System Science ICIS - International Conference on Information Systems eBled - Slovenian Conference of digital transformation
Elimination of duplicated and non-relevant papers
2 nd instance indepth analysis
V_J
Table 1: Databases, journals, and conference proceedings used for the literature review
288
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 2: Results of the relevant hits
Database	Keyword search			
	"IT Governance"	"models"	"mechanisms"	"contingency factors"
	(topic/title)	(topic)	(topic)	(topic)
Web of Science	671 / 277	1Q6	5Q	47
Science Direct	52 / 36	1	3	1
Scopus	1458 / 597	224	107	14
Pro Quest	NA / 34	14	9	12
Springer Link	NA / 154	109	76	70
IEEEXplore	355 / 150	133	53	49
started to examine journal articles and some of the most known communities, as for example OECD, ITGI, IEEE, ISACA, as well as the publications in conference proceedings as shown in Table 1. For the initial set of Databases we used the list of journals, which are indexed in Journal Citation Reports. We also searched Web of Science for articles with the highest number of citations, which are the basis for determining relevant Databases, Journals and Conference proceedings. We were searching for the following terms: "IT Governance", "IT Governance models", "IT Governance mechanisms" and "IT Governance contingency factors". After collecting the initial set of publications, we read the titles and abstracts of those publications and excluded those that were not related to our ITG area. The literature review process is shown in Figure 1.
Table 1 provides a list of databases, journals and conference proceedings, which were used for the literature review.
Results of the number of relevant hits are shown in Table 2.
3 Results
3.1 Definition of governance
Governance is a concept that can be used in many contexts and is now a well-known term in business. It is focused on the role of boards of directors in representing and protecting the interests of shareholders (Fama & Jensen, 1983; Kooper, Maes, & Lindgreen, 2011), and addresses the proper management of organizations (Spafford, 2003).
Corporate Governance (CG) is understood as a system by which organizations are directed, monitored and encouraged, and involves the relationships between the owners, board of directors, management and control departments. CG is seen as a set of processes, customs, policies, laws, and institutions (Kooper et al., 2011) affecting the way a corporation is directed, administered or controlled (Van Grembergen & DeHaes, 2007). CG is the responsi-
bility delegated by stakeholders and the public, defined by the legislator and regulators and shared by boards, in some measure, with managers (Webb, Pollard, & Ridley, 2006).
While governance developments have primarily been driven by the need for the transparency of enterprise risks and the protection of shareholder value, the pervasive use of technology has created a critical dependency on IT that calls for a specific focus on ITG. Boards and executive management need to extend governance to IT and provide leadership, organizational structures and processes that ensure that the enterprise's IT sustains and extends the enterprise's strategies and objectives (De Haes et al., 2013).
ITG is one of the concepts that emerged in the 1980s and became an important issue in the business and IT area and era. Corporate scandals such as: Enron Corporation and World Com inc. in USA, Barings Bank and Polly Peck in UK (Garratt, 1999), Parmalat in Italy, Tyco Internacional in Switzerland (Arjoon, 2012), Port Klang Free Zone in Malaysia (Salim, 2011) and AI Yamamah Contracts in Saudi Arabia (Tomasic, 2011), these and similar cases have raised the importance of corporate governance and ITG to provide guidelines to reduce risks to shareholders, employees, and consumers. So legislators were created in USA Sarbanes-Oxley Act (2002), in UK Cardbury Report (1992) and in Australia Corporations Act (2001). These reforms have brought about major changes in corporate governance in all countries of the world (Ahmad & Omar, 2016).
In most enterprises, IT has become an integral part of the business and is fundamental to support, sustain and grow the business. Successful enterprises understand and manage the risks and constraints of IT (Weill & Ross, 2004a). It is related to organizational effectiveness, compliance with laws and regulations, meeting stakeholder necessities, and adequately reacting to the pressures for demonstrating good returns on IT investment (Rusu & Gi-anluigi, 2017).
According to Weil and Rose (2004), ITG can be understood as the specification of the decision rights and the accountability framework that encourage desirable behav-
289
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 3: IT Governance definitions
Definition of IT Governance	Authors
ITG is the decision-making system that sets the locus of responsibility for IT function.	(C. V Brown & Magill, 1994a)
ITG is the degree in which the authority for making IT decisions is defined and shared among management and the processes. Managers in both IT and business organizations apply in setting IT priorities and the allocation of the IT resources.	(Papp, Luftman, & Brier, 1996)
ITG refers to the patterns of authority for key IT activities.	(V. Sambamurthy & Zmud, 1999)
ITG is the organizational capacity of the board, executive management, and IT management to control the formulation and implementation of IT strategy and in this way ensures the fusion of business and IT.	(Van Grembergen, 2000)
IS/ITG concentrates on the structure of enterprise relationship and processes in seeking to develop, direct and control IS/IT resources. These arrangements add value to organizations as they pursue enterprise goal. ITG aims to balance risk and return for IS/IT resources and their processes.	(Korac-Kakabadse & Kakabadse, 2001)
ITG specifies decision rights and accountability frameworks encouraging the best use within a firm of IT.	(Weill & Woodham, 2002)
ITG is about who is entitled to make a major decision, who has input and who is accountable for implementing those decisions. It is not synonymous with IT Management (ITM). ITG is about decision rights, whereas ITM is about making and implementing the specific decision.	(Broadbent, 2003)
ITG is the responsibility of the board of directors and executive management. IT forms an integral part of enterprise governance and consists of the leadership and organizational structures and processes, which ensure that organizations keep and extend their strategy.	(IT Governance Institute, 2003)
ITG is specifying the decision rights and accountability standard to encourage desirable behavior in using IT.	(Weill & Ross, 2004a)
ITG described the distribution of IT decision-making rights and responsibilities among different enterprise stakeholders, defining the procedures and mechanisms for making and monitoring strategic IT decision.	(Peterson, 2004b)
ITG refers to the organizational capacity exercised by the board, executive management and IT management in formulating and implementing IT strategy, as this brings together business and IT.	(Van Grembergen et al., 2004a)
ITG is the process by which decisions are made around IT investments. How decisions are made, who makes the decisions, who is held accountable and how the results of decisions measured and monitored all parts of ITG.	(Symons, 2005)
ITG is the preparation for, making of and implementation of IT related decisions regarding goals, processes, people, and technology on a tactic or strategic level.	(Simonsson & Johnson, 2006)
290
Organizacija, Volume 51
Research Papers
Issue 4, November 2018
Table 3: IT Governance definitions (continued)
ITG refers to the strategic alignment of IT with business, aiming to release maximum business value through the development and maintenance of effective IT accountability and performance and risk management.	(Webb et al., 2006)
ITG is the system by which the current and future use of IT is directed and controlled.	(ISO/IEC, 2008)
ITG is the process that ensures the effective and efficient use of IT in enabling an organization to achieve its goals.	(Gerard, 2010)
Enterprise governance of IT is an integral part of corporate governance, exercised by the Board, overseeing the definition and implementation of processes, structures and relational mechanism in the organization. It enables both business and IT personnel to execute their responsibilities in support of business/IT alignment and the creation of business value from IT enabled business investment.	(De Haes & Van Grembergen, 2015)
ITG is the collection of management, planning and performance reporting and review processes with associated decisions rights, which establish control and performance metric over key investments, operational and delivery services and new or change authorizations and compliance with regulations, laws, and organizational policies. It formalizes and clarifies oversight, accountability and decisions rights.	(Selig, 2016)
ior in IT use. ITG involves specifying decision-making structures, processes and relational mechanisms for the direction and control of IT operations (V. Sambamurthy & Zmud, 1999). It is further characterized as a set of mechanisms associated with the structure, processes and relationships, which must be related to one or more objectives of the organizations (De Haes & Van Grembergen, 2004). These mechanisms can contribute to organizational performance and efficiency, such as cost reduction or better use of IT infrastructure for example (Lunardi, Mafada, & Becker, 2014; Vugec, Spremic, & Bach, 2017).
It is clear that ITG already developed into a discipline of its own rights (Simonsson & Ekstedt, 2006). Moreover, ITG cannot exist in isolation but must be a subset of CG (Craig, 2005; Kooper et al., 2011; Lunardi, Becker, & Gastaud Mafada, 2009; Simonsson & Johnson, 2006; Webb et al., 2006) and is meaningful only in this context (Dahlberg & Kivijarvi, 2006; IT Governance Institute, 2007; Peterson, 2004b).
Fundamentally, ITG is related to IT's delivery of value to the business and mitigation of IT risks. The first is driven by strategic alignment of IT with business. The second is driven by embedding accountability into the enterprise. Both need to be supported by adequate resources and measured to ensure that the results are obtained. This leads to the five main focus areas for IT governance, all driven by stakeholder value. Two of them are the outcomes: value delivery and risk management. The others are the drivers:
strategic alignment, resource management, and performance measurement (Van Grembergen et al., 2004b).
In short, effective governance addresses three questions: What decision must be made? Who should make this decision? How will we make and monitor this decision? (Weill & Ross, 2004a).
3.2 Definition of IT Governance
Despite the visibility and importance of the term since 1990, ITG's researchers working in the area continue to define the term in a number of ways. This lack of a comprehensive definition was a limitation in further in-depth research and validity of cross-study comparison of results (Webb et al., 2006). It is necessary to clarify the concept of ITG through systematic classifications of various ITG definitions. A variety of definitions of ITG is summarized in Table 3.
Several authors argue that these diverse definitions may be classified into three perspectives.
Firstly, researchers seek to understand ITG as the location of the decision-making rights and accountabilities within organizations (IT Governance Institute, 2003; Peterson, 2004a; Simonsson & Johnson, 2006; Weill & Woodham, 2002). Weill and Woodham (2002), Peterson (2004) and Simonson and Johnson (2006) define ITG as basic decision making in the IT domain, focusing on the
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Figure 2: IT Governance definition (De Haes & Van Grembergen, 2015)
Figure 3: ITG Mechanisms: Structures, processes, and relational mechanisms (adopted from De Haes & Van Grembergen, 2005)
distribution of decision rights and accountabilities or responsibilities for the effective use of IT resources.
Secondly, researchers understand ITG as involving the strategic alignment between IT and business in order to achieve enterprise's full business value (Van Grembergen et al., 2004a; Webb et al., 2006). They define ITG as activities that maximize business value through business/ IT alignment. In achieving this goal, they emphasize the effective control of resources, performance management, and risk management.
The third perspective defined ITG as IT organizational structures and processes seeking to achieve organization's strategy (IT Governance Institute, 2003; Korac-Kakabadse & Kakabadse, 2001). Researchers describe ITG as dealing with the structure of relationship and processes, aiming to develop, direct and control IT resources such that IT adds value to the firm's pursuit of its strategic objectives.
For the purpose of our further work we will use the definition provided by Steven De Haes & Van Grembergen (2015) because it seems to be the most comprehensive definition.
"ITG is an integral part of corporate governance, exercised by the Board, overseeing the definition and implementation of processes, structures and relational mecha-
nism in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT enabled business investment" (De Haes & Van Grembergen, 2015).
The definition of IT Governance is presented in Figure
2.
3.3 IT Governance Mechanisms
Several authors argue that enterprises should implement ITG over the use of IT mechanisms (De Haes & Van Grembergen, 2009a; Weill & Ross, 2004a). ITG can be deployed using a mixture of various structures, processes and relational mechanisms (De Haes & Van Grembergen, 2004) that encourage behaviors consistent with the organization's mission, strategy, values, norms, and culture (Weill, 2004).
Researchers suggest that enterprises develop ITG frameworks on three levels: designing structures, processes, and communication protocols or approaches as shown in Figure 3 (Van Grembergen et al., 2004b; Weill & Ross, 2004a).
Structures refer to organizational units and roles re-
292
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 4: ITG Structure Mechanisms
Structure	
Integration of governance alignment tasks in roles	(Van Grembergen et al., 2004b)
and responsibilities.	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(De Haes & Van Grembergen, 2004)
IT strategy committee	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(IT Governance Institute, 2003)
	(Lunardi et al., 2009)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(De Haes & Van Grembergen, 2004)
IT steering committee	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(IT Governance Institute, 2003)
	(Huang, Zmud, & Price, 2010)
	(Lunardi et al., 2009)
	(Luftman, 2000)
	(Weill & Ross, 2004a)
	(Herz, Hamel, Uebernickel, & Brenner, 2012)
	(Broadbent & Weill, 2003)
	(De Haes & Van Grembergen, 2004)
CIO on Board	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(Weill & Ross, 2004a)
	(Peterson, 2004b)
IT councils	(Broadbent, 2002)
	(Weill & Ross, 2005)
IT leadership councils	(Weill, 2004)
	(Weill & Ross, 2004b)
	(Broadbent, 2002)
E-business advisory board	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
E-business task force	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
IT project steering committee	(Van Grembergen et al., 2004b)
	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(Herz et al., 2012)
IT organization structure	(Van Grembergen et al., 2004b)
	(Weill & Ross, 2004a)
	(De Haes & Van Grembergen, 2004)
293
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 4: ITG Structure Mechanisms (continued)
Structure	
Centralized	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Craig, 2005)
	(Huang et al., 2010)
	(Luftman, 2000)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Peterson, 2004b)
	(v. Sambamurthy & Zmud, 1999)
	(Weill & Ross, 2004b)
Federal	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Craig, 2005)
	(Weill, 2004)
	(Huang et al., 2010)
	(Luftman, 2000)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Peterson, 2004b)
	(v. Sambamurthy & Zmud, 1999)
	(Weill & Ross, 2004b)
Decentralized	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Craig, 2005)
	(Huang et al., 2010)
	(Luftman, 2000)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Peterson, 2004b)
	(v. Sambamurthy & Zmud, 1999)
	(Weill & Ross, 2004b)
IT expertise at level of board directors	(De Haes & Van Grembergen, 2009b)
	(Weill & Ross, 2004a)
IT audit committee at level of board directors	(De Haes & Van Grembergen, 2009b)
	(Weill & Ross, 2004a)
	(Spremic, 2009)
CIO on executive committee;	(De Haes & Van Grembergen, 2009b)
CIO reporting to CEO and/or COO	(Craig, 2005)
	(Weill & Ross, 2004a)
	(Herz et al., 2012)
	(De Haes & Van Grembergen, 2008b)
ITG function/officer	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
Architecture steering committee	(De Haes & Van Grembergen, 2009b)
(Craig, 2005)
(IT Governance Institute, 2003) (Weill & Ross, 2004a) (Broadbent & Weill, 2003) (Broadbent, 2002)
(De Haes & Van Grembergen, 2008b)
294
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 4: ITG Structure Mechanisms (continued)
Structure	
IT investment committee or capital improvement	(Craig, 2005)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Weill & Ross, 2004b)
Business/IT relationship managers	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Peterson, 2004b)
	(Broadbent, 2002)
Table 5: ITG Processes Mechanisms
Processes	
IT BSC	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Ribbers, Peterson, & Parker, 2002)
	(Lunardi et al., 2009)
	(De Haes & Van Grembergen, 2004)
	(Peterson, 2004b)
Strategic Information System Planning	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(De Haes & Van Grembergen, 2004)
Business System Planning	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(De Haes & Van Grembergen, 2004)
Critical Success Factors	(Van Grembergen et al., 2004b)
	(Ribbers et al., 2002)
	(De Haes & Van Grembergen, 2004)
	(Peterson, 2004b)
Competitive forces model of Porter	(Van Grembergen et al., 2004b)
	(De Haes & Van Grembergen, 2004)
Business Process Reengineering	(Van Grembergen et al., 2004b)
	(De Haes & Van Grembergen, 2004)
Value chain models of Porter	(Van Grembergen et al., 2004b)
	(De Haes & Van Grembergen, 2004)
Framework ITG	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Lunardi et al., 2009)
	(De Haes & Van Grembergen, 2004)
	(De Haes & Van Grembergen, 2004)
295
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 5: ITG Processes Mechanisms (continued)
Processes	
COBIT	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(Spremic, 2009)
	(De Haes & Van Grembergen, 2004)
COSO/ERM	(De Haes & Van Grembergen, 2009b)
	(De Haes & Van Grembergen, 2008b)
ITIL	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Lunardi et al., 2009)
	(Spremic, 2009)
	(De Haes & Van Grembergen, 2004)
Service Level Agreements	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
	(Webb et al., 2006)
	(Lunardi et al., 2009)
	(Luftman, 2000)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Peterson, 2004b)
Business/IT alignment model	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(Spremic, 2009)
Strategic Alignment Model (SAM)	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
ITG Maturity Models	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(De Haes & Van Grembergen, 2004)
Portfolio management	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
	(Broadbent, 2002)
Information Economics	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
	(Ribbers et al., 2002)
	(Lunardi et al., 2009)
	(De Haes & Van Grembergen, 2004)
	(Peterson, 2004b)
	(Heier, Borgman, & Maistry, 2007)
296
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 5: ITG Processes Mechanisms (continued)
Processes	
Business Cases	(De Haes & Van Grembergen, 2009b)
	(Herz et al., 2012)
	(Peterson, 2004b)
ROI	(Van Grembergen et al., 2004b)
	(De Haes & Van Grembergen, 2009b)
	(Weill & Ross, 2004a)
	(De Haes & Van Grembergen, 2004)
VALIT	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
Chargeback	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
	(Weill, 2004)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
	(Broadbent, 2002)
ITG assurance and self-assessment	(De Haes & Van Grembergen, 2009b)
	(Broadbent & Weill, 2003)
Project governance/management methodology	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(Herz et al., 2012)
IT budget control and reporting	(De Haes & Van Grembergen, 2009b)
	(Weill, 2004)
	(Luftman, 2000)
	(Herz et al., 2012)
Demand management	(Craig, 2005)
	(Heier et al., 2007)
Architectural exception process	(Weill & Ross, 2004a)
	(Weill & Ross, 2005)
Table 6: ITG Relational Mechanisms
Relational	
Active participation by principle stakeholders	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
Collaboration between principle stakeholders	(Van Grembergen et al., 2004b)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
Partnership rewards and incentives	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
	(Montazemi & Pittaway, 2012)
297
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 6: ITG Relational Mechanisms (continued)
Relational	
Business/IT collocation	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
Shared understanding of business/IT objectives	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(Lunardi et al., 2009)
	(Luftman, 2000)
	(Peterson, 2004b)
Cross-functional business/IT training	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(Peterson, 2004b)
Cross-functional business/IT job rotation	(Van Grembergen et al., 2004b)
	(Van Grembergen & De Haes, 2008)
	(De Haes & Van Grembergen, 2009b)
	(Lunardi et al., 2009)
	(De Haes & Van Grembergen, 2004)
	(Peterson, 2004b)
ITG awareness campaigns	(De Haes & Van Grembergen, 2009b)
	(Weill & Ross, 2004a)
Corporate internal communication addressing on a	(De Haes & Van Grembergen, 2009b)
regular basis	(Luftman, 2000)
IT leadership	(De Haes & Van Grembergen, 2009b)
	(Herz et al., 2012)
	(Broadbent & Weill, 2003)
	(De Haes & Van Grembergen, 2008b)
Informal meeting between business and IT executive/	(De Haes & Van Grembergen, 2009b)
senior management	(De Haes & Van Grembergen, 2008a)
	(Broadbent, 2002)
Executive/Senior management give the good example	(De Haes & Van Grembergen, 2009b)
	(De Haes & Van Grembergen, 2008a)
	(De Haes & Van Grembergen, 2008b)
Business/IT account management	(De Haes & Van Grembergen, 2009b)
	(De Haes & Van Grembergen, 2008b)
Knowledge management on ITG	(De Haes & Van Grembergen, 2009b)
	(Weill & Ross, 2004a)
Web-based (IT) portals	(De Haes & Van Grembergen, 2009b)
	(Craig, 2005)
	(Weill & Ross, 2004a)
	(Broadbent & Weill, 2003)
Senior management announcements	(Weill & Ross, 2004a)
	(Weill & Ross, 2004b)
Office of CIO or ITG	(Weill & Ross, 2004a)
	(Weill & Ross, 2005)
298
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
sponsible for making IT decision, such as committees, executive teams, and business/IT relationship managers. Processes involve the arrangement of formal decision making and the design of the forms for monitoring that the executing of IT operation is in accordance with the rules. Monitoring also provides inputs to decision making as regards investment proposals and evaluation processes, architecture exception processes, service levels agreements, chargeback, and others metrics. Rational mechanisms include announcements, advocates, channels, and education efforts disseminating ITG principles and policies. These may also inform workers of the outcomes of IT decision making processes (De Haes & Van Grembergen, 2004; Weill & Ross, 2004a).
The challenge is to choose the right mechanisms to achieve better results. Among the literature, several authors argued that organizations should use ITG mechanisms (De Haes & Van Grembergen, 2004; Weill & Ross, 2004a), but few researchers attempt to describe and provide a complete explanation of ITG mechanisms. Moreover, there is not a consensus about all the existent ITG mechanisms. The majority of the authors point a set of ITG mechanisms without justifying why those and not others, were selected (Almeida, 2013).
Each organization has to select its own set of enterprise governance of IT practices, suitable for their sector, size, culture etc. However, it is important that these mechanisms operate in a coordinated way. For example, these structures cannot be effective without supporting processes e.g. IT steering committee cannot make an appropriate investment decision without an appropriate and mature portfolio management process. The relational mechanism, such as training, awareness building, etc., receive a lot of attention in the beginning stages of ITG implementation and become less important when the ITG framework gets embedded into day-to-day operations.
In this paper, we evaluated ITG mechanisms and contingency factors that are used or mentioned in more than two papers in the LR process. Our primary goal was to extract ITG mechanisms and contingency factors from previous research that are used also in practice.
All these types of ITG mechanisms are important and must be combined in order to create a holistic approach that promotes effective and efficient ITG throughout the organization. Rafael Almeida, Ruben Filipe de Sousa Pereira and Miquel Mira de Silva were one of the first who described and provided a list of relevant ITG mechanisms (Almeida, Pereira, & Da Silva, 2013; Rafael, Pereira, & da Silva, 2016). This provided the basis for the summary of the structure mechanism found in the literature review (see Table 4), Processes mechanisms found in the literature review (see Table 5) and the summary of the Relational mechanisms found in the literature review (see Table 6).
In Table 4-6, we present the ITG mechanisms and their origin. Several authors, such as I. S. Bianchi and Sousa, 2016; I. Bianchi, Sousa, and Hillegersberg, 2017; Lunar-
di, Gastaud Macada, Becker, and Van Grembergen, 2017; Lunardi, Macada, and Becker, 2014; Rafael, Pereira, and da Silva, 2016; Rusu and Gianluigi, 2017; Wiedenhoft and Luciano, 2017; Winkler, 2013, has confirmed the use of ITG mechanisms in its recent works.
However, knowing what mechanisms exist is very important but not enough. It is necessary to understand the difference between them and have a clear definition of each ITG mechanisms (Almeida et al., 2013).
3.4 IT Governance Contingency factors
ITG implementation is influenced by external and internal factors (Xue, Liang, & Boulton, 2008). Although some authors have stated that effective ITG is crucial for any organization to achieve its corporate goals, little empirical research is available supporting the assumptions regarding the factors that determine the effectiveness of ITG (Lunar-di, Gastaud Macada, Becker, & Van Grembergen, 2017).
Moreover, literature, current frameworks and the best practices fail to reveal a clear and concise identification of these contingency factors (Rafael et al., 2016). Past research has examined the influence of the variety of factors such as: industry (Ahituv, Neumann, & Zviran, 1989; Clark Jr., 1992), firm size (Ahituv et al., 1989; C. V Brown & Magill, 1994b; Clark Jr., 1992), corporate strategy (C. V Brown & Magill, 1994b), and corporate structure (Applegate, 2009; C. V Brown & Magill, 1994b; Tavakolian, 1989). However, these studies have focused on singular impacts of a specific factor and not on how a set of factors impact ITG arrangements (Rafael et al., 2016). Therefore, determining the right ITG mechanisms is a complex endeavor (Van Grembergen et al., 2004b).
Table 3 provides a summary of the ITG definitions proposed in the last 20 years. This shows that a consensus about ITG definition still does not exist. Such uncertainty is not advisable and proves that ITG field has much to evolve further. Therefore, the researchers, referring to the literature reviews, proposed to identify and formalize the factors that must be taken into consideration by organizations before an ITG implementation. These factors are called ITG contingency factors (Pereira & da Silva, 2012).
After analyzing the literature on different approaches regarding the ITG contingency factors, the most suitable approach is provided by Pereira and Mira da Silva as it encompasses almost all the factors of the other approaches. Pereira and Mira da Silva (2012) defined ITG contingency factor as:
"Factors that, depending on organizations context, may influence the ITG implementation but that are not likely or intended, are a possibility that must be prepared for (Perei-ra & da Silva, 2012)".
In Table 7 we present the ITG contingency factors and their origin. Several authors, such as Almeida, 2013; Asgarkhani, Cater-steel, Toleman, and Ally, 2017; I. S. Bi-
299
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
anchi and Sousa, 2016; I. Bianchi et al., 2017; Othman, 2016; Pereira and da Silva, 2012; Rusu and Gianluigi, 2017, has confirmed the use of ITG contingency factors in its recent works.
3.5 IT Governance standards,
frameworks, and best practices
ITG framework supports the board and management to understand the issues and strategic importance of IT, and assists the enterprise to sustain its operation and implement the strategies required to extend its activities into the future. It provides assurance that expectations for IT are met and IT risks are addressed.
Over the years, a number of frameworks have emerged. ISO 38500 (ISO/IEC, 2008) is an international standard for corporate governance of IT at the highest level of organizations. Its purpose is to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations use of IT. COBIT (IT Governance Institute, 2012) provides a framework for governance and control process of IT with the focus of aligning IT with business. IT BSC (Van Grembergen & De Haes, 2005), where the theory of the balanced scorecard is used as a performance measurement system for IT governance enables strategies for improvement.
It is necessary to make a clear distinction between the terms ITG frameworks, ITG standards, and frameworks. There is only one ITG standard - ISO/IEC 38500. The others are IT or non-IT based standards or frameworks related to ITG.
Effective ITG might consist of a single, multiple or a combination of standards and/or frameworks. In actuality, each one is a formal set of practices that address specific objectives of ITG (Othman, 2016) as shown in Table 8.
4 Discussion and directions for further research
In this paper, we provide definitions of ITG, its mechanisms, standards, frameworks and best practices and identify contingency factors that impact effective implementation of ITG. The aim of the research was to gain comprehensive overview in the field of ITG and to identify research gaps and limitations to be able to set up directions towards development of adaptive ITG model.
Previous research has shown that ITG significantly influences how well enterprises are able to achieve business objectives. There is no doubt that enterprises need an effective ITG if they want to compete in their relevant market. Also their competitive advantage and differentiation depends on effective ITG.
Although extensive research has been conducted in the wider ITG area, considerable work is still needed to under-
stand ITG and to develop a successful holistic measure of ITG. To enable ITG to become an accepted part of enterprises' strategic and operational governance processes, it is important that researchers develop more practical methods for enterprises to implement and assess ITG (Hovelja, Rozanec, & Rupnik, 2010).
However, implementing ITG is not an easy task, since its definition and roles are still not completely clear. Therefore, determining the right ITG mechanisms remains a complex challenge. ITG must be an essential part of corporate governance and develop alongside it. While there is no single right way for enterprises to approach improvements in ITG, it is necessary to continue with research and answer all those questions regarding ITG mechanisms and processes such as which mechanisms influence ITG and how they are interconnected.
Available generic ITG models do not have the same effect on enterprises of different industry, size, maturity etc. An ITG model that is successful in one enterprise may not achieve its goals in another enterprise in the same industry (Patel, 2002). In general, these models are developed for large enterprises and then adjusted for the SME in such a way that their scope is narrowed. This often leads to unsuccessful implementation of ITG. Previous research have shown that SMEs cannot be seen through lens of a large enterprise. Theories explaining ITG in large enterprises and leading to methodologies used by practitioners can therefore not be easily extrapolated to SMEs, because we are dealing with a completely different economic, cultural and managerial environment (Devos et al., 2009). This means that different enterprises may need a combination of different structures, processes and relational mechanisms (Van Grembergen et al., 2004b).
Previous research concludes that the world of SMEs is significantly different from that of large enterprises and extra care should be taken by researchers and practitioners designing artifacts for SMEs (Devos et al., 2009). For SMEs, their definition differs from country to country, which means that it is difficult to equate SMEs in the US with SMEs in SE Europe. This also makes it difficult to use the results of previous researches in the area of SMEs.
Research also showed that SMEs do not excel in knowledge retention and obtaining a sustainable competitive advantage. There is a slower adoption of IT in SMEs than in large enterprises. Existing mechanisms of ITG built on a strong belief that IT creates values for the business do not work as such in SMEs, where decision-making is mostly focused on one person. SMEs also cannot learn and benefit from the experience, because there are not enough information systems (IS) projects conducted (Rusu & Gianluigi, 2017).
While research on devising standards and frameworks has been developing rapidly, little enthusiasm has been shown by enterprises in adopting them (Othman, 2016). Winniford, Conger and Erickson-Harris (2009) in their survey on US enterprises found that less than half of the
300
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 7: ITG contingency factors and literature references (Pereira & da Silva, 2012)
Contingency factors		Literature
Organizational Culture	A national level A regional level A religious level	(A. E. Brown, Grant, & Sprott, 2005) (Fink & Ploder, 2008) Gerrard 2009
	Organizational or corporate level	(Jiandong & Hongjun, 2010) (Maidin & Arshad, 2010) (Symons, 2005) (Weisinger & Trauth, 2003)
Organizational Structure	Centralized	(Adams, Larson, & Xia, 2008)
	Decentralized	(Aagesen, Van Veenstra, Janssen, & Krogstie, 2011)
	Federal	(Cochran, 2010) (De Haes & Van Grembergen, 2008b) (Bernroider, 2008) (Gao, Chen, & Fang, 2009) (Lunardi et al., 2009) (Park, Jung, Lee, & Jang, 2007) (Shpilberg, Berez, Puryear, & Shah, 2007) (Craig, 2005) (Webb et al., 2006)
Size	Small and Medium Enterprises (SME)	(A. E. Brown et al., 2005) (Cochran, 2010) (De Haes & Van Grembergen, 2008b) (Jacobson, 2009) (Lunardi et al., 2009)
Industry	Financial services	(A. E. Brown et al., 2005)
	Manufacturing Retailing Public	(De Haes & Van Grembergen, 2008b) (Short & Gerrard, 2009) (Jacobson, 2009) (Jiandong & Hongjun, 2010) (Vom Brocke et al., 2009) (Simonsson, Johnson, Ekstedt, & Flores, 2011) (Tanriverdi, 2006)
Regional Differences	Language Local laws	(Aagesen et al., 2011) (Fink & Ploder, 2008)
	National information infrastructures	(Bernroider, 2008) (Shpilberg et al., 2007) (Weisinger & Trauth, 2003)
Maturity	Requirements Correlation with others indicators	(Cochran, 2010) (Dahlberg & Lahdelma, 2007)
	Models for measurements	(De Haes & Van Grembergen, 2008b) (Park et al., 2007) (Simonsson et al., 2011)
Strategy	IT for efficiency IT for flexibility IT for comprehensiveness Operational excellence Customer intimacy	(A. E. Brown et al., 2005) (Dahlberg & Lahdelma, 2007) (De Haes & Van Grembergen, 2008b) (Jacobson, 2009) (Park et al., 2007)
	Product leadership	(Craig, 2005)
Ethical	Ethic codes	(Maidin & Arshad, 2010)
	Policies	(Memiyanty, Putera, & Salleh, 2010)
	Communication	
	Sanctions	
	Rewards	
	COSO	
Trust	Individual Group System level	(Memiyanty et al., 2010)
301
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 8: IT Governance frameworks
Category of ITG framework
ITG framework
Description
IT service delivery
Control of Business Objectives and Technology (COBIT)
Provide clear policies and good practices for security and control of IT in organizations. COBIT is process model that subdivides IT into 37 processes and more than 300 detailed control objectives in line with the responsibility to plan, build, run, provide, and monitor IT.
Information Technology Infrastructure Library (ITIL)
Provides clear guidelines for IT service provider and organizations to improve IT efficiency and effectiveness and quality of IT services within imposed cost constraint.
Capability Maturity Model (CMM/ CMMI)
Accepted as the de facto standard for development and enhancement of software development processes.
IT value delivery
Val IT
Val IT is a governance framework that consist of a set of guiding principles and key management practices. Its addresses assumptions, costs, risks and outcomes related to a balanced portfolio of IT-enabled business investments.
Information security
ISO 27001
Provides a formal set of specifications for organizations to manage information security risks and seek certification for their Information Security Management System (ISMS)
Business standards
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Focuses on operational, compliance and financial control objectives for management and auditors in dealing with risks to internal control.
Statement on Auditing Standards No. 70 (SAS70)
Defines control objectives and activities that should be organized in a manner that allows the user, auditor, and user organization to identify.
Project management
Project Management Body of Knowledge (PMBOK)
A set of best practices that consist of processes to manage any project including IT project.
Project In a Controlled Environment (PRINCE2)
Process-based approach to managing any project including IT project
Performance measurement
IT BSC
IT balanced scorecard (IT BSC) is a performance management system that should allow enterprises to drive their strategies on measurements and follow up.
General
Six Sigma
Relates to improvements in capability and reduction in defects. In an IT environment, Six Sigma could be tailored to performance improvements in network speed and system reliability.
3Q2
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Table 9: Findings and research gap
Findings and research gap	Reference
ITG is a key area that has an impact on the enterprise's performance and its long-term existence. It is known that enterprises with effective ITG achieve better results and market position, which demonstrates the importance of ITG. The detected gap is in poorly understood and defined ITG area, its mechanisms and contingency factors.	(Bharadwaj, El Sawy, Pavlou, & Venkatraman, 2013; Kappelman et al., 2016; Lunardi et al., 2017; Melville, Kraemer, & Gurbaxani, 2004; Rusu & Gianluigi, 2017; Turel et al., 2017; Van Grembergen & De Haes, 2016)
ITG as well as corporate governance are not fully defined, which makes it difficult to further develop, implement and use them in practice.	(Ahmad & Omar, 2016; Lunardi et al., 2017; Othman, 2016; Van Grembergen & De Haes, 2016; Webb et al., 2006)
Although ITG has evolved into its own discipline, it cannot function independently. ITG is a part of corporate governance and, in further research, has to be researched in the context of corporate governance at all enterprise's levels.	(Dahlberg & Lahdelma, 2007; Kooper et al., 2011; Lunardi et al., 2017, 2014; Simonsson & Ekstedt, 2006)
ITG is often the weakest part of corporate governance due to insufficient IT knowledge of top management and management knowledge of IT management.	(De Haes et al., 2013; Jewer & Mckay, 2012; Kappelman et al., 2016; Trites, 2004; Turel & Bart, 2014; Turel et al., 2017)
Despite the awareness of the importance of ITG, ITG maturity in SMEs is much lower than in large enterprises. The level of implementation and use of ITG models in these enterprises is extremely low.	(Debreceny & Gray, 2013; Hall et al., 2017; Kolar & Groznik, 2017; Winniford et al., 2009)
Previous research of ITG has been predominantly focused on the tactical and operational management level. Use of ITG at strategic level, especially strategic level with supervisory function, is poorly researched. It is known that the strategic level with supervisory function has a major impact on ITG and thus on the efficiency of the enterprise.	(Jewer & Mckay, 2012; Tiwana, Konsynski, & Venkatraman, 2013; Turel & Bart, 2014; Turel et al., 2017)
Available ITG models are generic and do not work in the same way on enterprises of different industry, size, maturity, etc. What strategically works for one enterprise does not necessarily work for another. In further research, it is important to explore the causes and to develop new adaptive models that allow flexibility to meet enterprise's needs.	(Devos et al., 2012, 2009; Rusu & Gianluigi, 2017)
Enterprises need to rethink ITG in the context of the digital transformation. New ITG models must support digital transformation and be able to help the transition from traditional to digital through different stages.	(Delone, Migliorati, & Vaia, 2018; Weill et al., 2016)
Both researchers and practitioners need to develop more practical methods and models for implementation and use of ITG. It is important that those models are understandable particularly on board level of management.	(Asgarkhani, Cater-steel, Toleman, & Ally, 2017; Cater-Steel, 2009)
303
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Figure 4: Proposed direction for development of an Adaptive strategic ITG model
enterprises had implemented any type of IT service management standard or framework. A survey by Debreceny and Gray (2013) found that in general, there was very little usage of these standards and frameworks. Although some enterprises in developing countries are aware of the importance of adopting relevant standards and frameworks, there seems to be a lack of commitment and motivation to adopt them. Data from recent research in SE Europe has shown that only 16% of the enterprises implemented one of the best practices and only 3% of them implemented CobIT (Kolar & Groznik, 2017).
Despite efforts to develop methods for ITG in SMEs, for example the CobIT QuickStart model, the adoption rate is rather disappointing. Interestingly, while many enterprises in developing countries continue to make large investments in IT (Hall, Futela, & Gupta, 2017), it seems that they fail to realize that their IT investment also requires proper governance.
In Table 9 we summarize findings and research gaps identified in our research. These findings will serve as guidelines for our further work in developing an adaptive ITG model.
Based on an extended literature review that was used to comprehensively define ITG, we also detected gaps in the literature, which are the basis for further research.
Several authors argue that ITG is often the weakest part of corporate governance due to insufficient IT knowledge of top management and management knowledge of IT management (De Haes et al., 2013; Jewer & Mckay, 2012; Kappelman et al., 2016; Trites, 2004; Turel & Bart, 2014; Turel et al., 2017). The previous research in the ITG models was predominantly focused on the level of management and the operational level (Jewer & Mckay, 2012; Tiwana, Konsynski, & Venkatraman, 2013; Turel & Bart, 2014; Turel et al., 2017). Unfortunately, in previous research, we did not find the role and influence of supervisory level, for example, supervisory board or advisory board. In our further research, we aim to extend the ITG model on the supervisory level, which is crucial for supervision and has an impact on the strategic level represented by the management board. Figure 4 presents directions for further research towards development of an adaptive strategic ITG model for SMEs.
The model should consider the following elements: previous research related to ITG areas, mechanisms, contingency factors, and maturity level; practical experience with ITG, business needs, IT needs, digital transformation and digital ITG; and ITG standards, models and frameworks as for example IS0/IEC3850, CoBIT, ValIT, CMMI, IT BSC, ITIL. Further on, adaptive strategic ITG
304
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
model for SMEs will consist of ITG mechanisms (structures, processes, relational mechanisms) taking into account ITG contingency factors (maturity, strategy, trust, organizational structure, and CG model) managed through IT governance, involving supervisory and management function.
Acknowledgment
This research was funded by the Slovenian Research Agency; Program No. P5-0018 - Decision support systems in e-business.
Literature
Aagesen, G., Van Veenstra, A. F., Janssen, M., & Krog-stie, J. (2011). The entanglement of enterprise architecture and IT-governance: The cases of Norway and the Netherlands. In 44th Hawaii International Conference on System Sciences (pp. 1-10). Kauai. https://doi. org/10.1109/HICSS.2011.412 Adams, C. R., Larson, E. C., & Xia, W. (2008). IS/IT governance structure and alignment: An apparent paradox. Information Systems Research. Retrieved from http:// www.misrc.csom.umn.edu/workshops/2008/spring/ Larson_Spring_08.pdf Ahituv, N., Neumann, S., & Zviran, M. (1989). Factors affecting the policy for distributing computing resources. MIS Quarterly, 13(4), 389-402. https://doi. org/10.2307/248722 Ahmad, S., & Omar, R. (2016). Basic corporate governance models: a systematic review. International Journal of Law and Management, 58 (1), 73-107. https:// doi.org/10.1108/IJLMA-10-2014-0057 Almeida, R. (2013). Implementing IT governance information systems and computer engineering examination committee. Lisboa: Tecnico. Almeida, R., Pereira, R., & Da Silva, M. M. (2013). IT Governance mechanisms: A literature review, 53(Feb-ruary). https://doi.org/10.1007/978-3-642-14319-9 Applegate, L. (2009). Corporate information strategy and management: text and cases. Retrieved from http:// isites.harvard.edu/fs/docs/icb.topic594131.files/ISMT E-100 Syllabus.pdf Arjoon, S. (2012). Corporate governance: An ethical perspective. Journal of Business Ethics, 61(4), 343-352. https://doi.org/10.1007/s10551-005-7888-5 Asgarkhani, M., Cater-Steel, A., Toleman, M., & Ally, M. (2017). Failed IT projects : Is poor IT governance to blame? In Australasian Conference on Information Systems (pp. 1-9). Retrieved from https://eprints.usq. edu.au/33692/1/ACIS2017_paper_241_RIP.pdf Bernroider, E. W. N. (2008). IT governance for enterprise resource planning supported by the DeLone-McLean
model of information systems success. Information and Management, 45(5), 257-269. https://doi. org/10.1016/j.im.2007.11.004 Bharadwaj, A., El Sawy, O. A., Pavlou, P. A., & Venka-traman, N. (2013). Digital business strategy: Toward a next generation of insights. MIS Quarterly, 37(2), 471-482. Retrieved from http://www.misq.org/misq/ downloads/download/editorlal/581/ Broadbent, M. (2002). CIO futures - Lead with effective governance. In ICA 36th Conference (pp. 1-11). Retrieved from http://unpan1.un. org/intradoc/groups/ public/documents/APCITY/UNPAN011278.pdf Broadbent, M. (2003). Understanding IT governance. CIO
Canada, 11(4). Broadbent, M., & Weill, P. (2003). Effective IT governance by design. Retrieved from https://www.gartner.com/ document/384862 Brown, A. E., Grant, G. G., & Sprott, E. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15(May), 696-712. https://doi.org/10.17705/ 1CAIS.01538
Brown, C. V., & Magill, S. L. (1994a). Alignment of the IS functions with the enterprise: Toward a model of antecedents. MIS Quarterly, 18(4), 371-403. https://doi. org/10.2307/249521 Brown, C. V., & Magill, S. L. (1994b). Reconceptualising the context-design issue for the information systems function. Organization Science, 9(2), 176-194. https:// doi.org/10.1037//1082-989X.5.2 Cater-Steel, A. (2009). Information technology governance and service management: Frameworks and adaptations. Information science references. New York: Information Science Reference. https://doi. org/10.4018/978-1-60566-008-0.ch003 Clark Jr., T. D. (1992). Corporate systems management: an overview and research perspective. Communications of the ACM, 35(2), 61-75. Retrieved from http:// dl.acm.org/citation.cfm?id=129633 Cochran, M. (2010). Proposal of an operations department model to provide IT governance in organizations that don't have IT C-level executives. In Proceedings of the Annual Hawaii International Conference on System Sciences. https://doi.org/10.1109/HICSS.2010.309 Craig, S. (2005, March). IT governance framework - Best practices. Forrester Research, 1-17. Retrieved from http ://www. academia.edu/4430617/IT_Governance_ Framework
Dahlberg, T., & Kivijärvi, H. (2006). An integrated framework for IT governance and the development and validation of an assessment instrument. 39th Hawaii International Conference on System Sciences, 1-10. https:// doi.org/10.1109/HICSS.2006.57 Dahlberg, T., & Lahdelma, P. (2007). IT governance maturity and IT outsourcing degree: An exploratory study. In Proceedings of the Annual Hawaii Interna-
3Q5
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
tional Conference on System Sciences. https://doi. org/10.1109/HICSS.2007.306 De Haes, S., & Van Grembergen, W. (2004). IT governance and its mechanisms. Information Systems Control Journal, 1, 1-14. Retrieved from http://pdf. aminer.org/000/245/098/introduction_to_the_mini-track_it_governance_and_its_mechanisms.pdf De Haes, S., & Van Grembergen, W. (2005). IT governance structures, processes and relational mechanisms: Achieving IT/business alignment in a major Belgian financial group. Proceedings of the 38th Annual Hawaii International Conference on System Sciences, 1-18. https://doi.org/10.1109/HICSS.2005.362 De Haes, S., & Van Grembergen, W. (2008a). An exploratory study into the design of an IT governance minimum baseline through Delphi research. Communications of the Association for Information Systems, 22(April), 443-459. https://doi.org/10.17705/1CAIS.02224 De Haes, S., & Van Grembergen, W. (2008b). Analysing the relationship between IT governance and business/ IT alignment maturity. Proceedings of the 41st Annual Hawaii International Conference on System Sciences. Retrieved from http://ieeexplore.ieee.org/abstract/doc-ument/4439133/ De Haes, S., & Van Grembergen, W. (2009a). An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management, 26(2), 123-137. https://doi. org/10.1080/10580530902794786 De Haes, S., & Van Grembergen, W. (2009b). Enterprise governance of information technology: Achieving strategic alignment and value. Springer. https://doi. org/10.1007/978-0-387-84882-2 De Haes, S., & Van Grembergen, W. (2015). Enterprise governance of information technology: achieving strategic alignment and value, featuring COBIT 5 (2nd ed.). Springer. https://doi.org/10.1007/978-3-319-14547-1
De Haes, S., Van Grembergen, W., & Debreceny, R. S. (2013). COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems, 27(1), 307-324. https://doi.org/10.2308/isys-50422 Debreceny, R. S., & Gray, G. L. (2013). IT governance and process maturity: A multinational field study. Journal of Information Systems, 27(1), 157-188. https://doi. org/10.2308/isys-50418 Delone, W., Migliorati, D., & Vaia, G. (2018). Digital IT governance. In CIOs and the Digital Transformation (pp. 205-230). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-31026-8 Devos, J., Landeghem, H. Van, & Deschoolmeester, D. (2012). Rethinking IT governance for SMEs. Industrial Management and Data Systems, 112(2), 206-223. https://doi.org/10.1108/02635571211204263 Devos, J., Van Landeghem, H., & Deschoolmeester, D.
(2009). IT governance in SMEs: Trust or control? In B. R. Dhillon G., Stahl B.C. (Ed.), Information Systems - Creativity and Innovation in Small and Medi-um-SizedEnterprises (Vol. 301, pp. 135-149). Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-642-02388-0_10 Fama, E. F., & Jensen, M. C. (1983). Separation of ownership and control. Journal of Law and Economics, 26(2), 301-325. https://doi.org/10.1086/467037 Fink, K., & Ploder, C. (2008). Decision support framework for the implementation of IT-governance. Proceedings of the Annual Hawaii International Conference on System Sciences, 1-10. https://doi.org/10.1109/ HICSS.2008.113 Gao, S., Chen, J., & Fang, D. (2009). The influence of IT capability on dimensions of organization structure. 2009 2nd International Conference on Future Information Technology and Management Engineering, FITME 2009, 269-273. https://doi.org/10.1109/ FITME.2009.72 Garratt, B. (1999). Developing effective directors and building dynamic boards. Long Range Planning, 32(1), 28-35. Retrieved from https://elibrary.ru/item. asp?id=123420 Gu, B., Xue, L., & Ray, G. (2008). IT governance and IT investment performance : An empirical analysis. ICIS 2008 Proceedings, (July), 33. https://doi.org/http://dx. doi.org/10.2139/ssrn.1145102 Hall, L., Futela, S., & Gupta, D. (2017). IT key metrics data 2017: Key industry measures. Gartner Research Report, (December). Hart, C. (1998). Doing a literature review: Releasing the social science research imagination. SAGE Publications Ltd. https://doi.org/10.1080/01422419908228843 Heier, H., Borgman, H. P., & Maistry, M. G. (2007). Examining the relationship between IT governance software and business value of IT: Evidence from four case studies. In 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 1-11. https://doi. org/10.1109/HICSS.2007.216 Herz, T., Hamel, F., Uebernickel, F., & Brenner, W. (2012). IT governance mechanisms in multisourcing - a business group perspective. In 2012 45th Hawaii International Conference on System Sciences, 5033-5042. https://doi.org/10.1109/HICSS.2012.30 Hovelja, T., Rozanec, A., & Rupnik, R. (2010). Measuring the success of the strategic information systems planning. Management, 15(2), 25-47. Huang, R., Zmud, R. W., & Price, R. L. (2010). Influencing the effectiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, 19(3), 288-302. https://doi.org/10.1057/ejis.2010.16 Huo, L., Liu, B., Yuan, R., & Wu, J. (2010). An IT governance framework of ERP system implementation. In 1st International Conference on Computing Control
306
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
and Industrial Engineering, CCIE 2010 (Vol. 2, pp. 431-434). https://doi.org/10.1109/CCIE.2010.226 Huygh, T., & De Haes, S. (2016). Exploring the research domain of IT governance in the SME context. International Journal of IT/Business Alignment and Governance (IJITBAG), 7(1), 20-35. https://doi.org/10.4018/ IJITBAG.2016010102 ISO/IEC. International standard: Corporate governance of
information technology 38500:2008, (2008). IT Governance Institute. (2003). Board briefing for IT governance, 2nd edition. Rolling Meadows. Retrieved from https://www. oecd.org/site/ictworkshops/ year/2006/37599342.pdf IT Governance Institute. (2007). Cobit 4.1. IT Governance Institute.
IT Governance Institute. (2012). COBIT 5. IT Governance Institute.
Jacobson, D. D. (2009). Revisiting IT governance in the light of institutional theory. In Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS. https://doi.org/10.1109/ HICSS.2009.374 Jewer, J., & Mckay, K. N. (2012). Antecedents and consequences of board IT governance: Institutional and strategic choice perspectives. Journal of the Association for Information Systems (JAIS), 13(7), 581-617. https://doi.org/10.1007/s10796-009-9183-y Jiandong, Z., & Hongjun, X. (2010). The research on staff well-being in IT industry in china. In 2010 International Conference on Optics, Photonics and Energy Engineering (OPEE) (pp. 48-51). Wuhan. https://doi. org/10.1109/0PEE.2010.5508110 Kan, A. R. (2003). Managing a multi-billion dollar IT budget. In International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings. (p. 2). IEEE. https://doi.org/10.1109/ICSM.2003.1235400 Kappelman, L., McLean, E. R., Johnson, V., & Torres, R. R. (2016). The 2016 SIM IT key issues and trends Study. MIS Quarterly Executive, 15(1), 55-83. Retrieved from http://www.misqe.org/ojs2/index.php/ misqe/article/view/749 Kolar, A., & Groznik, A. (2017). Standards, best practices and codes of ethics impact on IT service quality - the case of Slovenian IT departments. Economic and Business Review, 19(1), 51-72. https://doi. org/10.15458/85451.39 Kooper, M. N., Maes, R., & Lindgreen, E. E. O. R. (2011). On the governance of information: Introducing a new concept of governance to support the management of information. International Journal of Information Management, 31(3), 195-200. https://doi. org/10.1016/j.ijinfomgt.2010.05.009 Korac-Kakabadse, N., & Kakabadse, A. (2001). IS/IT governance: need for an integrated model. Corporate Governance, 1(4), 9-11. https://doi.org/10.1108/ EUM0000000005974
Luftman, J. (2000). Assessing business-IT alignment maturity. Communications of the Association for Information Systems, 4. Retrieved from http://aisel.aisnet.org/ cais
Lunardi, G. L., Becker, J. L., & Gastaud Maçada, A. C. (2009). The financial impact of IT governance mechanisms' adoption: An empirical analysis with Brazilian firms. In System Sciences, 2009. Retrieved from http:// ieeexplore.ieee.org/abstract/document/4755734/ Lunardi, G. L., Gastaud Macada, A. C., Becker, J. L., & Van Grembergen, W. (2017). Antecedents of IT governance effectiveness: An empirical examination in Brazilian firms. Journal of Information Systems, 31(1), 41-57. https://doi.org/10.2308/isys-51626 Lunardi, G. L., Maçada, A. C. G., & Becker, J. L. (2014). IT governance effectiveness and its antecedents: An empirical examination in Brazilian firms. Proceedings of the Annual Hawaii International Conference on System Sciences, (February), 4376-4385. https://doi. org/10.1109/HICSS.2014.540 Maidin, S. S., & Arshad, N. H. (2010). IT governance practices model in IT project approval and implementation in Malaysian public sector. In ICEIE 2010 - 2010 International Conference on Electronics and Information Engineering, Proceedings (Vol. 1). https:// doi.org/10.1109/ICEIE.2010.5559690 Melville, N., Kraemer, K., & Gurbaxani, V. (2004). Review: information technology and organizational performance: An integrative model of IT business value. MIS Quarterly, (2004), 7890-7890. https://doi. org/10.2307/25148636 Memiyanty, A. R., Putera, M. S., & Salleh, K. (2010). Ethical leadership and employee trust: Governance perspective. Proceedings - 2010 2nd IEEE International Conference on Information and Financial Engineering, ICIFE 2010, (September), 848-851. https://doi. org/10.1109/ICIFE.2010.5609488 Montazemi, A. R., & Pittaway, J. J. (2012). Getting them to think outside the circle: Corporate governance, CEOs' external advice networks, and firm performance. In tGov2012 (Vol. 51). Brunel University, University Kingdom. https://doi.org/10.5465/amj.2008.32625969 Nakano, D., & Muniz Jr., J. (2018). Writing the literature review for empirical papers. Production, 28. https:// doi.org/10.1590/0103-6513.20170086 Osterwalder, A., Pigneur, Y., Smith, A., Clark, T., van der Pijl, P., Alex, O., ... Yves, P. (2010). Business model generation: A handbook for visionaries, game Changers, and challengers (portable version). New York: John Wiley & Sons. Othman, M. F. I. (2016). Barriers to the adoption of formal IT governance practice : A Malaysian case. Queensland University of Technology. Papp, R., Luftman, J., & Brier, T. (1996). Business and IT in harmony: Enablers and inhibitors to alignment. Americas Conference on Information Systems (AM-
307
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
CIS), 1-6. Retrieved from https://aisel.aisnet.org/am-cis1996/84
Park, H. Y., Jung, S. H., Lee, Y. J., & Jang, K. C. (2007). The effect of improving IT standard in IT governance. In CIMCA 2006: International Conference on Computational Intelligence for Modelling, Control and Automation, Jointly with IAWTIC 2006: International Conference on Intelligent Agents Web Technologies and International Commerce (CIMCA '06) (pp. 22-22). Sydney: NSW. https://doi.org/10.1109/CIM-CA.2006.210
Patel, N. V. (2002). Global ebusiness IT governance: Radical re-directions. In Proceedings of the Annual Hawaii International Conference on System Sciences (Vol. 2002-Janua, pp. 3163-3172). https://doi.org/10.1109/ HICSS.2002.994355 Pereira, R., & da Silva, M. M. (2012). IT governance implementation: The determinant factors. IBI-MA Publishing, 2012(September), 16. https://doi. org/10.5171/2012.970363 Peterson, R. (2004a). Crafting information technology governance. Information Systems Management, 21(4), 7-22. https://doi.org/10.1201/1079/44819.32.6.20041 201/85112.1
Peterson, R. (2004b). Integration strategies and tactics for information technology governance. In W. Van Grembergen (Ed.), Strategies for Information Technology Governance (pp. 37-81). IGI Publishing. https://doi. org/10.4018/978-1-59904-654-9.ch013 Pucihar, A., Lenart, G., Marolt, M., Maletic, D., & Kljajic Borstnar, M. (2016). Business model innovation: Insights from a multiple case study of Slovenian SMEs. Organizacija, 49(3), 161-171. https://doi.org/10.1515/ orga-2016-0015 Rafael, A., Pereira, R., & da Silva, M. M. (2016). IT governance mechanisms patterns. In S. P. Franch X. (Ed.), Advanced Information Systems Engineering Workshops (Vol. 148, pp. 156-161). Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-642-38490-5_13
Ribbers, P. M. A., Peterson, R., & Parker, M. M. (2002). Designing information technology governance processes: Diagnosing contemporary practices and competing theories. In Proceedings of the Annual Hawaii International Conference on System Sciences (Vol. 2002-Janua, pp. 3143-3154). https://doi.org/10.1109/ HICSS.2002.994351 Ridley, G., Young, J., & Carroll, P. (2004). COBIT and its utilization: a framework from the literature. In 37th Annual Hawaii International Conference on System Sciences, 2004. (pp. 1-8). https://doi.org/10.1109/ HICSS.2004.1265566 Rusu, L., & Gianluigi, V. (2017). Information technology governance in public organizations. Integrated Series in Information Systems. Cham: Springer. https://doi. org/10.1007/978-3-319-58978-7
Salim, M. R. (2011). Corporate governance in Malaysia: the macro and micro issues. In Handbook on International Corporate Governance (pp. 269-294). Edward Elgar Publishing. https://doi.org/10.4337/9781849808293 Selig, G. J. (2016). IT governance - an integrated framework and roadmap: How to plan, deploy and sustain for improved effectiveness. Journal of International Technology and Information Management, 25(1), 55-77. Retrieved from http://scholarworks.lib.csusb. edu/jitim
Short, J., & Gerrard, M. (2009). IT Governance must be driven by Corporate Governance. Gartner Research, Stamford, CT, (November), 1-7. Retrieved from http://my.gartner.com/portal/server.pt?open=512&ob-jID=256&mode=2&PageID=2350940&resId=122951 5&ref=QuickSearch&sthkw=G00172463 Shpilberg, D., Berez, S., Puryear, R., & Shah, S. (2007). Avoiding the alignment trap in information technology. MIT Sloan Management Review, 49(1), 51-58. Retrieved from http://www.citeulike.org/group/4805/ article/4038230 Simonsson, M., & Ekstedt, M. (2006). Getting the priorities right: Literature vs practice on IT governance. In Portland International Conference on Management of Engineering and Technology (Vol. 1, pp. 18-26). https://doi.org/10.1109/PICMET.2006.296548 Simonsson, M., & Johnson, P. (2006). Defining IT governance - A consolidation of literature. TEARP Working PaperMS103, 6, 1-19. https://doi.org/10.1.1.64.6388 Simonsson, M., Johnson, P., Ekstedt, M., & Flores, W. R. (2011). IT governance decision support using the IT organization modeling and assesment tool. International Journal of Innovation and Technology Management, 08(02), 167-189. https://doi.org/10.1142/ S0219877011002325 Spafford, G. (2003). The benefits of standard IT governance frameworks. IT Management. April, 11-12. Retrieved from http://www.datamation.com/netsys/ar-ticle.php/2195051/The-Benefits-of-Standard-IT-Gov-ernance-Frameworks.htm Spremic, M. (2009). IT Governance mechanisms in managing IT business value. Corporate Governance, 6(6), 906-915. Retrieved from http://www.wseas.us/e-li-brary/transactions/information/2009/29-220.pdf Symons, C. (2005). IT strategy maps: A tool for strategic alignment. Forrester Research, NOV(21). Retrieved from http://cendoc.esan.edu.pe/fulltext/e-documents/ ITStrategyMaps.pdf Tanriverdi, H. (2006). Performance effects of information technology synergies in multibusiness firms. MIS Quarterly, 30(1), 57-77. https://doi.org/10.2307/25148717 Tavakolian, H. (1989). Linking the information technology structure with organizational competitive strategy: A survey. MIS Quarterly, 13(3), 309. https://doi. org/10.2307/249006 Tiwana, A., Konsynski, B., & Venkatraman, N. (2013).
308
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
Special issue: Information technology and organizational governance: The IT governance cube. Journal of Management Information Systems, 30(3), 7-12. https://doi.org/10.2753/MIS0742-1222300301 Tomasic, R. (2011). The financial crisis and the haphazard pursuit of financial crime. Journal of Financial Crime, 18(1), 7-31. https://doi. org/10.1108/13590791111098771 Trites, G. (2004). Director responsibility for IT governance. International Journal of Accounting Information Systems, 5(2), 89-99. https://doi.org/10.1016/). accinf.2004.01.001 Turel, O., & Bart, C. (2014). Board-level IT governance and organizational performance. European Journal of Information Systems, 23(2), 223-239. https://doi. org/10.1057/ejis.2012.61 Turel, O., Liu, P., & Bart, C. (2017). Board-level information technology governance effects on organizational performance: The roles of strategic alignment and authoritarian governance style. Information Systems Management, 34(2), 117-136. https://doi.org/10.1080 /10580530.2017.1288523 Sambamurthy, V. & Zmud, R. W. (1999). Arrangements for information technology governance: A theory of multiple contingencies. MIS Quarterly, 23(2), 261— 290. https://doi.org/10.2307/249754 Van Grembergen, W. (2000). The balanced scorecard and IT governance. ISACA Journal, 2, 1-6. Retrieved from https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study-Materials/Documents/The-Balanced-Scorecard-and-IT-Governance.pdf Van Grembergen, W., & De Haes, S. (2005). Measuring and improving IT governance through the balanced scorecard. Information Systems Control Journal, 2(1), 34-42. Retrieved from http://cab.org.in/IT Documents/ IT Governance through balanced scorecard.pdf Van Grembergen, W., & De Haes, S. (2008). Implementing information technology governance. (W. Van Grembergen, Ed.), IGIPublishing. New York: IGI Publisher. https://doi.org/10.4018/978-1-59904-924-3 Van Grembergen, W., & De Haes, S. (2016, January). Introduction to the IT governance and its mechanisms minitrack. Proceedings of the Annual Hawaii International Conference on System Sciences, 2016-March, 4890. https://doi.org/10.1109/HICSS.2016.606 Van Grembergen, W., De Haes, S., & Guldentops, E. (2004a). Strategies for information technology governance. In Strategies for Information Technology Governance (pp. 1-36). Idea Group Pub. https://doi. org/10.4018/978-1-59140-140-7 Van Grembergen, W., De Haes, S., & Guldentops, E. (2004b). Structures, processes and relational mechanisms for IT governance. IGI Global, 1-36. https://doi. org/10.4018/978-1-59140-140-7.ch001 Van Grembergen, W., DeHaes, S., & Thorp, J. (2007).
Implementing information technology governance: models, practices and cases. Hershey: IGI Publisher. https://doi.org/10.4018/978-1-59904-924-3 Vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., Cleven, A., & Niehaves, B. (2009). Reconstructing the giant: On the importance of rigour in documenting the literature search process. In 17th European Conference on Information Systems (Vol. 9, pp. 2206-2217). ECIS 2009 Proceedings. Retrieved from http://aisel.aisnet.org/ecis2009/161/ Vugec, D. S., Spremic, M., & Bach, M. P. (2017). IT governance adoption in banking and insurance sector: Longitudinal case study of COBIT use. International Journal for Quality Research, 11(3), 691-716. https:// doi.org/10.18421/IJQR11.03-13 Walsham, G. (2001). Making a world of difference: IT in a
global context. Chichester: Wiley. Webb, P., Pollard, C., & Ridley, G. (2006). Attempting to define IT governance: Wisdom or folly? Proceedings of the Annual Hawaii International Conference on System Sciences, 8(February 2006). https://doi. org/10.1109/HICSS.2006.68 Webster, J., & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26(2), xiii-xxiii. https://doi. org/10.1.1.104.6570 Weill, P. (2004). Don't just lead, govern: How top-performing firms govern IT. MIS Quarterly Executive, 8(1), 1-21. https://doi.org/10.2139/ssrn.664612 Weill, P., & Ross, J. (2005).Amatrixed approach to designing IT governance. MIT Sloan Management Review, 46(2), 26-34. https://doi.org/10.1177/0275074007310556 Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decisions rights for superior results. Harvard Business Press. Weill, P., & Ross, J. W. (2004b). IT Governance on one page (No. 4517-04). CISR Working Paper. https://doi. org/10.2139/ssrn.664612 Weill, P., Woerner, S. L., & Ross, J. W. (2016). TOP-performing CIOs in the digital era. CISR Research Briefing, XV(5), 1-4. Retrieved from https://cisr.mit.edu/ blog/documents/2016/05/19/2016_0501_digitalera-cios_weillwoerner.pdf/ Weill, P., & Woodham, R. (2002). Don't just lead, govern: Implementing effective IT governance. CISR Working Paper, 17. https://doi.org/10.2139/ssrn.317319 Weisinger, J. Y., & Trauth, E. M. (2003). The importance of situating culture in cross-cultural IT management. IEEE Transactions on Engineering Management, 50(1), 2630. https://doi.org/10.1109/TEM.2002.808259 Winniford, M. A., Conger, S., & Erickson-Harris, L. (2009). Confusion in the ranks: IT service management practice and terminology. Information Systems Management, 26(2), 153-163. https://doi. org/10.1080/10580530902797532 Xue, Y., Liang, H., & Boulton, W. R. (2008). Information
309
Organizacija, Volume 51
Reviewers in 2018
Issue 4, November 2018
technology governance in information technology investment decision processes: the impact of investment characteristics, external environment, and internal context. MIS Quarterly, 32(1), 67-96. https://doi. org/10.2307/25148829
Ales Levstek completed his undergraduate degree at the Faculty of Electrical Engineering, University of Ljubljana, Slovenia, and his master's degree at the Faculty of Economics, University of Ljubljana, Slovenia. He is currently writing Ph.D. dissertation on IT governance at the Faculty of Organizational Sciences, University of Maribor, Slovenia. He has 20 years of practical experience in the IT governance field. He is currently employed as a regional IT manager at an international financial institution, where he is, as a member of governing boards, responsible for IT governance within corporate governance process. His research interests are IT governance as a part of corporate governance on a strategic layer, its mechanisms, and impact of IT governance enterprise's behavior.
Tomaž Hovelja is an Associate Professor at the Faculty of Computer and Information Science of the University of Ljubljana, Slovenia. His research areas are social, economic and organizational factors of IT deployment in enterprises and IT projects success criteria. He received his Ph. D. in Economics from the University of Ljubljana in 2006.
Andreja Pucihar is an Associate Professor and head of MIS study programs at the Faculty of Organizational Sciences, University of Maribor in Slovenia. Her recent research is mainly focused to IS innovation, in particular to digital transformation and e-business models. She is a head of eCenter. She has published over 170 papers in journals and conference proceedings. She has been involved into several national, international (EU, CE, cross-border, bilateral) and industry projects, mainly focusing to digitalization, IS innovation and support to SMEs. Since 2009 she has been serving as a conference chair of annual international Bled eConference, focusing on electronic interactions research since 1988. She is an associate editor of high ranked journal »Electronic Markets - The International Journal on Networked Business« journal and a coeditor of »Journal of Theoretical and Applied Electronic Commerce Research«.
Mehanizmi upravljanja informatike in situacijski dejavniki: na poti k razvoju prilagodljivega modela upravljanja informatike
Ozadje in namen: Namen članka je določiti smer nadaljnjega raziskovanja pri razvoju prilagodljivega modela strateškega upravljanja informatike, za srednje velika podjetja. Danes ima IT potencial, da kot izvor konkurenčne prednosti in tržne diferenciacije, postane gonilna sila uspeha v podjetju. IT lahko omogoči razvoj, digitalno preobrazbo in s tem dolgoročni obstoj podjetja. Eden izmed ključnih pogojev za učinkovito in uspešno uporabo IT-ja v podjetjih, je v upravljanju informatike (UI), ki sledi in se prilagaja poslovnim potrebam podjetja. Trenutni modeli UI so generični in razviti predvsem za potrebe velikih podjetij. Tovrstni modeli v srednje velikih podjetjih ne delujejo in prav tako niso prenosljivi znotraj podjetij iste panoge, velikosti in zrelosti.
Zasnova/metodologija/pristop: Za opredelitev UI, njenih mehanizmov in situacijskih dejavnikov, smo uporabili metodologijo raziskovanja poglobljeni pregled literature. Za začetni nabor podatkovnih baz smo uporabili revije, ki so indeksirane v bazi podatkov Journal Citation Reports. Za določitev relevantnih člankov z največjim indeksom citiranja, smo uporabili storitev Web of Science.
Rezultati: Prispevek članka k znanstveni literaturi je v pregledu trenutnih definicij UI in predlagani celoviti opredelitvi UI. V okviru članka so predstavljeni mehanizmi UI, ki so ključni za uspešno implementacijo in uporabo modelov UI. Predstavljeni so tudi situacijski dejavniki, ki vplivajo na UI, njeno uvedbo in samo uporabo.
Zaključek: Čeprav je UI predmet mnogih obravnav, tako med raziskovalci kot praktiki, še vedno ostaja slabo razumljeno področje, ki se nenehno razvija. Številni poskusi razvoja modelov UI niso znatno prispevali k širši uporabi in uvedbi le teh. UI je še vedno na nizkem nivoju, posebej to velja za majhna in srednje velika podjetja. Da bi UI dejansko postalo del korporacijskega upravljanja podjetja, se morajo tako praktiki kot raziskovalci, osredotočiti na razvoj prilagodljivih in praktično uporabnih modelov UI. V tem članku so predlagani naslednji koraki k razvoju prilagodljivega modela strateškega UI.
Ključne besede: upravljanje informatike (UI); mehanizmi UI; situacijski dejavniki UI; modeli UI
31Q