IT Gov Impl and Impact on Business IT Alignment

123

Information Systems Management, 26: 123–137Copyright © Taylor & Francis Group, LLCISSN: 1058-0530 print/1934-8703 onlineDOI: 10.1080/10580530902794786UISM

An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment

IT Governance Implementations and its Impact on Business/IT Alignment Steven De Haes and Wim Van GrembergenUniversity of Antwerp Management School, University of Antwerp, Antwerp, Belgium

Abstract IT governance is one of these concepts that suddenly emerged and became an importantissue in the information technology area. Many organisations started with the implementation of ITgovernance to achieve a better alignment between business and IT. This paper carries interpretationsregarding important existing theories, models, and practices in the IT governance domain and presentsresearch questions derived from it. Next, multiple research strategies are triangulated in order to explorehow organisations are implementing IT governance and to analyse the relationship between these imple-mentations and business/IT alignment. The major finding is that business/IT alignment maturity ishigher when organisations are applying a mix of mature IT governance practices.

Keywords IT governance, business/IT alignment, exploratory research

In many organisations, information technology (IT) hasbecome crucial in the support, sustainability, and growthof the business. This pervasive use of technology has cre-ated a critical dependency on IT that calls for a specificfocus on IT governance. IT governance consists of theleadership and organisational structures and processesthat ensure that the organisation’s IT sustains andextends the organisation’s strategy and objectives (ITGI,2003; Van Grembergen, 2001).

Today, IT governance is high on the agenda and manyorganisations are implementing IT governance practicesinto day-to-day operations. Once a specific IT governancemodel is chosen and implemented, it should, as indicatedin the above definition, enable that IT sustains andextends the business goals, or in other words, enable thatIT is aligned to the business needs (business/IT alignment).

The IT governance implementation challenge and thesubsequent impact on business/IT alignment constitutethe core domain of this research. This practice-orientedresearch focus is relatively unexplored in academic liter-ature. Many research projects focused on the impact ofspecific contingencies, for example centralised versusdecentralised governance structures (Ahituv et al., 1989;Brown and Magill, 1994) and on how strategic alignmentimpacts business performance (e.g., Bergeron et al., 2009;Teo and King, 1999). However, less research can be found

on how organisations are effectively implementing ITgovernance in day-to-day practice and what the impact isof the IT governance implementation on business/ITalignment. Via this research, we want to contribute tonew theory building in the IT governance domain ofknowledge and assist practitioners by providing moreguidance on how IT governance can be effectively imple-mented. This research paper aims to comply with theconcept of “consumable IS research,” as put forward byO’Keefe and Paul (2000), being both academically rigor-ous and relevant to practice.

Defining the Research Questions

Two research questions (RQ) are put forward in thispaper, as visualised in Figure 1, and discussed below.

RQ1: How are Organisations Implementing IT Governance?

As proposed by work from amongst others Peterson(2003), Weill and Ross (2004), Peterson et al. (2002), andVan Grembergen et al. (2003), IT governance can bedeployed using a mixture of various structures, processes,and relational mechanisms. IT governance structuresinclude “structural (formal) devices and mechanisms forconnecting and enabling horizontal, or liaison, contactsbetween business and IT management (decision-making)

Address correspondence to Steven De Haes, University of AntwerpManagement School, St-Jacobsmarkt 13, 2000 Antwerp, Belgium.E-mail: [email protected]

124 De Haes and Van Grembergen

functions” (Peterson, 2003) (e.g. steering committees). ITgovernance processes refer to “formalisation and institu-tionalisation of strategic IT decision making or IT moni-toring procedures” (Peterson, 2003) (e.g. IT balancedscorecard). The relational mechanisms finally are about“the active participation of, and collaborative relation-ship among, corporate executives, IT management, andbusiness management” (Peterson, 2003) (e.g., training).Relational mechanisms are crucial in the IT governanceframework and paramount for attaining and sustainingbusiness/IT alignment, even when the appropriate struc-tures and processes are in place (Keill, 2002; Callahan &Keyes, 2003; Weill & Broadbent, 1998, Henderson et al.,1993). It is important to recognise that each of theapplied processes, structures, and relational mechanismsserve specific or multiple goals in the complex align-ment challenge. However, dividing the IT governanceframework into smaller pieces, and solving each problemseparately, does not always unravel the complete prob-lem (Peterson, 2003). An holistic approach towards ITgovernance acknowledges its complex and dynamicnature, consisting of a set of interdependent subsystems(processes, structures, and relational mechanisms) thatdeliver a powerful whole (Sambamurthy & Zmud, 1999;Peterson, 2003).

RQ 2: What is the Relationship Between IT Governance and Business/IT Alignment?

As indicated earlier, the goal of IT governance is achiev-ing a better alignment between the business and IT(Van Grembergen et al., 2003; ITGI, 2003). The ultimatequestion therefore is whether the implemented ITgovernance processes, structures, and relational mech-anisms enable the achievement of business/IT align-ment. Business/IT alignment is a complex constructand many studies and publications attempted to unravelthis concept. A well-know model for business/IT alignment

is the Strategic Alignment Model (SAM) of Hendersonet al. (1993), addressing the required balance betweenbusiness strategies, IT strategies, business processes, andIT processes. Other researchers have complemented thismodel with additional insights (e.g., Avison et al., 2004;Feuer et al., 2000, Maes, 1999) and have offered morespecific business/IT alignment definitions such as “thedegree to which the information technology mission,objectives and plans support and are supported by thebusiness mission, objectives and plans” (Sabherwahl &Chan, 2002). However, in a more recent publication Luft-man and Rajkumark (2007) point out that “many align-ment definitions in literature are frequently focusedonly on how IT is aligned (e.g., converged, in harmony,integrated, linked, synchronized) with the business.Alignment must also address how the business is alignedwith IT. Alignment must focus on how IT and the busi-ness are aligned with each other; IT can both enable anddrive business change.” For this research, we stronglyadhere to the concepts of the Strategic Alignment Model(Henderson et al., 1993), focusing on aligning both strate-gies and operational processes, and acknowledge the bi-directional nature of alignment as put forward by Luft-man and Rajkumark (2007).

By examining the relationship between IT governanceand alignment, we respond to a need in this researchfield, which was reported by Chan and Reich in 2007. Intheir research, they provide a literature review of thealignment domain until now and conclude that moreresearch and exploration is required into the means orantecedents of alignment. They also stress it is importantto not only list potential antecedents of alignment (asother research efforts did), but to also identify relation-ships between them and towards alignment (Chan &Reich, 2007). One of the goals of this research is indeed toidentify a set of antecedents in terms of structures,processes, and relational mechanisms, to position theseantecedents into a holistic system and to explore therelationship towards alignment.

Defining the Research Scope

It is recognised that, in order to maintain a sufficientlevel of internal validity within this research project, theresearch scope needs to be narrowed. This focus on inter-nal validity builds on the work of Cook and Campbell(1979) who state that there is always a balancing actbetween different types of validity. They argue, “for inves-tigators with theoretical interests our estimate is that thetypes of validity, in order of importance, are probablyinternal, construct, statistical conclusion, and externalvalidity . . . The priority ordering for many applied research-ers is something like internal validity, external validity,construct validity of the effect, statistical conclusion

Figure 1. Research framework.

Relational mechanisms

Processes

Structures

RQ1: How are organisations implementing IT governance?

Business/IT alignment

RQ2: What is the relationship between IT governance and

business/IT alignment?

IT Governance

IT Governance Implementations and its Impact on Business/IT Alignment 125

validity, and construct validity of the cause” (Cook &Campbell, 1979). As this research can be categorised asapplied research, the primary focus is on internal validity.

In the first place, it is acknowledged that the use of ITgovernance practices might be different in different typesof industries. Therefore, the main focus of this researchis only on one sector, more specifically the financialservices sector. The choice of the financial services sectoris made because, amongst different industries, financialservices, together with manufacturing and retailing, isthe first industry to use information technologies and assuch is already more matured in these domains, makingempirical research interesting (Chiasson & Davidson,2005).

The scope was also reduced in geographic terms andregarding size of organisations. To avoid cultural differ-ences between regions worldwide and contingenciesrelated to the size of the organisations, it was decided toonly focus on typical Belgian financial services organisa-tions with headcounts ranging from 100 (mid-size) toover 1000 (large-size) employees.

The final scope reduction focuses on the organisa-tional level of IT governance practices. As indicated byVan Grembergen et al. (2003), IT governance is situated atmultiple layers in the organisation: at strategic levelwhere the board is involved, at management level withinthe C-suite and senior management layer and finally atthe operational level with operational IT and businessmanagement. However, Peterson (2003) makes a cleardistinction between IT governance and IT management.He states that IT management is focused on the effectiveand efficient internal supply of IT services and productsand the management of present IT operations. IT gover-nance in turn is much broader, and concentrates on per-forming and transforming IT to meet present and futuredemands of the business (internal focus) and businesscustomers (external focus). This “higher-level” focus of ITgovernance is confirmed in the IT governance definitionof ITGI (2003), which states “IT governance is the respon-sibility of executives and the board of directors.” Basedon these considerations, we will discard the operationaloriented level, which according to Peterson (2003) mapsto IT management instead of IT governance.

Research Methodology and Approach

Because research in the domain of IT governance imple-mentations and its relationship with business/IT align-ment is in its early stages and theoretical models arescarcely available, the nature of this research is explor-atory rather than hypothesis testing. Indeed, the conceptof IT governance, as it is understood now, only emergedin the late nineties (De Haes & Van Grembergen, 2006;Weill & Ross, 2004), and there has been little research

material developed on which we can build. The latter isnot only true because it is a new research domain, but asdenoted by Benbasat and Zmud (1999), “generally, ISresearchers have been less successful than their col-leagues in other business school disciplines in develop-ing a cumulative research tradition. Without suchcumulative results, it becomes difficult, if not impossi-ble, to develop and assess strong theoretical models suchthat prescriptive actions can confidently be suggested forpractice.” By exploring this research domain in detail, wewant to contribute to creating a basis for future research,by exploring models and generating potential hypothe-ses to be tested.

Exploratory research often builds on secondaryresearch, “such as reviewing available literature and/ordata, or qualitative approaches such as informal discus-sions with consumers, employees, management or com-petitors, and more formal approaches through in-depthinterviews, focus groups, projective methods, casestudies or pilot studies” (Ryerson, 2007). Our researchstrategy therefore also triangulates between multipledifferent research methods: literature research, pilotcase research, Delphi method research, benchmarkresearch and extreme case research. This triangulationenables us to obtain a richer insight in reality, as alsoadvocated by Mingers (2001): “. . . different researchmethods focus on different aspects of reality and there-fore a richer understanding of a research topic will begained by combining several methods together in a sin-gle piece of research or research program.” The differentresearch methods and phases are visualised in Figure 2and described below.

Figure 2. Research process.


Literature and Pilot Case Research

The research process started with exploring the researchdomain and defining the research questions through adetailed literature research in the domain of business/ITalignment and IT governance. The focus was on definingand refining the research questions and on finding aninitial list of structures, processes, and relational mecha-nisms that organisations can leverage to implement ITgovernance. At this moment, the research was not yetscoped down to only the Belgian financial services sector.

To complement the list of IT governance practicesfound in the literature, pilot cases were described. Thesecases consisted of one in-depth case and five mini-casesand are based on multiple interviews with both businessand IT managers (Table 1).

Delphi Research

In further completing the initial list of IT governancepractices and specifying it for the Belgian financialorganisations, the Delphi research methodology wasleveraged. The Delphi method can be characterized “as amethod for structuring a group communication processso that the process is effective in allowing a group of indi-viduals, as a whole, to deal with a complex problem”(Linstone & Turoff, 1975). This method is particularlysuited as a methodology for this research as “the Delphimethod technique lends itself especially well to explor-atory theory building on complex, interdisciplinaryissues, often involving a number of new or future trends”(Akkermans et al., 2003). An expert panel was composed of29 consultants—senior IT and senior business professionals—who are all knowledgeable about organisations operat-ing in the Belgian financial services sector. From thisgroup, 22 experts continued to be involved in the fullDelphi research effort (25% drop off rate), with six seniorbusiness/audit managers, eight senior IT managers, andeight senior business/IT consultants.

Using the Delphi method, these financial servicessector experts needed to complete questionnaires inthree consecutive rounds. Similar to the Delphi researchwork of Keill et al. (2002), the Delphi research started

from a predefined set of IT governance practices based onfindings of the literature research and the in-depthexploratory case research. In the first round, the respon-dents were asked only to provide their feedback on thepredefined list of practices, giving them the opportunityto make recommendations to add, change, or deletesome of the practices. The focus of this first round was onvalidating the predefined list of practices specifically forthe financial services sector, so no other input or feed-back was requested at this stage. In the second round, therespondents were asked to rate on a scale of zero to five,for each of the reviewed IT governance practices, the“perceived effectiveness (0 = not effective, 5 = very effec-tive) and the “perceived ease of implementation” (0 = noteasy, 5 = very easy). The respondents were also asked toprovide the top 10 most important IT governance prac-tices, taking the previous attributes (effectiveness - easeof implementation) and their personal experience intoaccount. In their opinion, these are crucial elements or aminimum baseline of an optimal IT governance mix (themost important practice score 1, the second most impor-tant score 2, the 10th most important score 10). In thethird and final round, the respondents were asked to re-evaluate their own scores from round two, consideringthe group averages. The goal of this round was primarilyto come to a greater consensus in the group. At the endof the third round, the degree of consensus between theexperts was measured leveraging Kendall’s W coefficient(Schmidt & Roy, 1997; Siegel, 1998), specifically for thequestion on the minimum baseline. Schmidt & Roy(1997) offer an interpretation of Kendall’s W, indicatingthat the reached level of consensus in this research of0.53 can be considered moderate providing a fair degreeof confidence in the results.

Business/IT Alignment Benchmarking

The following research step was aimed at measuringbusiness/IT alignment in a sample of Belgian financialservices organisations. To achieve this measurement, 13organisations were contacted, of which 10 committedto participate. In each organisation, it was asked thatfive to ten senior business and IT managers complete aquestionnaire measuring business/IT alignment matu-rity. This questionnaire was based on an instrumentalready used in previous research of Luftman (2000)and Cumps, Viaene, Dedene, and Vandenbulcke (2006)and later validated by Sledgianowski, Luftman, andReilly (2006). The latter validation work resulted inan “assessment instrument based on a model usingmultiple criteria and multiple levels to represent differ-ent degrees of alignment, from less mature to moremature” (Sledgianowski, Luftman, & Reilly, 2006).The assessment instrument covers 22 questions in six

Table 1. Exploratory Pilot Case Studies

Company Industry # Interviewees

KBC (in-depth case) Finance 6Vanbreda (mini case) Insurance 3Sidmar-Arcelor (mini case) Steel 2CM (mini case) Insurance 3AGF Belgium (mini case) Insurance 2Huntsman (mini case) Chemicals 2


domains: communication, competency and value mea-surement, governance, partnership, scope and architec-ture and skills. Each question had to be rated on a scalefrom zero to five.

Extreme Case Research

From the established business/IT alignment bench-mark, extreme cases were selected for further casestudy investigation. Extreme cases research is particu-larly useful “to obtain information on unusual cases,which can be especially problematic or especially goodin a more closely defined sense” (Flyvbjerg, 2006). Thetwo organisations with the highest alignment matu-rity, and the two organisations with the lowestalignment maturity, were retained for further analy-sis. Having four case organisations was found to besufficient to allow for in-depth cross-case analysis, asalso argued by Eisenhardt (1989): “With fewer than4 cases, it is often difficult to generate theory withmuch complexity. . . . With more than 10 cases, itquickly becomes difficult to cope with the complexityand volume of the data.”

Within each of those extreme cases, a workshop wasorganised (two to three hours meeting) with a seniorIT and senior business manager to investigate what thematurity was of the used individual IT governance

practices within the case organisation. These work-shops were structured according to the list of33 IT governance practices as defined earlier in theDelphi research. During the workshop, the partici-pants were asked to come to a consensus regarding thematurity for each of the 33 practices. This maturityassessment was based on a generic maturity model(Table 2) as proposed by the IT Governance Institute(ITGI, 2003), providing a scale from 0 (non-existent) to5 (optimised).

Comparing Extreme Cases

The data collected in the previous step allowed fordetailed cross-case analysis, looking for causes that couldexplain why some organisations achieved a higher busi-ness/IT alignment score compared to other organisations.Comparisons were made between the high and low per-formers in terms of the mix of IT governance practicesapplied and in terms of the maturity of each of thesepractices.

Research Results and Discussion

This section will discuss the results of each of theresearch steps.

Table 2. Generic Maturity Model

■ 0 Non-existent.Complete lack of any recognisable processes. The enterprise has not even recognised that there is an issue to be addressed.

■ 1 Initial/Ad Hoc.There is evidence that the enterprise has recognised that the issues exist and need to be addressed. There are, however, no standardised processes; instead there are ad hoc approaches that tend to be applied on an individual or case-by-case basis. The overall approach to management is disorganised.

■ 2 Repeatable but Intuitive.Processes have developed to the stage where similar procedures are followed by different people undertaking the same task. There is no formal training or communication of standard procedures, and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals and, therefore, errors are likely.

■ 3 Defined Process.Procedures have been standardised and documented, and communicated through training. It is mandated that these processes should be followed; however, it is unlikely that deviations will be detected. The procedures themselves are not sophisticated but are the formalisation of existing practices.

■ 4 Managed and Measurable.Management monitors and measures compliance with procedures and to take action where processes appear not to be working effectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way.

■ 5 Optimised.Processes have been refined to a level of good practice, based on the results of continuous improvement and maturity modelling with other enterprises. IT is used in an integrated way to automate the workflow, providing tools to improve quality and effectiveness, making the enterprise quick to adapt.

ITGI, 2003, Board Briefing on IT Governance, www.itgi.org.


Literature and Case Research

The main goal of the literature and pilot case researchwas to get a better view on how organisations are address-ing IT governance these days and to come up with an ini-tial list of IT governance practices from practice. From thecase studies, different drivers for adopting IT governancewere identified. An important one was certainly the needto comply with Sarbanes-Oxley requirements, whichimpacts heavily on the control environment in IT. Otherimportant drivers for IT governance were the push toachieve economies of scales after mergers and acquisi-tions and budget pressure, resulting in a smaller budgetfor new projects. Challenge of course is then to optimallyassign the remaining budget to projects and activitiesthat are delivering value to the business. Finally, somepilot case companies mentioned that the IT governanceproject was more an effort of formalizing and structuringexisting mechanisms already applied.

Based on the findings of the literature research, andthe pilot case research, an initial list of IT governancepractices was compiled, as shown below (see Table 3). Foreach of these practices, a short definition was developedbased on the literature and input from the pilot cases.

Delphi Research

The goal of the Delphi research was to further completethe initial list of IT governance practices and to make thelist specific for the Belgian Financial services sector.

The Delphi research revealed a list of 33 IT governancepractices for the Belgian financial services sector. Itshould be noted that this list cannot be exhaustive, andthe practices at operational level are discarded in thisresearch. These practices are shown in the first two col-umns of Table 4, with Sx being the structures, Px beingthe processes and Rx being the relational mechanisms.

The research demonstrated that, according to theexpert group, some of the addressed practices areperceived as being more effective or easy to implementcompared to others (see columns at the right in Table 4:effectiveness and ease of implementation). The five prac-tices perceived as the most effective for the Belgian finan-cial services sector are “IT steering committees,” “CIOreporting to the CEO/COO,” “CIO on executive commit-tee,” “IT budget control and reporting,” and “portfoliomanagement.” All these practices were also identified asbeing relatively easy to implement. The least effectivepractices are “IT governance assurance and self-assess-ment,” “job-rotation,” and “COSO/ERM.”

Some practices were perceived as effective but not easyto implement. Good examples in this high-effectiveness/low ease of implementation domain are “benefits manage-ment and reporting” and “charge back arrangements,”

which are indeed complex processes to realise, as theyrequire a close involvement and collaboration of busi-ness and IT people. Other practices received lower scoresthan expected, when compared to current thinking in lit-erature. An interesting case of a practice receiving “unex-pectedly” low scores is the “architecture committee.” Therelatively low score for effectiveness for this practice con-tradicts with research by Cumps et al. (2006) who con-clude “. . . organisations that have more extensive andmature enterprise architecture management practiceshave a higher probability of belonging to the group ofhighly aligned organisations.” Within the Delphi expertgroup, the lowest score for ease of implementation forthis practice was assigned by the IT group, probably peo-ple who have already experienced the difficulty of ITarchitecture issues in a concrete environment. Indeed, itmight be that in the group of IT respondents, the archi-tecture committee implementations took place onlyrecently, and the benefits still have to be proven overtime. Weill and Ross (2004) also refer to the start up ofarchitecture committees: “At many enterprises, architec-ture committees get off to a rocky start, usually becausethe committees are formed to “impose” technology stan-dards on the enterprise. . . . As long as senior manage-ment espouses the standardisation for business reasons,however, standards gradually gain acceptance.”

An interesting finding to pinpoint is that many IT gov-ernance definitions stress the prime responsibility of theboard of directors in IT governance, while these resultsreveal that the mechanisms to achieve this board involve-ment (“IT expertise at level of board of directors” and “ITstrategy committee”) are rated relatively low in terms ofperceived effectiveness. This result can possibly beexplained by the fact that making the board of directorsmore IT literate is not easy to achieve, which is con-firmed by the second to last score in term of ease ofimplementation of “IT expertise at the level of the boardof directors.” The results of this research raise questionson how financial services organisations realise this boardinvolvement in practice.

If averages are calculated for effectiveness and ease ofimplementation for all the structures, processes and rela-tional mechanisms (see Figure 3), it appears that struc-tures and processes are in general perceived as beingequally effective. However, it appears that IT governancestructures are perceived as being easier to implementcompared to IT governance processes, although in manycases they are closely related. A good example here is the“IT steering committee”, which is a crucial element tobuild up a “portfolio management” process, but thesteering committee is perceived as much easier to imple-ment compared to the whole “portfolio management”process. Relational mechanisms are also perceived asbeing easier to implement compared to IT governanceprocesses, probably because some relational mechanisms


Table 3. Initial List of IT Governance Practices

Name Cross-References from Literature

Cross-References from Case Research

KBC AGF VanBreda Huntsman Sidmar CM

Structures Integration of governance/alignment tasks in roles&responsi-bilities

Duffy, 2002; ITGI, 2003; Weill&Ross, 2004; De Haes&Van Grembergen, 2006

x x x x

IT steering committee(s) ITGI, 2003; Luftman&Brier, 1999; Weill&Ross, 2004; De Haes&Van Grembergen, 2006

x x x x x x

IT strategy committee ITGI, 2003; Nolan&McFarlan, 2005; De Haes&Van Grembergen, 2006

x

CIO on Executive Committee

ITGI, 2003, Weill&Ross, 2004; De Haes&Van Grembergen, 2006

CIO reporting to CEO ITGI, 2003; Weill&Ross, 2004 x x x xArchitecture Committee ITGI, 2003; De Haes&

Van Grembergen, 2006Processes Strategic information

systems planningEarl, 1993; Rockart, 1979;

Van Grembergen, 1997; Hammer&Champy, 1993; De Haes&Van Grembergen, 2006

x x x x

Balanced scorecard Kaplan&Norton, 1992; Van Grembergen; 2000; Van Der Zee and De Jong, 1999; De Haes&Van Grembergen, 2006

x x x

Portfolio management (incl. Information economics)

Parker et al., 1998; De Haes&Van Grembergen, 2006

x x x x x x

Charge back arrangements (ABC)

Weill&Ross, 2004; De Haes&Van Grembergen, 2006

x

Service Level Agreements

Weill&Ross, 2004; Van Grembergen et al., 2003; De Haes&Van Grembergen, 2006

x x x

COBIT ITGI, 2006; De Haes&Van Grembergen, 2006

x

Relational Mechanisms Job-rotation Luftman, 2000; Reich&Benbasat, 2000; De Haes&Van Grembergen, 2006

x x x

Co-location Luftman, 2000; Reich&Benbasat, 2000; De Haes&Van Grembergen, 2006

x

Cross-training Luftman, 2000; Reich&Benbasat, 2000; De Haes&Van Grembergen, 2006

x x

Knowledge management (on IT governance)

Weill&Ross, 2004; Luftman, 2000; Reich&Benbasat, 2000; De Haes&Van Grembergen, 2006

x x

Business/IT account managers

Luftman, 2000; Reich&Benbasat, 2000; De Haes&Van Grembergen, 2006

x x

Senior management giving the good example

De Haes&Van Grembergen, 2006 x

Informal meetings between business and IT senior management

De Haes&Van Grembergen, 2006 x

IT leadership Monnoyer&Willmott, 2005; Smith, 2006


Table 4. Validated List of IT Governance Structures, Processes and Relational Mechanisms

Index IT Governance Practice DefinitionEffectiveness (from 0–5)

Ease of Implementation (from 0–5)

IT governance structures

S1 IT strategy committee at level of board of directors

Committee at level of board of directors to ensure IT is regular agenda item and reporting issue for the board of directors

3,67 3,4

S2 IT expertise at level of board of directors

Members of the board of directors have expertise and experience regarding the value and risk of IT

3,14 2,18

S3 (IT) audit committee at level of board of directors

Indepent committee at level of board of directors overviewing (IT) assurance activities

3,22 3,4

S4 CIO on executive committee

CIO is a full member of the executive committee

4,38 3,56

S5 CIO (Chief Information Officer) reporting to CEO (Chief Executive Officer) and/or COO (Chief Operational Officer)

CIO has a direct reporting line to the CEO and/or COO

4,5 4,21

S6 IT steering committee (IT investment evalu-ation / prioritisation at executive / senior management level)

Steering committee at executive or senior management level responsible for deter-mining business priorities in IT investments.

4,69 3,35

S7 IT governance function / officer

Function in the organisation responsible for promoting, driving and managing IT governance processes

2,93 3,11

S8 Security / compliance / risk officer

Function responsible for security, compliance and/or risk, which possibly impacts IT

3,28 4,06

S9 IT project steering com-mittee

Steering committee composed of business and IT people focusing on prioritising and managing IT projects

4,03 4,01

S10 IT security steering committee

Steering committee composed of business and IT people focusing on IT related risks and security issues

2,82 3,61

S11 Architecture steering committee

Committee composed of business and IT people providing architecture guidelines and advise on their applications.

3,04 3,14

S12 Integration of gover-nance/alignment tasks in roles&responsibilities

Documented roles&responsibilities include governance/alignment tasks for business and IT people (cf. Weill)

3,18 2,63

IT governance processes

P1 Strategic information systems planning

Formal process to define and update the IT strategy

3,82 2,82

P2 IT performance measurement (e.g. IT balanced scorecard)

IT performance measurement in domains of corporate contribution, user orientation, operational excellence and future orientation

3,97 2,76

P3 Portfolio management (incl. business cases, information econom-ics, ROI, payback)

Prioritisation process for IT investments and projects in which business and IT is involved (incl. business cases)

4,13 2,67

P4 Charge back arrange-ments - total cost of ownership(e.g. activity based costing)

Methodology to charge back IT costs to business units, to enable an understanding of the total cost of ownership

3,28 2,4

(Continued)


can have a very informal character (e.g. R7: Informalmeetings between business and IT executive/seniormanagement).

During the Delphi research, the experts also had todefine the top 10 most important IT governance prac-tices, which were in their opinion crucial elements or aminimum baseline of an optimal IT governance mix(specifically for the Belgian financial services sector). Thistop 10 suggests that, in implementing IT governance

within a specific financial services organisation, theseminimum baseline mechanisms may play an importantrole. As can be seen in Table 5, most of the top 10 ITgovernance practices are consistent with the one thatreceived the highest scores for “perceived effectiveness”in Table 4.

It was surprising that only one relational mechanismwas reported in this minimum baseline (“IT leadership,”Table 5); while many authors in literature stress that the

Table 4. (Continued)

Index IT Governance Practice DefinitionEffectiveness (from 0–5)

Ease of Implementation (from 0–5)

P5 Service level agree-ments

Formal agreements between business and IT about IT development projects or IT operations

3,47 3,13

P6 IT governance framework COBIT

Process based IT governance and control framework

3,36 2,42

P7 IT governance assurance and self-assessment

Regular self-assessments or indepent assurance activities on the governance and control over IT

2,79 2,54

P8 Project governance / management methodologies

Processes and methodologies to govern and manage IT projects

4,1 2,94

P9 IT budget control and reporting

Processes to control and report upon budgets of IT

4,13 4

P10 Benefits management and reporting

Processes to monitor the planned business benefits during and after implementa-tion of the IT investments / projects.

2,85 2,36

P11 COSO / ERM Framework for internal control 2,39 2,04IT governance

relational mechanisms

R1 Job-rotation IT staff working in the business units and business people working in IT

2,35 2,36

R2 Co-location Physically locating business and IT people close to each other

2,79 3,01

R3 Cross-training Training business people about IT and/or training IT people about business

2,76 2,82

R4 Knowledge management(on IT governance)

Systems (intranet,. . .) to share and distrib-ute knowledge about IT governance framework, responsibilities, tasks, etc.

3,24 2,68

R5 Business/IT account management

Bridging the gap between business and IT by means of account managers who act as in-between

3,79 3,36

R6 Executive / senior management giving the good example

Senior business and IT management acting as “partners”

3,88 2,81

R7 Informal meetings between business and IT executive/senior management

Informal meetings, with no agenda, where business and IT senior management talk about general activities, directions,

3,79 3,88

R8 IT leadership Ability of CIO or similar role to articulate a vision for IT’s role in the company and ensure that this vision is clearly understood by managers throughout the organisation

3,89 2,82

R9 Corporate internal communication addressing IT on a regular basis

Internal corporate communication regularly addresses general IT issues.

3,43 3,69

R10 IT governance aware-ness campaigns

Campaigns to explain to business and IT people the need for IT governance

2,83 3,14


relational mechanisms are crucial enablers for IT gover-nance (Keill et al., 2002; Weill & Broadbent, 1998;Henderson et al., 1993; Callahan & Keyes, 2003). A possi-ble explanation is that, just as in literature, less detailedknowledge and expertise is available on relational mech-anisms which often have a more intangible and informalcharacter. On the other hand, it should be noted thatmany other relational mechanisms, such as “business/ITaccount management,” “senior management giving goodexample,” and “informal meeting between business andIT executive/senior management,” attained very positivescores, in terms of effectiveness and ease of implementa-tion. It should certainly be considered, therefore, when

complementing the minimum baseline to a broader ITgovernance framework.

Business/IT Alignment Benchmarking

To create a business/IT alignment benchmark, 13 Belgianfinancial services organisation were invited to partici-pate, from which ten committed to participate under thecondition that the anonymity was guaranteed. Table 6provides the profiles of each of those organisations.

In each of these organisations, five to ten businesses, andIT senior managers completed the validated alignmentmaturity survey. In total 44 senior IT managers and 40senior business managers across the ten organisations com-pleted the survey. The results are visualised in Figure 4.

The total business/IT alignment maturity average is2.69 on scale of five, with six organisations (C, D, E, F, G,H) being relatively very close to the overall average. Thisbell shaped distribution for business/IT alignment matu-rity was also found in similar research by Cumps et al.(2006), providing confidence in our measurement instru-ment. Regarding the latter two organisations (I,J), confir-mation for their high alignment score was found in theMcKinsey “Annual European Banking IT Cost BenchmarkStudy,” where it appeared that these two organisationsperformed above average (in an European sample) on the

Figure 3. Average effectiveness and ease ofimplementation.

00,5

11,5

22,5

33,5

4

Perceived effectiveness

Perceived ease ofimplementation

Structures

Processes

Relational mechanisms

Table 5. Top 10 Most Important IT Governance Practices (Minimum Baseline)

S6 IT steering committee (IT investment evaluation / prioritisation at executive / senior management level)S4 CIO on executive committeeP3 Portfolio management (incl. business cases, information economics, ROI, payback)P9 IT budget control and reportingS1 IT strategy committee at level of board of directorsR8 IT leadershipP1 Strategic information systems planningS9 IT project steering committeeS5 CIO (Chief Information Officer) reporting to CEO (Chief Executive Officer) and/or COO (Chief Operational Officer)P8 Project governance / management methodologies

Table 6. Profiles of Case Organisations

Organisation Number of Employees in Belgium Main Activities

A More than 1000 Banking and InsuranceB Between 100 and 1000 Banking and InsuranceC More than 1000 BankingD More than 1000 BankingE More than 1000 Banking and InsuranceF More than 1000 Financial transaction servicesG Between 100 and 1000 Banking and InsuranceH Between 100 and 1000 Banking and InsuranceI More than 1000 Banking and InsuranceJ More than 1000 Banking and Insurance


question “what is the level of alignment between the ITstrategy and the business?” (McKinsey, 2006).

Assuming that this sample of ten organisations is rep-resentative of the Belgian financial services sector, ourconclusion is that the average business/IT alignmentmaturity in the entire Belgian financial services sector is2.69. Such a maturity score only becomes meaningfulwhen it can be compared against a target or againstresults in other sectors. An interesting considerationhere is what the desired target or to-be situation wouldbe for the financial services sector. There is no literatureavailable in this domain, but taking the high-dependencyon IT into account, one could argue that at least a matu-rity level 3 would be required, which implies standard-ised and documented processes and procedures. There isalso not much data available to compare this resultagainst other sectors. However, one could reference thestudy by Luftman (2003), who created a benchmarkwithin 25 Fortune 500 organisations and came up with atotal average of 2.17. This result would imply that theBelgian Financial Services sector on average performssomewhat better on business/IT alignment compared tothe sample of Fortune 500 organisations, although theseresults have to be interpreted with great care as the studyof Luftman was based on an initial version of the mea-surement instrument (not yet validated at that time). Onthe other hand, this positive result is maybe not that sur-prising as the sample in this research is only focused atthe financial services sector for which one could expectan above average alignment maturity compared to other

industries, such as manufacturing, because of the high-dependency on IT and the strong impact of regulations.

Extreme Case Research

In the extreme cases of the business/IT alignment bench-mark (two highest aligned organisations and two lowestaligned organisations), it was investigated how maturethey were in using each of the 33 IT governance practicesbased on a generic maturity model (from 0 to 5) (ITGI,2003). During a workshop, business and IT managerscame to a consensus regarding the appropriate maturityscores for each of the practices. The results of this assess-ment are shown in Table 7.

The average maturity over all IT governance practicesfor organisation A is 1.50, for organisation B 1.37, fororganisation I 2.21 and for organisation J 3.11. This dif-ference between IT governance practices maturityalready provides a high-level indication that might leadto a better understanding of the gap in business/IT align-ment maturity between organisations A-B and I-J. Thisoutcome is discussed in more detail in the next section.

Comparing Extreme Cases

When comparing the averages of maturity of IT gover-nance practices (structures, processes and relationalmechanisms) in those extreme cases, in appears that in

Figure 4. Business/IT alignment maturity benchmark.

Total number of respondents

Number of IT respondents

Number of business

respondents

Total Alignment

maturity Score

Deviation from

averageA 9 5 4 2,10 –0,59

B 5 3 2 2,16 –0,52

C 9 3 6 2,56 –0,12

D 6 3 3 2,67 –0,02

E 9 5 4 2,71 0,03

F 8 3 5 2,72 0,04

G 10 5 5 2,74 0,06

H 9 6 2 2,91 0,22

I 8 5 4 3,11 0,43

J 11 6 5 3,17 0,48

Total Total Total Average84 44 40 2,69

G

F<< A B C D E H I J >>

1,0 1,1 1,2 1,3 1,4 1,5 1,6 1,7 1,8 1,9 2,0 2,1 2,2 2,3 2,4 2,5 2,6 2,7 2,8 2,9 3,0 3,1 3,2 3,3 3,4 3,5 3,6 3,7 3,8 3,9 4,0


general the high performers have more mature IT gov-ernance structures and processes, as shown in Figure 5.This figure also shows that that processes on averagewere less mature compared to structures, indicatingthat it is more difficult to implement processescompared to structures, which was also discussed inprevious section.

It was also shown that the organisations with lowbusiness/alignment maturity did have a lot of practicesin place, but the average maturity of these practices wasbelow maturity level 2, as shown in Figure 6. This mightindicate that the impact on business/IT alignment of ITgovernance practices that have a maturity level lowerthan 2, is limited.

The impact of relational mechanisms on business/ITalignment maturity was not clearly demonstrated in thisresearch. (cf. Figure 5). However, a finding was that thetwo high performers had started their IT governanceimplementation many years ago, and the intervieweesmade reference to the fact that in the initiating phases ofthe IT governance implementation project, a lot ofenergy was spent in business change management,awareness creation, and so on. At this moment, theseorganisations however came to a point where manystructures and processes were embedded in day-to-daypractice, leading to less attention and need for thesechange management aspects. The relational mecha-nisms, certainly the ones focused at motivating people,creating awareness, etc., are likely very important in theinitiating phase of IT governance, in which the two lowperformers were situated. This preliminary findingshould be researched further in more detail.

Analysing the high-performers in more detail revealedthat they distinguish themselves by a set of IT gover-nance practices that were also proposed in the Delphiresearch as minimum baseline IT governance practices.From this earlier defined set of ten minimum baselinepractices (Table 4), seven appear to be clearly present andmature (above maturity level 2) in the high-performers.This reduced set is called the key minimum baseline andconstitutes the seven practices shown in Table 8.

An interesting IT governance practice that was notused by any of the organisations, although being pro-moted by experts and thought leaders as very important(ITGI, 2003; Monnoyer and Willmott, 2005), is the “ITstrategy committee at the level of the board of directors.”This practice is promoted as a structure to ensure that theboard gets involved in a structured way in IT governance

Table 7. Comparing Extreme Cases (1)

A B I J

S1 0 0 0 0S2 4 1 0 1S3 3 3 3 3S4 2 5 2 0S5 2 5 4 5S6 2 2 4 4S7 2 0 4 4S8 2 3 4 5S9 2 2 4 4

S10 0 0 0 4S11 0 0 1 3S12 2 1 2 5P1 1 2 1 4P2 1 2 4 4P3 1 2 4 4P4 0 0 2 5P5 0 0 2 4P6 0 0 1 4P7 1 0 1 1P8 2 3 3 4P9 1 2 4 5

P10 0 1 1 3P11 0 0 0 0R1 1 0 1 2R2 5 2 3 3R3 2 0 2 1R4 3 3 4 4R5 2 0 0 4R6 2 2 5 5R7 2 0 0 0R8 1 4 4 4R9 2 0 2 3

R10 1 1 1 11,48 1,39 2,21 3,12

Figure 5. Comparing extreme cases (1).

0,00

0,50

1,00

1,50

2,00

2,50

3,00

3,50

4,00

Structures Processes Relational Mech.

JIBA

Figure 6. Comparing extreme cases (2).

00,5

11,5

22,5

33,5

A B I J


issues. During the interviews, three out of four organisa-tions stated that board involvement in IT governance isnot feasible and probably not required. The representa-tives of the shareholders are more concerned with thecore financial services activities and less worried about(operational) IT issues. Another IT governance practicesthat was indicated as not being relevant for alignmentpurpose was “COSO/ERM.” While the latter was recogn-ised as probably a very good framework for general inter-nal control, the value for governance or impact onalignment did not appear at all.

Conclusions

As a general conclusion of this exploratory study, thisresearch revealed that IT governance is indeed high onthe agenda. Our research suggests that there is a clearrelationship between the use of IT governance practicesand business/IT alignment. It appeared that highlyaligned organisations do indeed leverage more mature ITgovernance practices compared to poorly aligned organi-sations.

Some detailed conclusions were drawn regarding ITgovernance structures, processes and relational mecha-nisms. It was demonstrated that it is easier to implementIT governance structures compared to IT governance pro-cesses. It also appeared that relational mechanisms arevery important in the beginning stages of an IT gover-nance implementation project and become less impor-tant when the IT governance framework is embeddedinto day-to-day operations. For some specific IT gover-nance practices, the research provides indications thatcontradict existing literature. A good example is theinvolvement of the board of directors in IT governance,which is promoted by many authors in literature, butwas not supported in this research. This research alsoprovides a key minimum baseline of seven IT governancepractices that each organisation at least should have andsupplement with practices that are highly effective andeasy to implement. When an organisation wants toimplement these practices, it has to make sure that atleast a maturity level of two is obtained, to ensure that itpositively impacts business/IT alignment.

Recommendations for Practitioners

A recommendation to practitioners resulting from thesefindings is that the best approach to implement IT gover-nance is to start with setting up these seven key mini-mum baseline IT governance practices. This core set ofpractices should be supplemented with other key prac-tices that are highly effective and relatively easy to imple-ment. At the initial stages of such IT governance project,sufficient attention should be given to relational mecha-nisms to ensure commitment of all the involved peoplein the process. Once the “governance culture” is embed-ded in the implemented structures and processes, theserelational mechanisms require less attention.

Future Research

It was explained in the beginning of this manuscript thatthe focus of this research was on the Belgian financialservices sector only, negatively impacting the generalis-ability of this research. However, it can be expected thatmany conclusions might apply to other sectors as well.Further research could support that assumption butshould also address the impact of specific contingenciessuch industry, geography, size of the organisation and/orIT department, business strategy, etc.

In addition, this research is based on a “snapshot intime,” and future research could be dedicated to verify howimplementations evolve over time. For example, thisresearch provides indications that relational mechanismsare more important in the initiating phases of IT gover-nance, but monitoring an organisation over time could pro-vide valuable data to support or refute this statement.

Finally, it should be noted that this research is explor-atory in the first place instead of hypothesis testing(amongst other reasons due to the small sample size). Itdoes however provide some interesting potential hypothesesto be tested in further (parametric and/or non-parametric)statistical correlation research, for example to further vali-date the accuracy of the defined key minimum baseline forIT governance. Larger data sets, potentially also coveringmore internal and external contingencies, are required toenable this more statistical approach.

Table 8. Key Minimum Baseline

S6 IT steering committee (IT investment evaluation / prioritisation at executive / senior management level)P3 Portfolio management (incl. business cases, information economics, ROI, payback)P9 IT budget control and reportingR8 IT leadershipS9 IT project steering committeeS5 CIO (Chief Information Officer) reporting to CEO (Chief Executive Officer) and/or COO (Chief Operational Officer)P8 Project governance / management methodologies


Author Bios

Steven De Haes, PhD, is responsible for the InformationSystems Management executive programs and researchat the University of Antwerp Management School (UAMS)and is guest lecturer at the University of Antwerp (UA). Hehas teaching assignments in executive programs in thedomain of IT governance & assurance, alignment and ITperformance measurement. He is actively engaged inapplied research within the IT Alignment and Gover-nance (ITAG) Research Institute (www.uams.be/ itag). Heperforms research and project management assignmentsfor the IT Governance Institute (ITGI) in the domain of ITgovernance and assurance and in this capacity contrib-uted to many publication issued by ITGI (COBIT 4, VALITand IT Assurance Guide). He has several publications onIT governance and business/IT alignment in leading jour-nals and acts as advisor to firms in these domains.

Wim Van Grembergen, PhD, is professor at the Econom-ics and Management Faculty of the University of Antw-erp (UA) and executive professor at the University ofAntwerp Management School (UAMS). He teachesinformation systems at bachelor, master and execu-tive level, and researches in IT governance, IT strategy,IT assurance, IT performance management and the ITbalanced scorecard. Within his IT Alignment andGovernance (ITAG) Research Institute (www.uams.be/itag) he conducts research for ISACA/ITGI on IT gover-nance and supports the continuous development ofCOBIT. He is also member the IT Governance Commit-tee, ISACA/ITGI’s strategic committee. Van Grember-gen is a frequent speaker at academic andprofessional meetings and conferences and has servedin a consulting capacity to a number of firms. He hasseveral publications in leading academic journals andpublished books on IT governance and the IT balancedscorecard.

References

Ahituv. N., Neumann, S., & Zviran, M. (1989). Factors affectingthe policy for distributing computing resources. MIS Quarterly,13 (2): 3–16.

Akkermans, H. A. et al. (2003). The impact of ERP on supply chainmanagement: exploratory findings from a European delphistudy. European Journal of Operational Research, 146, 284–301.

Avison, D., Jones, J., Powell, P., & Wilson D. (2004). Using andvalidating the strategic alignment model. Journal of StrategicInformation Systems, 13, 223–246.

Bacharach, S. B. (1989). Organisational theories: some criteriafor evaluation. Academy of Management Review, 14 (4).

Benbasat, I., & Zmud, R.W. (1999). Emperical research in Infor-mation Systems: the practice of relevance. MIS Quarterly, 23 (1):20, 197.

Bergeron, F., Raymond, L., & Rivard, S. (2003). Ideal Patterns ofStrategic Alignment and Business Performance. Information &Management, 41 (8), 1003–1020.

Brown, C. V. & Magill, S. L. (1994). Alignment of the IS functionswith the enterprise: towards of model of antecedents. MISQuarterly, 18 (4 ), 371–403.

Callahan, J., & Keyes, D. (2003). The evolution of IT Governanceat NB Power. In W. Van Grembergen (Ed.), Strategies forInformation Technology Governance, Hershey, PA: Idea GroupPublishing.

Chiasson, M. W., & Davidson E. (2005). Taking industry seriouslyin Information Systems research. MIS Quarterly, 29 (4), 591–605.

Chan, Y. E., & Reich, B. H. (2007). IT alignment: what have welearned? Journal of Information Technology, 22, 297–315.

Cook, T. D., & Campbell, D. (1979). Quasi-experimentation: Designand Analysis Issues for Field Settings. Chicago: Rand McNally Col-lege Publishing Company.

Cumps, B. Viaene, S., Dedene, G., & Vandenbulcke, J. (2006). AnEmpirical Study on Business/ICT Alignment in EuropeanOrganisations. In Proceedings of the Hawaii International Confer-ence on System Sciences (HICSS), 4–7 January 2006, Hawaii.

De Haes, S., & Van Grembergen, W. (2006). IT Governance bestpractices in Belgian Organisations. In proceedings of the HawaiiInternational Conference on System Sciences, 4–7 January 2006,Hawaii.

Duffy, J. (2002). IT/Business alignment: is it an option or is itmandatory? IDC document 26831, IDC, Farmington, MA.

Earl, J.M. (1993). Experiences in Strategic Information SystemsPlanning. MIS Quarterly, 17 (1), 1–24.

Eisenhardt, K.M. (1989). Building theories from Case StudyResearch. Academy of Management Review, 14 (4), 532–550.

Feurer, R., Chaharbaghi, K., Weber, M., & Wargin, J. (2000).Aligning Strategies, Processes and IT: a Case Study. InformationSystems Management, 17(1): 23–34.

Flyvbjerg (2006) Five Misunderstandings about Case StudyResearch. Qualitative Inquiry, 12 (2), 219–245.

Henderson, J.C., Venkatraman, N., & Oldach, S. (1993). Continu-ous Strategic Alignment: Exploiting Information TechnologyCapabilities for Competitive Success. European ManagementJournal, 11 (2), 139–149.

ITGI. (2003). Board Briefing on IT Governance, Second Edition.Retrieved January 27 2005 from www.itgi.org

ITGI. (2006). COBIT 4.1. Retrieved December 14 2006 fromwww.itgi.org .

Keill, M. et al. (2002). Reconsiling user and project manager per-ceptions of IT project risk: a delphi study. Information SystemsJournal, 12, 103–119.

Linstone, H. A., & Turoff, M. (1975). The Delphi Method: Techniquesand Applications. Reading, MA: Addison-Wesley PublishingCompany.

Luftman, J., & Brier, T. (1999). Achieving and Sustaining Business-IT alignment. California Management Review, 42 (1), 109–122.

Luftman, J. (2000). Assessing Business-IT alignment Maturity.Communications of AIS, 4 (14): 1–50.

Luftman, J. (2003). Assessing Business-IT alignment maturity, InW. Van Grembergen (ed.), Strategies for Information TechnologyGovernance. Hershey, PA: Idea Group Publishing.

Luftman, J., & Rajkumark, K. (2007). An update on business/align-ment: a line has been drawn. MIS Quarterly Executive, 6 (3).

Maes, R. (1999). Reconsidering Information Management througha Generic Framework. PrimaVera Working Paper, University ofAmsterdam, Amsterdam, 99–15.


McKinsey (2006). Annual European Banking IT Cost Benchmark Study.Confidential Report, McKinsey and Company, Brussels, Belgium.

Mingers, J. (2001). Combining IT research methods: towards a plu-ralist methodology. Information Systems Research, 12 (3): 240–259.

Monnoyer, E. & Willmott, P. (2005, Fall). What IT leaders do:Companies that rely on IT governance systems alone willcome up short. McKinsey Quarterly on IT, 2–6.

Nolan, R., & McFarlan, F.W. (2005, Fall). Information Technol-ogy and the Board of Directors. Harvard Business Review, 83(10), 96–106.

O’Keefe, B., & Paul, R. B. (2000). Editorial. European Journal of Infor-mation Systems, 9, 1–2.

Peterson, R. R. (2003). Information Strategies and Tactics forInformation Technology Governance. In W. Van Grembergen(Ed.), Strategies for Information Technology Governance. Hershey,PA: Idea Group Publishing.

Peterson, R., Parker, M. M., & Ribbers, P. (2002). InformationTechnology Governance Processes under environmentaldynamism: investigating competing theories of decision-making and knowledge sharing. In Proceedings of the 23th Inter-national Conference on Information Systems, December 15–182002, Barcelona, Spain.

Ryerson (2007). Exploratory Research. Retrieved 10 June 2007 at www.ryerson.ca/∼mjoppe/ResearchProcess/ExploratoryResearch.htm

Sabherwal, R., & Chan, Y. (2001). Alignment between businessand IS strategies: a study of prospectors, analyzers anddefenders. Information Systems Research, 12 (1), 11–33.

Sambamurthy, V., & Zmud, R. W. (1999). Arrangements forInformation Technology Governance: a theory of multiplecontingencies. MIS Quarterly, 23 (2), 261–290.

Schmidt, R. (1997). Managing Delphi surveys using nonparamet-ric statistical techniques. Decision Sciences, 28 (3): 763–774.

Siegel, S. (1998). Nonparametric statistics for the behavioural sciences.New-York: McGraw-Hill.

Sledgianowski, D., Luftman, J. & Reilly, R. R. (2006). Develop-ment and Validation of an Instrument to Measure Maturity ofIT Business Strategic Alignment Mechanisms. InformationResources Management, 19 (3), 18–33.

Smith, G. (2006). Straight to the Top - Becoming a World-Class CIO.Chichester, West Sussex, UK: John Wiley & Sons.

Teo, T.S.H., & King, W. (1999). An empirical study of theimpacts of integrating business planning and informa-tion systems planning. European Journal on InformationSystems. 8 (3): 200–210.

Van Grembergen, W. (2001). Introduction to the Minitrack: ITGovernance and its Mechanisms. In Proceedings of the 35thHawaii International Conference on System Sciences (HICSS), HICSS-35, January 7–10, 2002, Hilton Waileoloa Village, Island ofHawaii.

Van Grembergen, W., De Haes, S., & Guldentops, E. (2003).Structures, Processes and Relational Mechanisms for ITGovernance. In Van Grembergen (ed), Strategies for Infor-mation Technology Governance. Hershey, PA: Idea GroupPublishing.

Weill, P., & Broadbent (1998). Leveraging the New Infrastructure:how Market Leaders Capitalize on Information Technology. Boston:Harvard Business School Press.

Weill, P., & Ross, J. (2004). IT Governance: How Top Performers Manage ITDecision Rights for Superior Results. Boston: Harvard Business SchoolPress.

Documents

IT Gov Impl and Impact on Business IT Alignment