A Systematic Literature Review on IT Governance Mechanisms and Frameworks

Abstract

Nowadays, it is not common to come across sectors that can work and succeed without using information technology (IT). IT has now become a part of organizations' management and strategic decision-making mechanisms. Therefore, organizations make serious investments to develop software and system infrastructures and transfer business processes to digital environments such as cloud technologies. So, they get business resilient while they gain opportunities of spreading their business activities to wide stakeholders and customers. Here it is essential to provide assurance that an organization evaluates, develops, implements, maintains, disposes of its IT systems and manages life cycle of all information and information technology systems properly on all physical and logical environments. However, the most important matter is that an organization’s objectives are met by the management practices of its information systems. While organizations carry out their digital transformation at a dizzying speed, organizations should be protected from material and moral damages such as loss of money, loss of commercial confidential information, loss of reputation by protecting the confidentiality, integrity and accessibility of the information assets they own and also comply with legal legislations such as the protection of personal data and intellectual property rights. In order to achieve this, organizations benefit from one or more frameworks, standards or directives that are suitable for their own structures and needs, separately or by integrating them. However, the most important point in this transformation process is the transition of organizations from IT management understanding to IT governance. In other words, IT has now become a part of the strategic decision-making mechanism by rising from the level of support tool to carry out business processes in organizations. When we search the academic literature, frameworks and standards, it is seen that the key elements of IT governance are structures, processes and relational mechanisms. If these three components are set up correctly and fit the organization, it can be assured that IT aligns with and supports the objectives of the organizations and that effective IT governance is achieved in every kind of organizations. In this research, databases such as Web of Science, IEEE, and SCOPUS are scanned and found articles are reviewed in order to make a literature review on IT Governance Mechanisms and Frameworks. Results are evaluated and discussed. By the way, suggestions for further studies were made and advanced researches were shed light on.

Keywords

• IT Governance
• IT Governance Mechanism
• Literature Review
• Structural mechanisms
• Process mechanisms
• Relational Mechanisms

References

1. Alberts, C., Behrens, S., Pethia, R. and William. W. (1999). Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0. Retrieved May 14, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=13473
2. Ali, S., Green, P. (2007). Effective IT governance mechanisms in public sector organisations: An Australian context. 10th Pacific Asia Conference on Information Systems, 15 (4), 41-63, https://doi.org/10.4018/jgim.2007100103
3. Ali, S., Green, P. (2012). Effective information technology (IT) governance mechanisms: An IT outsourcing perspective. Information Systems Frontiers, 14(2), 179-193. https://doi.org/10.1007/s10796-009-9183-y
4. Almeida, R., Pereira, R., Silva, MM. (2013a). IT Governance Mechanisms: A Literature Review. 4th International Conferences on Exploring Service Science, 143, 186-199.
5. Almeida, R., Pereira, R., da Silva, MM. (2013b). IT Governance Mechanisms Patterns. 25th International Conference on Advanced Information Systems Engineering (CAiSE).
6. Altemimi, M.A.H., Zakaria, M.S. (2015). Developing factors for effective IT governance mechanism. 9th Malaysian Software Engineering Conference, 245 – 251, https://doi.org/ 10.1109/MySEC.2015.7475228 Asante K. K. (2010). Information Technology (IT) Strategic Alignment: A Correlational Study Between The Impact Of IT Governance Structures And IT Strategic Alignment. University of Capella, UMI 3402048 ProQuest LLC.
7. Bhattacharjya, J., Chang, V. (2006). Adoption and Implementation of IT Governance: Cases from Australian Higher Education. (2006). ACIS 2006 Proceedings 6. http://aisel.aisnet.org/acis2006/6
8. Bianchi, I. S., Sousa, R.D. (2016). IT Governance mechanisms in higher education. Conference on Enterprise Information Systems /International Conference on Project Management / Conference on Health and Social Care Information Systems and Technologies, CENTERIS / ProjMAN / HCist 2016, 100, 941-946. https://10.1016/j.procs.2016.09.253

9. Bianchi, I.S., Sousa, RD.,Pereira, R., (2017). IT governance Mechanisms at Universities: An Exploratory Study. 23rd Americas Conference on Information Systems (AMCIS)
10. Bianchi, I.S., Sousa, R.D., Pereira, R., Souza, I.M. (2019). Effective IT governance mechanisms in higher education institutions: An empirical study. Iberian Journal of Information Systems and Technologies, 412-423.
11. Bichsel, J. (2014). Getting Your Ducks in a Row IT Governance, Risk, and Compliance Programs in Higher Education. Educause. https://doi.org/10.13140/RG.2.1.4734.6409
12. Boritz, J., Lim, J.-H. (2007). Impact of top management's it knowledge and it governance mechanisms on financial performance. ICIS 2007 Proceedings - Twenty Eighth International Conference on Information Systems.
13. Borja, S., Moon, Y., Yoon, H., Hwang, J. (2022). IT Governance Mechanisms, IT Governance Domains, and Their Influence on IT Governance Effectiveness: Empirical Analysis in Colombia. 2022 Portland International Conference on Management of Engineering and Technology (PICMET), Portland, OR, USA, 1-10, https://doi.org/10.23919/PICMET53225.2022.9882803.
14. Brereton, P., Kitchenham. B.A., Budgen D., Turner M., Khalil M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Elsevier Journal of Systems and Software, 80(4), 571-583, https://doi.org/10.1016/j.jss.2006.07.009.
15. Brown, A.E., Grant, G.G. (2005). Framing the Frameworks: A Review of IT Governance Research. Communications of the Association for Information Systems, 15, 696-712.
16. Burtscher, C., Manwani, S., Remenyi, D. (2009). Towards a Conceptual Map of IT Governance: A review of current academic and practitioner thinking. UK Academy for Information Systems Conference Proceedings 2009. Paper 15.
17. De Haes, S., Grembergen, W.V. (2005). IT Governance Structures, Processes and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group, IEEE, 237b-237b.
18. De Haes, S., Grembergen, W.V. (2009). An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment. Information Systems Management, 26 (2), 123-137, https://doi.org/10.1080/10580530902794786
19. De Haes, S., Grembergen, W.V. (2015). Enterprise Governance of Information Technology. Springer, https://doi.org/10.1007/978-3-319-14547-1
20. Denford, J.S., Dawson, G.S., Desouza, K.C. (2015). An Argument for Centralization of IT Governance in the Public Sector. 2015 48th Hawaii International Conference on System Sciences, https://doi.org/10.1109/HICSS.2015.537
21. Earl, M.J. (1993). Experiences in Strategic Information Systems Planning. Management Information Systems Research Center, 17 (1), 1-24.
22. Educause (2023, Mai 13). About the Guide. https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/about-the-guide
23. Fajar, A.N., Amri, M. (2022). The Impact of IT Governance Mechanism on Firm Performance: An Empirical Study. Journal of System and Management Sciences, 12 (4),205 - 218, https://doi.org/10.33168/JSMS.2022.0413
24. Grembergen, W.V. (2004). Strategies for Information Technology Governance. Idea group publishing. https://doi.org/10.4018/978-1-59140-140-7
25. Henderson, J. C., Venkatraman, N. (1993). Strategic alignment: Leveraging information technology for transforming organizations. IBM systems journal, 32 (1), 4–16.
26. Herz, T. P., Hamel, F., Uebernickel, F., Brenner, W. (2012). IT Governance Mechanisms in Multisourcing--A Business Group Perspective. 45th Hawaii International Conference on System Sciences, Maui, HI, USA, 5033-5042, https://doi.org/10.1109/HICSS.2012.30.
27. Ilmudeen, A. (2022). IT Governance mechanism and IT-enabled dynamic capabilities drives firm performance: An empirical study in Sri Lanka. Information Development. https://doi.org/10.1177/02666669221074259
28. ISACA (2009). Implementing and Continually Improving IT Governance. ISACA, USA. ITGI (2003). Board Briefing on IT Governance. 2nd Edition, USA.
29. Lederer, A.L., Sethi, V. (1988). The Implementation of Strategic Information Systems Planning Methodologies. MIS Quarterly, 12(3), 445-461. Levstek, A., Hovelja, T., Pucihar. (2018). A IT Governance Mechanisms and Contingency Factors: Towards an Adaptive IT Governance Model. Organizacija, 51(4), 286-310, https://doi.org/10.2478/orga-2018-0024
30. Luftman, J., Brier, T. (1999). Achieving and Sustaining Business-IT Alignment. California Management Review, 42. https://doi.org/10.2307/41166021.
31. Lunardi, G. L., Becker, J. L., Macada, A. C. G. (2009). The Financial Impact of IT Governance Mechanisms' Adoption: An Empirical Analysis with Brazilian Firms. 42nd Hawaii International Conference on System Sciences, Waikoloa, HI, USA, 1-10, https://doi.org/10.1109/HICSS.2009.434.
32. Mulyana, R., Rusu, L., Perjons, E. (2021). IT Governance Mechanisms Influence on Digital Transformation: A Systematic Literature Review. 27th Annual Americas Conference on Information Systems (AMCIS)
33. Murugesan, S. (2007). Going green with IT: Your responsibility toward environmental sustainability. Cutter Consortium Business – IT Strategies Executive Report, 10 (8), 1–24.
34. Murugesan, S. (2008). Harnessing Green IT: Principles and Practices. IT Professional, 10, 24 - 33. https://doi.org/10.1109/MITP.2008.10.
35. Okae, S., Andoh-Baidoo, F.K., Ayaburi, E. (2019). Antecedents of Optimal Information Security Investment: IT Governance Mechanism and Organizational Digital Maturity. IFIP Advances in Information and Communication Technology, 558, 442 – 453, https://doi.org/10.1007/978-3-030-20671-0_30
36. Pandey, S.K., Mustafa., K. (2012). A Comparative Study of Risk Assessment Methodologies for Information Systems. Bulletin of Electrical Engineering and Informatics, 1 (2), 111-122.
37. Pereira, R., Silva, M., Luis, M., Lapao, L. (2014). Business/IT Alignment through IT Governance Patterns in Portuguese Healthcare. International Journal of IT/Business Alignment and Governance, 5, 1-15, https://doi.org/10.4018/ijitbag.2014010101.
38. Peterson, R. R. (2004). Information strategies and tactics for Information Technology governance. In W. Van Grembergen (Ed.), Strategies for Information Technology Governance. Hershey, PA: Idea Group Publishing. https://doi.org/10.4018/978-1-59140-140-7
39. Robinson, N. (2007). The many faces of IT governance: Crafting an IT governance architecture. Information Systems Control Journal, 1, 1-4.
40. Sambamurthy, V., Zmud, R.W. (1999). Arrangements for Information Technology Governance: A Theory of Multiple Contingencies. MIS Quarterly, 23(2), 261-290.
41. Safdie, S. (2022, December 1). Everything You Need to Know About Green IT in 2023. https://greenly.earth/en-us/blog/ecology-news/everything-you-need-to-know-about-green-it-in-2022
42. Secquity (2023, Mai 13). Introduction to COBRA. https://security-risk-analysis.com/introduction-to-cobra/
43. Schlosser, F., Beimborn, D., Weitzel, T., Wagner, HT. (2015). Achieving social alignment between business and IT – an empirical evaluation of the efficacy of IT governance mechanisms. Journal of Information Technology, 30(2), 119-135. https://doi.org/10.1057/jit.2015.2
44. Spremić, M. (2009). IT governance mechanisms in managing IT business value. WSEAS Transactions on Information Science and Applications, 6 (6), 906 – 915.
45. Symons, C. (2005). IT Governance Framework: Structures, Processes, and Communication. Best Practices, Forrester Research Inc.
46. Şimşek, V., Ateş, V. (2022). Bilişim Sistemi Geliştirme Sürecindeki İnsan Faktörü Üzerine Sistematik Literatür Taramasi. Organizasyon Ve Yönetim Bilimleri Dergisi, 14(1), 85-98.
47. Tranfield, D., Denyer, D., Smart, P. (2003). Towards a methodology for developing evidence-informed management knowledge by means of systematic review. British Journal of Management, 14(3), 207-222. doi: 10.1111/1467-8551.00375.
48. Yıldız, A. (2022). Bir araştırma metodolojisi olarak sistematik literatür taramasına genel bakış. Anadolu Üniversitesi Sosyal Bilimler Dergisi, 22 (2), 367-386. https://doi.org/10.18037/ausbd.1227366
49. Webster, J., Watson, R.T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26(2), xiii-xxiii,
50. Weill, P., Ross, J. (2004). IT governance: how top performers manage it decisions rights for superior results, Harvard Business School Press
51. Wiedemann, A. (2018). IT Governance Mechanisms for DevOps Teams – How Incumbent Companies Achieve Competitive Advantages. Proceedings of the 51st Hawaii International Conference on System Sciences, 4931-4940.
52. Zhen, J., Xie, ZX., Dong, KX. (2021). Impact of IT governance mechanisms on organizational agility and the role of top management support and IT ambidexterity. International Journal of Accounting Information Systems, 40, https://doi.org/10.1016/j.accinf.2021.100501
53. Zuo, M., Ma, D., Yu, Y. (2020). Contextual determinants of IT governance mechanism formulation for senior care services in local governments. International Journal of Information Management, 53, https://doi.org/10.1016/j.ijinfomgt.2020.102125