Delving Into the IT Governance-Management Communication Interface

Delving Into the IT GovernanceManagement Communication Interface: A Scoping Review

Carlos Juiz, University of the Balearic Islands, Spain
https://orcid.org/0000-0001-6517-5395
Beatriz Gomez, University of the Balearic Islands, Spain
https://orcid.org/0000-0002-7142-9942

Abstract

This work is devoted to addressing the IT governance-management communication aspects, considering that their responsibilities are different, but complementary, in developing an IT governance framework. The research question consists of finding which aspects (and subsequent themes) from IT governance literature may be considered. The authors performed a systematic scoping literature review, as their objective is to conduct a wide-ranging search on the aspects that communicate the governance of IT and its management. Because they want to broadly know the communication aspects and subthemes, they first filtered the articles reading each title and abstract and reduced the relevant studies to 174 . Finally, after an exhaustive reading, review, and categorization, 92 studies were selected. They identified 14 aspects and 50 themes regarding the communication interface between IT governance and IT management. The study brings insights on a clearer IT governance-management interface conceptualization and identifies an agenda for further research on it.

KEYWORDS

IT Governance, IT Governance-Management Interface, IT Management, Literature Review

I. INTRODUCTION

IT governance has increased in importance because organizations base their core business activity on IT. Organizations are striving to derive value from IT investments using various mechanisms widely known in the literature (e.g. Peterson, 2004; Van Grembergen et al., 2004; Weill & Ross, 2004). Furthermore, organizations are directing IT plans to align them to business strategy as well as controlling and monitoring if the results are as expected (Henderson & Venkatraman, 1993). However, although there are various recognized frameworks and standards (e.g. COBIT 2019 (ISACA, 2018) and ISO/IEC 38500 (ISO/IEC 38500, 2015)), some firms may still be managing the implementation of IT governance. The difficulties that organizations have in implementing IT governance may be owing to several causes:

• There are many definitions of what IT governance is and how it differs from IT management, each having different approaches (Ko & Fink, 2010; Robb & Parent, 2009).

• Allegedly, there are more popular topics in the definitions depending on the interests or needs of the author/researcher, showing no consensus (Raymond, Bergeron, Croteau, & Uwizeyemungu, 2019; Robb & Parent, 2009).
• Several empirical studies show the theory-practice gap of implementing IT governance in organizations (Buchwald, Urbach, & Ahlemann, 2014; De Maere & De Haes, 2017; GonzálezRojas, Gómez-Morantes, & Beltrán, 2018; Daniël Smits & Van Hillegersberg, 2018b; Teo, Abd Manaf, & Choong, 2013).
• Some barriers in the implementation of IT governance are related to social aspects such as lack of communication between IT governance and IT management, lack of understanding and trust, and different executives’ perceptions of IT business value (Buchwald et al., 2014; Parry & Lind, 2016; Phiri & Weiguo, 2013; Rahimi, Møller, & Hvam, 2016; Tallon, 2014; Teo, Manaf, & Choong, 2013; Yudatama, Nazief, & Hidayanto, 2017).

To implement IT governance, the three IT governance mechanisms that must be considered when developing it are accepted both academically and by practitioners are decision-making structures, alignment processes, and communication and relational approaches (Ko & Fink, 2010; Daniel Smits & Van Hillegersberg, 2014; Van Grembergen et al., 2004; Weill & Ross, 2004). According to Ko and Fink (Ko & Fink, 2010), structures and alignment processes have been highly researched and developed in organizations, while communication approaches have received less attention. Similarly, Van Grembergen and De Haes (Van Grembergen & De Haes, 2009) performed a Delphi study with experts who were asked to categorize best practices from the three IT governance mechanisms, being “relational mechanism” the less ranked, the less considered, and perceived as the less effective. They also stated that there is not much knowledge about this mechanism in organizations; it is the least elaborate even in the literature in contrast to the other two, which have extensive research. Furthermore, IT governance studies have focused on board and top-level management involvement, capabilities, responsibilities, awareness, and willingness regarding IT governance, but less attention has been given to IT managers and lower layers participation (De Maere & De Haes, 2016, 2017; Teo, Abd Manaf, et al., 2013). There is no consensus about the aspects needed to communicate both IT governance and management layers, even though there are numerous frameworks in the literature and they all seek to implement good IT governance practices (Bin-Abbas & Bakry, 2014; Raymond et al., 2019; Robb & Parent, 2009). Thus, this work is devoted mainly to addressing the IT governance-management communication aspects, considering that governance and management responsibilities are clearly different but complementary in developing an IT governance framework in organizations. Therefore, we pose the following research question:

What aspects (and subsequent themes) from the existing literature may be considered about the interface between IT governance and IT management? (Understanding by interface as to how IT governance and IT management communicate with each other).

To answer this general research question, we performed a systematic scoping literature review, extracting key aspects and subsequent themes related to the communication interface between IT governance and management.

The remainder of this paper is as follows: Section presents other studies performing literature reviews regarding IT governance and IT management. Section III details the research method used in this study, and Section IV presents the key aspects and subsequent themes found after performing the scoping review. Finally, Section V discusses these aspects and offers some clues about the conceptualization of IT governance proposing an agenda for further research, and Section VI concludes this study with a summary of the obtained results and implications for both researchers and practitioners.

II. RELATED WORKS

Several literature reviews exist in the literature on IT governance. To abbreviate, in Table 1, we have compiled studies that address issues of relationship and communication between the layers of IT governance and IT management, or as close as possible. These studies mainly address the following matters: relationship between IT governance and corporate governance (board or top management team) (Caluwe & De Haes, 2019; Daniël Smits & Van Hillegersberg, 2018a); business effectiveness and efficiency when applying good IT governance practices (Asgarkhani, Cater-Steel, Toleman, & Ally, 2018; Levstek, Hovelja, & Pucihar, 2018; Tambotoh, Kosala, Ranti, Isa, & Pudjianto, 2017; Wijaya, Kosala, Meyliana, & Prabowo, 2017); specific development of IT governance in HEIs (Khouja, Bouassida Rodriguez, Ben Halima, & Moalla, 2018; Waheed, Hussin, & Razi, 2018); barriers, benefits, and critical success factors (CSFs) when implementing IT governance in organizations (Alreemy, Chang, Walters, & Wills, 2016; Vunk, Mayer, & Matulevičius, 2017; Yudatama, Nazief, & Hidayanto, 2017; Yudatama, Nazief, Hidayanto, & Mishbah, 2017); and-the oldest studiesgeneral mechanisms and decision-making (Almeida, Pereira, & Mira da Silva, 2013; Brown & Grant, 2005; Wilkin & Chenhall, 2010). However, to the best of our knowledge, there is no literature review addressing the aspects of the communication interface and the relationship between IT governance and IT management.

III. RESEARCH METHOD

The research methodology used in this study is scoping review, as our objective is to conduct a wide-ranging search on the aspects that communicate the governance of IT and its management and propose an agenda for future research. According to Paré et al. (Paré, Trudel, Jaana, & Kitsiou, 2015), scoping reviews, unlike classic reviews, offers a broad and comprehensive study, especially for an area that has not been reviewed before or is complex and extensive, as in our case. We have selected this method for knowledge synthesis because we must rapidly identify, with a breadth of coverage, the key aspects underpinning what the interface components are between IT governance and IT management as well as the main sources and types of evidence available (Whittemore, Chao, Jang, Minges, & Park, 2014). As it was also used in the study of Caluwe and De Haes (Caluwe & De Haes, 2019), we have followed the methodological framework created by Arksey and O’Malley (Arksey & O’Malley, 2005), considering Daudt et al. (Daudt, Van Mossel, & Scott, 2013) and Levac et al. (Levac, Colquhoun, & O’Brien, 2010) recommendations, allowing us to rigorously select and analyze the most appropriate papers related to our study. We present the research stages belonging to Arksey and O’Malley (Arksey & O’Malley, 2005) framework and their application in this study:

Stage 1. Identifying the research question.

Besides not having a common definition of the IT governance concept (Bin-Abbas & Bakry, 2014; Buchwald et al., 2014) and even though for practitioners there are de facto and de jure IT governance standards, there is no consensus about the aspects needed to communicate both IT governance and management layers. According to Buchwald et al. (Buchwald et al., 2014) practitioners are not yet understanding the concepts of IT governance, in addition to the fact that IT managers resist being governed.

Thus, to address these aspects, we seek to answer the following research question in this study:
What aspects (and subsequent themes) from the existing literature may be considered about the interface between IT governance and IT management? (Understanding by interface as to how IT governance and IT management communicate with each other).

According to Weill and Ross (Weill & Ross, 2004), communication approaches are already considered one of the mechanisms of good IT governance, being understood as a broader aspect of communication, including all stakeholders in the organization. In our study, and based on the ISO/

Table 1. Overview of previous literature reviews about IT governance-management

• There is no specific information about this parameter.

IEC 38500 (ISO/IEC 38500, 2015) interface concept, communicating is limited by the IT governance and IT management scope, and we refer to how they both must connect, interrelate, understand, and assume their responsibilities and actions and those of the other. In this sense, the question is overly

broad and complex to limit it in a systematic literature review (SLR). This is why one of the reasons for conducting a scoping review was to map both fields of study, IT governance and IT management.

Stage 2. Identifying relevant studies

This step does not go against the basic procedures to be carried out in an SLR. Thus, in this stage, we defined the search strategy following the systematic approach suggested by Webster and Watson (Webster & Watson, 2002), Kitchenham, B. and Charters (Kitchenham, B. and Charters, 2007), and Okoli and Schabram, (Okoli & Schabram, 2010). We used Web of Science and Google Scholar to access the relevant data regarding our study. In both cases, we queried each electronic database with adapted regular expressions whose keywords were “IT governance” or “governance of IT,” “IT management” or “management of IT,” and combinations of the following: “interface,” “connection,” “relationship,” and “communication.” Regarding the time constraint, we have focused our scoping from 1993 until December 2019, as we consider the work of Venkatraman et al. (Venkatraman, Henderson, & Oldach, 1993) as the main initial reference of IT governance and communication with IT management. This process generated 932 articles after eliminating duplicates. To avoid missing relevant work that may not have been indexed in the above-mentioned electronic databases, we performed a manual search on the main databases known to index the IS Senior Scholars’ Basket of Journals as well as top-ranked IS journals listed by the AIS (The Association for Information Systems, 2019). These include the ACM Digital Library, AIS Electronic Library, IEEE Xplore, SpringerLink, Emerald Insight, Science Direct, and EBSCOHost, in addition to the “A” ranking conference proceedings by the Australian Computer Research and Education conference portal (CORE) such as AMCIS, ECIS, HICCS, ICIS, and PACIS. After eliminating duplicates, the results amounted to 943 in total.

Stage 3. Study selection

Systematic review methods generally develop inclusion and exclusion criteria based on their specific research question. In our research, we applied it afterward based on the familiarity with the authors’ literature, as suggested by Arksey and O’Malley (Arksey & O’Malley, 2005). Because we want to broadly know what the communication elements are in the interface between IT governance and IT management, we have not limited our search by type of organization (public/private) and country and its development (developed/developing), nor scope or sector, nor size (large/SME) as we want to see how that relationship exists in any organization. Thus, we first filtered the articles reading each title and abstract and selected those in English (as well as some in Spanish and Portuguese) that explain some key aspects about the connection between both layers (IT governance and IT management). Those that only discuss the IT governance layer were excluded, as were articles solely highlighting IT management. Likewise, papers explaining connections between IT governance with the Corporate Governance layer were also excluded, as we are focusing on the specifics of IT governance. Additionally, we added additional publications identified after reviewing the references in the papers generated during the first step.

By this first selection, the relevant studies were reduced to 174 . However, we cannot infer any article’s relevancy for our study solely by reading the title and abstract (Badger, Nursten, Williams, & Woodward, 2000). Therefore, we obtained the full text of all candidate articles that may fit. Reviews, discussions, and comments, works in progress, non-peer-reviewed articles in journals or conferences, and thesis works were also excluded. Finally, after an exhaustive reading, review, and categorization, 92 studies were included in our work.

Stage 4. Charting the data

Specifically, we included author(s), year of publication, title, source and its category, study method, and country. In addition, we specified the methodology of the study and differentiated between conceptual and empirical studies. For those empirical studies, we identified whether the studied organization was private or public and if it belonged to a developed or developing country. Figure 1

indicates the number of studies found per country. Please note that the total number indicated in Figure 1 exceeds the total number of papers because there were studies that applied their methods to more than one country. In any case, the countries where we found more literature are the U.S., Australia, the Netherlands, Germany, and Belgium. Figure 2 shows characteristics of IT governance-management interface studies included in this review. The number of publications belonging to journals ( $52 \%$ ) exceeds those from proceedings in conferences or congresses ( $37 \%$ ). It is worth noting that most publications included in this review are empirical ( $68 \%$ vs. $32 \%$ conceptual studies). A complete list of journals and main conferences can be found in Table 2.

This is significantly helpful as the results obtained derive mostly from organizations that have developed IT governance solutions, which have been studied through case studies (37%), surveys (18%), interviews (7%), and others (Delphi studies, focus groups, workshops, and design science research approaches, among others). Regarding those empirical studies, $79 \%$ were performed in developed countries and $57 \%$ in private organizations.

Our goal in this scoping review is to present an overview of the analyzed material that may be of interest to researchers and practitioners alike. Therefore, in this step, we summarized our results in a “narrative review” (Pawson, 2002), as we are not seeking to synthesize nor assess the quality of each evidence material. The narrative review, which takes a broader view, implies using a descriptiveanalytical method with a common analytical framework for all of the included articles.

As mentioned above, no previous SLR has studied the interface between IT governance and IT management, leading us to use our framework to analyze the work found, a method also used by Klotz et al. (Klotz, Kopper, Westner, & Strahringer, 2019) in their study. Thus, by applying our framework iteratively, we analyzed the content of the relevant literature using open coding (Neuman, 2011), basing our coding scheme on the following studies. Thus, we intended to cover the wide spectrum of concepts that could influence the communication interface between IT governance and IT management and continuing with their work:

• Decision-making structures, alignment processes regarding business-IT alignment, and relational and communication mechanisms, based on Henderson and Venkatraman (Henderson & Venkatraman, 1993), Van Grembergen et al. (Van Grembergen et al., 2004), and Weill and Ross (Weill & Ross, 2004).
• The five key IT decisions stated by Weill and Ross (Weill & Ross, 2004) that should be made to render IT a strategic asset: IT principles, IT architecture, IT infrastructure, business application needs, and IT investment and prioritization.
• We also considered the Ko and Fink (Ko & Fink, 2010) model, which agreed with Peterson’s vision of IT governance as a collaborative network within the organization, involving all levels and people, and not simply considered a control tool. Thus, we have considered their emphasized people dimension.
• Smits and Van Hillegersberg (Daniel Smits & Van Hillegersberg, 2014) took a similar line in their model, distinguishing between hard (structures and processes) and soft aspects of governance; thus, we highlighted behavior and collaboration domains under their soft dimension.
• The five main focus areas from ITGI (ITGI, 2003) that assure IT provides value to the business and risks are mitigated: value delivery, strategic alignment, resource management, risk management, and performance management.
• The six IT principles from the ISO/IEC 38500 (ISO/IEC 38500, 2015): responsibility, strategy, acquisition, performance, conformance, and human behavior.

Considering all those above-mentioned concepts, we identified 14 key aspects (and 50 themes) related to issues connecting IT governance with IT management and coded these themes several times (see Table 3).

Table 2. Type and source of studies

Figure 1. Number of studies per country.

Figure 2. Types of IT governance-management interface studies are included in this review.

After reviewing them, we then validated the most blurred aspects. The classification of articles in our study and the key aspects they partially or totally comprise is represented in the concept matrix of coding results (Webster & Watson, 2002), resulting in fourteen key aspects in Table 4.

Stage 5. Collating, summarizing, and reporting the results

In this stage, we aimed to answer our research question based on the selected articles and the framework used to classify them. Furthermore, several gaps in the research about the interface between both layers were identified, which led us to propose an agenda for future research.

IV. RESULTS

After applying our coding scheme, the 14 aspects obtained from the literature regarding the communication interface between IT governance and IT management are described in this section. Figure 3 shows the 14 aspects ordered by the number of studies found in the literature. The 50 subsequent themes are also depicted within the corresponding aspect as a dotted list. Their description will follow the same order:

Table 3. Key aspects coding scheme

Table 3. Continued

Table 4. Concept matrix of coding results regarding the Key aspects connecting IT governance and IT management

2002. | | | | x | x | x | | | | | x | | | x | | 4 |

| (Jamieson, 2002) | | | | | | x | | | | | | | | | | 5 |
| (Keyes-Pearce,
2002) | x | | | | | | | | | | x | | | | | 6 |
| (Ross & Weill,
2002) | x | | | | x | x | x | | | x | | x | | | | 7 |
| (Kearns &
Lederer, 2003) | | x | | | | | x | x | | x | | | x | | | 8 |
| (Beiden, 2004) | x | | | | | | x | | | | | | | | | 9 |
| (Marshall &
McKay, 2004) | | x | | | x | x | x | | | | | x | | | | 10 |
| (Peterson, 2004) | x | x | x | x | x | | x | x | | | | | | x | | 11 |
| (Rau, 2004) | x | | x | | | | | x | | | | | | | | 12 |
| (Van
Gronbergen et
al., 2004) | x | x | x | x | x | x | | x | | x | | | | | | 13 |
| (Weill & Ross,
2004) | x | x | x | x | | | x | | x | x | x | x | | | | 14 |
| (Xenon, 2004) | | | | | x | | | | | | | | | | | 15 |
| (Damianides,
2005) | | | | x | | | | | | | x | | | x | | 16 |
| (Jordan, 2005) | | x | | | | x | | | | | | | | | | 17 |
| (Nolan &
McFarlan,
2005) | x | | | | x | x | | | | | x | | | | | 18 |
| (Sledzianowski
& Laffman,
2005) | x | x | x | | x | | x | x | x | | | | x | | | 19 |
| (Von Solms,
2005) | | | | | | x | | | | | | | | | | 20 |
| (Weill & Ross,
2005) | x | x | x | x | | | | | | | | | | | | 21 |
| (Dahlberg &
Kivijärvi, 2006) | x | x | | x | x | x | | | | | | | x | | | 22 |
| (Drake & Byrd,
2006) | | x | | | | x | | | | | | | | | | 23 |
| (Gewald &
Hefing, 2006) | x | x | x | | | | | | | | | | | | | 24 |
| (Salls &
Di-Vitantonio,
2006) | | | x | | | | | | | | | | | | x | 25 |
| (Welsh, Pollard,
& Ridley, 2006) | | | | | | | x | | | | x | | | | | 26 |
| (Ernest &
Nicavic, 2007) | | | | x | | | | | | x | | | | | | 27 |
| (S. Kim, 2007) | | | | x | | x | | | | | | | | | | 28 |

Table 4. Continued

| Publication | Study
Mos | Study
Time | Study
Rec | Study
Time | Study
Results | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial | Study
Results of
trial |
| — | — | — | — | — | — | — | — | — | — | — | — | — | — | — | — |
| (Moura, Saavé,
& Bartefini,
2007) | | | | | $x$ | | | | | $x$ | | | | | 29 |
| (Stejenti &
Pachucci, 2007) | | | | $x$ | | | | | | $x$ | | $x$ | | | 30 |
| (Silvius, 2007) | | $x$ | | | | | | | | | | | | | 31 |
| (Spremie &
Popovic, 2007) | | | | | | $x$ | | | | | | | | | 32 |
| (Stajters, Zwiers,
& van der Pijl,
2008) | | | | | | $x$ | | | | | | | | | 33 |
| (Simonson &
Johnson, 2008) | | | | $x$ | | | | | | | | | | | 34 |
| (Warkstein &
Johnston, 2008) | $x$ | | | | | $x$ | | | | | | | | $x$ | 35 |
| (Xue, Liang, &
Boulton, 2008) | $x$ | | | | | | | | | | | $x$ | | | 36 |
| (Ionita, 2009) | $x$ | $x$ | $x$ | $x$ | | | $x$ | | | | | | | $x$ | 37 |
| (Liu & Yin,
2009) | $x$ | $x$ | | | | | | | $x$ | | | | | | 38 |
| (Prasad, Hruko,
& Green, 2009) | $x$ | | | | | | $x$ | $x$ | | | | | $x$ | | 39 |
| (Robb & Parent,
2009) | $x$ | | | $x$ | $x$ | | | | | | | $x$ | | | 40 |
| (Van
Goonbergen &
De Haro, 2009) | $x$ | $x$ | $x$ | $x$ | $x$ | | | $x$ | | $x$ | $x$ | | | $x$ | 41 |
| (Bouraad, 2010) | $x$ | | | | | | | | $x$ | | | | | | 42 |
| (Butler & Butler,
2010) | $x$ | | | $x$ | | | | | | | $x$ | | | | 43 |
| (Dumert, 2010) | | | | | | | | | | | $x$ | | | | 44 |
| (De Jong, Van
Hillegenberg,
Van Eck, Van
Der Kolk, &
Jorissen, 2010) | $x$ | $x$ | | $x$ | | $x$ | | | | | | $x$ | | | 45 |
| (Huang, Zouid,
& Price, 2010) | $x$ | | $x$ | | | | $x$ | | | | | | | | 46 |
| (Kamegawa,
2010) | | $x$ | | | | | | | | $x$ | | | | | 47 |
| (Ko & Fink,
2010) | $x$ | $x$ | $x$ | | | | | | $x$ | | | | | | 48 |
| (Laddower,
Quarrel, &
Steen, 2010) | | $x$ | | | $x$ | | | | | $x$ | | | | | 49 |
| (J Peppard,
2010) | $x$ | | | | | | | | $x$ | $x$ | | | | | 50 |
| (Prasad, Hruko,
& Green, 2010) | $x$ | | | | | | $x$ | $x$ | | | | | $x$ | | 51 |
| (Race et al.,
2010) | | | | $x$ | | $x$ | | | | | $x$ | | | | 52 |
| (Simonson,
Johnson, &
Ekstedt, 2010) | | $x$ | | $x$ | | | | | | | | | | | 53 |
| (Jain, 2011) | | $x$ | $x$ | $x$ | $x$ | | | | | $x$ | | | | | 54 |
| (Bradley et al.,
2012) | $x$ | | | | | $x$ | | $x$ | $x$ | | | | $x$ | | 55 |

Table 4. Continued

| Publication | Publication | Structure | Common-situation | Allogis-mient | Common-situation | Common-situation | Allogis-mient
Stem-stems | Common-situation | Allogis-mient
Common-situation | Other | Other | Other | Other |
| — | — | — | — | — | — | — | — | — | — | — | — | — | — |
| (Jusz, Gómez, & Barceló, 2012) | | x | | | | | x | | | | | | |
| (Kurtzovich, Busselber, & Sambamurthy, 2012) | x | | x | | | | x | x | | | | | x |
| (Prasad, Green, & Heales, 2012) | x | | x | | x | | | | | | | | x |
| (Pereira & da Silva, 2012) | | | | x | | | | | | | | | |
| (Sartang & Haider, 2012) | | x | x | | x | | | | | | | | x |
| (Zarvić, Stolze, Bodian, & Thomas, 2012) | x | | x | | | | | | | | | | |
| (Y. J. Kim, Lee, Koo, & Nam, 2013) | | | x | | x | | | | | | | x | |
| (Phiri & Weigao, 2013) | | x | | | | | x | | | | | x | |
| (Teo, Abd Munif, et al., 2013) | | | | | | | | | x | | | | |
| (Vogt & Hales, 2013) | | x | | | | | | | | x | | x | |
| (Bite-Abbas & Bakry, 2014) | | | | x | x | | | x | x | | | | |
| (Buchwald et al., 2014) | | x | x | x | x | x | x | | x | x | x | x | |
| (Harguem, Karuranga, & Mellouki, 2014) | x | | | | x | | x | x | | | x | | |
| (Magnusson & Rygstad, 2014) | | | | | | | | | | | | x | x |
| (Pang, 2014) | x | | | | | | | | | | x | | |
| (Daniel
Smits & Van
Hillsgeroberg, 2014) | | | | x | | | | | x | | | | |
| (Worrell, Bush, & Di Gargi, 2014) | | | | | | x | | | | | | | |
| (Coester & Von Solms, 2015) | | | x | | | | | | | | | | |
| (Dahlberg, 2015) | | | x | | | | | x | | | | | |
| (Hinkkanen, Pekkala, & Collin, 2015) | | x | | | | | | | | | | | |
| (Karbade, Shaw, & Subramanyam, 2015) | | x | | | | x | | | | | | | |
| (Lwakature, Kavaja, Haagouda, & Tolonen, 2015) | x | x | x | | x | | | | | | | | |
| (Schlösser et al., 2015) | | | x | | | | | x | | | | | |
| (De Mame & De Haan, 2016) | | | | | | | | x | x | | | | |

Table 4. Continued

Figure 3. IT governance-management interface aspects.

1. Decision-making structures. The most popular aspect found in literature is decision-making structures, understood as organizational units in which to place the locus of IT decisions and responsibilities.

Table 5. Overview of IT governance-management interface Structures aspect

• IT decisions. The main objective of decision-making structures is to direct the business strategy and control the IT performance and proposals of investment thus determining IT activities. These primarily include IT principles, infrastructure, use, project management, architecture, business applications needs, and investment prioritization.
• Roles and responsibilities. Roles and responsibilities are set to allow everyone involved to know who decides what, as well as who should participate, who should advise, and who should provide the information as inputs for making those decisions. Responsibility should be shared and viewed as such by establishing well-defined decision-making structures.
• CIO role/profile. The CIO can adopt several roles depending on the perception the board has on him/her and other factors about leadership, IT function capabilities, etcetera (Joe Peppard, Edwards, & Lambert, 2011).
• Locus of authority/archetypes. Several works focused on patterns concerning where to allocate the authority-ranging from centralized to decentralized versions-through intermediate combinations involving top management or corporate center, business units, and IT specialists, explaining its advantages and disadvantages.
• IT committees. Different committees or other similar structures should be formally stated with a combination of people from both IT and business sides, overlapping in accountabilities and responsibilities of their functions.

• Business-IT relationship roles. Researchers have studied IT outsourcing with special attention on classifications of responsibilities and descriptions can better guide those organizations having a customer-provider relationship with their internal IT team instead of a business partner relationship.

2. Alignment processes. Strategic alignment is the ability organizations have in linking business and IT strategies when making investments to realize business value from IT.

Table 6. Overview of IT governance-management interface Alignment aspects

• Business-IT alignment. Perhaps the first authors to arouse interest in the strategic business-IT alignment were Venkatraman et al. (Venkatraman et al., 1993). They presented a strategic alignment model (SAM) identifying the business domain and the IT domain, explaining four dominant alignment perspectives: strategy execution, technology potential, competitive potential, and service level.
• IT investment prioritization. The alignment actions we found are mainly processes to identify business cases for IT decisions, formally tracking the business value delivered by IT, evaluation and prioritization of IT investments, and monitoring the IT implementation and projects, its performance (arranging metrics), and resources consumed. Normally, researchers refer to project portfolio when they address IT investment evaluation and prioritization and then coherent, well managed, and governed portfolio that provides value and improves performance. Finally, after the post-selection of projects, monitoring and controlling the portfolio ensure alignment is achieved with what was evaluated such as risks, benefits, outcomes, and so on.
• Other alignment mechanisms. One of the most popular mechanisms is the balanced scorecard (BSC), among others. Service level agreement (SLA) is another alignment mechanism to measure whether the service delivers the expected value to the business.

3. Communication approaches. The main aim of communication approaches, also known as relational mechanisms, is to disseminate IT governance principles, policies, and outcomes of IT decisionmaking processes among all stakeholders.

Table 7. Overview of IT governance-management interface Communication aspects

• Stakeholders’ understanding and engagement. Mutual understanding among business and IT stakeholders in both directions is a key factor to improving communication and, thus, assessing the business-IT alignment. If there is a lack of communication, it is difficult to design a collaborative strategy that places IT in line with business needs.
• Negotiation. Mutual awareness of responsibilities and activities is an essential aspect to improve the communication among layers and stakeholders as well as reducing the resistance to change.
• Participation. The relational mechanisms promote better communication and include business/IT participation and partnership to achieve joint goals.
• Dissemination. Organizations should communicate IT governance principles, mission, vision, policies, plans, objectives, and outcomes of IT decision-making processes. However, they should also disseminate and promote them by using board announcements, channels, advocates, and education efforts.
• Trust and behavior. Defining communication approaches and improving their mechanisms will also transmit trust in IT. Promoting good behavior regarding IT use can contribute positively to share strategic perspectives, cooperation, project quality, and several aspects of performance improvement.

4. Frameworks. A framework is a system of rules, ideas, or beliefs designed to support and decide on all the IT governance and management aspects.

• Assessment frameworks and maturity models. IT governance models or frameworks serve to monitor and assess whether the IT governance mechanisms are working as expected. Furthermore, IT governance frameworks include maturity models in their design and development owing to continuous improvement.
• Framework design and own solutions. Several researchers provided guidelines and recommendations when designing an IT governance framework.
• Solutions based on already created frameworks. There are thousands of solutions and frameworks in the literature regarding IT governance. However, most researchers focused their work on existing models or frameworks, thus modifying them according to their needs.

Table 8. Overview of IT governance-management interface Frameworks aspects

• List of frameworks. Mainly, regarding the papers included in this work, researchers used the following frameworks in their studies: COBIT 3, COBIT 4, COBIT 5, ISO/IEC 38500, COSO, and the recommendations of the Third King Report on Governance for South Africa.

5. Monitoring. Once IT is measured and monitored over a period, organizations should review the results, deciding on decisions, and adopting corrective measures as needed. The main aim to monitor is to assess if IT is delivering the promised value by measuring some established metrics, considering their subjective nature of the difficulty to obtain those.

Table 9. Overview of IT governance-management interface Monitoring aspects

• Metrics and indicators. Organizations should establish business metrics to be monitored that will help realize the value delivered by IT. Board expects that IT solutions performance is as planned by having invested and exploited the technology to provide business value.
• ITperformance/service quality. The board should monitor the IT management’s performance objectives to assure that their achievement is aligned with business needs, assessing the expected value delivered by IT.

• Measurement. An assessment is needed to ensure the promised benefits by investing in a specific solution are provided. Previously in the planning stage, IT management specified the needed metrics to measure the performance and the conformance on IT, following the specifications indicated by the organization strategy, policies, and rules.

6. Risks. Risk management is one of the five focus areas to be controlled by IT governance, according to ITGI (ITGI, 2003), as well as an aspect to be monitored. Thus, policies, strategies, management procedures, business processes, and operational activities should be aligned to evaluate and manage risk.

Table 10. Overview of IT governance-management interface Risks aspects

• Management and impact. IT risks are understood as IT vulnerabilities that negatively affect the business. Risks and problems are derived directly from IT but its result, i.e. their negative impact, is on the business. Thus, the responsibility for them should be shared among all organizational levels.
• Awareness, responsibility, and decision. Several practices or actions from the perspective of the management team but to communicate issues to governance and operational layers to ensure everybody in the company is aware of security issues regarding IT and the business.
• Control and mitigation mechanisms. The IT function is accountable, offering the necessary information to ensure that IT governance and the board decide what levels of risk are acceptable. Thus, the board must assure and be confident about their organization’s IT capabilities, vulnerabilities, and limits.

7. Strategical engagement. According to the ISO/IEC 38500 (ISO/IEC 38500, 2015) standard, the business strategy should consider the current and future capabilities of IT while IT use should satisfy current and future business needs.

• Business IT implementation. Whatever companies want to invest in, they must first ensure the new acquisitions are for strategic use and beneficial for the business. For that purpose, business units should jointly study the proposition from both sides with IT management.
• Stakeholders’ involvement/commitment. When defining the IT strategy, the CIO must participate in business strategy and other executives and board participates in IT strategy,

Table 11. Overview of IT governance-management interface Strategical engagement aspects

ensuring both have the knowledge needed to better position the business against the competition.

• Sponsorship. Sponsors as senior managers with authority to support IT projects, assign resources and monitor programs by meeting regularly with IT people reviewing the expected value and quality.

8. Knowledge sharing. Knowledge sharing is understood as mutual understanding and collaboration of business and IT objectives and plans. On the one hand, as business understands IT, they are more willing to support new IT proposals with proper funding and prioritization. On the other hand, as IT understands the business, their innovative ideas and proposals are of greater interest to the business.

Table 12. Overview of IT governance-management interface Knowledge sharing aspects

• Collaboration. IT plays an important role, of course, but knowledge and cooperation are also needed. This collaboration is related to dynamic capabilities that provide flexibility and dynamism to firms that can manage changes and profit from opportunities offered by IT.

• Shared learning. Regarding group learning, they showed an integrating process that develops shared understanding among individuals and takes coordinated actions through mutual adjustment, including group dynamics, trust, internal commitment, and shared vision.
• Partnership. When both business and IT sides contribute to each other, they have a partnership relationship, subsequently sharing not only knowledge but also risks and rewards. Trusting in each other also improves the IT management sophistication, increasing the delivery of expected results.
• Information quality exchange. This involves the processes that allow the board to gain access to sufficient and relevant information about IT for their decision-making discussions.

9. Human behavior. People as an aspect to be considered when they want to develop and implement IT governance. Social aspects and human behavior are crucial for communication and relational mechanisms.

Table 13. Overview of IT governance-management interface Human behavior aspects

• Capabilities and skills. Human capabilities and skills should be considered in selecting the strategy that best suits each concrete situation in organizations. The personal attributes a CIO should have are communication and influencing skills, commercial acumen, networking skills, and people management skills. This is remarkable because the CIO is normally the communicator in the corporate-IT governance interface but also in the IT governancemanagement interface.
• Culture. Researchers are giving more importance to soft aspects of governance as a desirable behavior consistent with the organization’s beliefs, values, norms, informal organization, mission, strategy, and culture. By promoting a culture of participation in IT governance initiatives, not only on board and top-level layers but also in tactical and lower layers, may increase involvement, responsibilities, awareness, and willingness in IT governance aspects regarding what affects the perceived importance about it.
• Leadership. One of the competencies of IT-related executives should have is leadership as well as proactive skills to drive, support, and shape the business through an innovative and competitive path. However, leadership should be seen in both business and IT.

10. Value. Value generation can take many forms, depending on the importance each organization gives to its specific business. Nonetheless, organizations are increasingly aware of controlling and measuring IT to ensure whether the expected value has been provided.

Table 14. Overview of IT governance-management interface Value aspects

• Business and impact. Business and IT plans should be designed collaboratively involving all of the stakeholders, considering the logical expected value IT would provide regarding its features, characteristics, and abilities.
• IT investments. One of the decisions IT people should not make on their own is establishing the value level that IT should deliver and what should be the acceptable quality.
• Competitive advantage. This competitive advantage may have different forms or shapes depending on the importance of the business. For example, the value may be elapsed time for order/service fulfillment, customer satisfaction, customer wait time, employee productivity, profitability, business agility, efficiency, and adaptability. It is worth mentioning that these items are either subjective or difficult to measure, something in which all stakeholders must be aware.

11. Control. IT accountability is one of the drivers to measure the maturity level of IT governance in organizations. Organizations should be aware of rules and legislations regarding IT use and assess whether their compliance.

Table 15. Overview of IT governance-management interface Control aspects

• Compliance and accountability. Compliance processes should be established to ensure accountability and responsiveness to business needs. These processes show transparency in decision outcomes and IT accountability.
• Decision outputs and outcomes. Generally, organizations collaborate with IT to define and set several key goals and performance indicators in advance to control IT results, as well as some reporting/documentation processes through which all stakeholders may include incidents, status, activities, risk indicators, and any other needed information.

• Conformance. The organization must be aware of laws, rules, and audits to know what information it needs to collect. The CIO should also establish the level of commitment from IT to provide business value as a competitive advantage. Legal and normative requirements should also be identified regarding their impact on IT processes.

12. Financial. The board has expected results that benefit the business even if they are having or not participated in those decisions that IT has made without considering the business objectives. To improve this situation, several necessary IT governance and management mechanisms will influence the communication interface between both layers.

Table 16. Overview of IT governance-management interface Financial aspects

• Investments and prioritization. The board or delegates should direct the IT about who determines objectives and how much to invest in these objectives. The focus should be on the value delivered by IT investments in a way that IT supports the business. A well-performed investment portfolio should be designed, with its necessary IT governance and management processes, considering path dependencies from past business decisions that involved specific IT infrastructure.
• Transparency of costs. Efficiency in delivering services is also highlighted but in a way that IT costs are transparent to the whole organization, impacted by how successful IT governance is.
• Heritage and debt. IT inherited from past decisions will influence new decisions, a broader concept than technical debt, which focuses solely on software issues. Thus, this heritage reduces the maneuverability of the organization in making decisions, as it can be affected by several factors such as vendor lock-ins, high switching costs, substantial complexity, and other internal controls.
• Outsourcing. The board should not delegate this responsibility to the IT department or the outsourced firm. Board or delegates need information regarding related risks, advantages, and disadvantages to their IT management and operational team, managing. for example, the SLAs.

Table 17. Overview of IT governance-management interface Resources aspects

13. Resources. Organizations have struggled to determine how to use resources to achieve competitive advantage by a long-term performance. Firms can generate value if they have IT-related capabilities that leverage IT resources that are valuable, rare, and costly to imitate.

• Enablers and drivers. Resources may be enablers and drivers in an organization if they are difficult to replicate and imitate, thus providing a competitive advantage. When decisions about allocating resources are made strategically-and jointly between governance and management-IT assumes the role of flexible and transparent infrastructure supporter, new technology evaluator, and provider, enabling business processes and providing customizable and standardized solutions.
• Monitored investments. Control and monitoring processes are needed to assure that the required resources are provided in the selected and sponsored projects, such as capabilities, knowledge and leadership, skills and experience, tools and processes, and optimism and degree of trust. This also involves the board in strategic IT investment decisions, such as a value proposition used to guide the justification of the resources acquired and the commitment to IT results.
• Heritage and dependency. Organizations should become aware of IT resources and infrastructure inherited from past decisions with possible path-dependence in several IT systems.

14. Direction. Board or delegates should direct, specifying exactly what they expect from management, and then evaluate and monitor IT performance and results to know if IT responds as expected and specified. According to ISO/IEC 38500 (ISO/IEC 38500, 2015) standard, direct is one of the three main tasks the governing body must perform to govern IT.

Table 18. Overview of IT governance-management interface Direction aspects

• Principles and objectives. Direction should be provided by the board to the management team to follow the same principles, objectives, and business expectations. They should design a set of principles to synchronize business and IT with control systems, ensuring IT can rapidly adapt to business changes.
• Plans. IT plans should be directed by the governance structures to be aligned with business plans, following the same vision and mission to achieve business value. These plans should be translated into IT objectives, projects, and proposals that the IT management team would develop to carry out daily activities.
• Policy and regulations. The governance team should design policies to implement decisionmaking processes with the main objective of maximizing business value through IT resources These policies should be communicated to the IT management team to ensure they are also aware of rules and regulations. They will use these policies to assess and monitor conformance with rules, regulations, and risks.

Table 19. Milestones that may have influenced the number of studies

Figure 4. Number of publications per year.

Figure 5. Number of key aspects studied per year.

Table 20. Top three positions of key aspects per year

The gray boxes highlight the popular years indicated in Figure 5.

V. DISCUSSION

As previously stated, we have performed a scoping literature review because of the following reasons: the complex and extensive nature of the main study’s concepts (the communication interface between IT governance and IT management) and how well the scoping review fits manages a broad study. Thus, in this section, we focus on two aims: presenting the longitudinal analysis regarding the key aspects found in the literature and providing a research agenda addressing three main gaps we have found.

Longitudinal Analysis

Figure 4 shows the number of annual publications according to the number of publications included in this study. As we can see, in 2010, researchers published more studies on the IT governancemanagement communication interface, followed by the years 2004, 2012, and 2014. This may be because of the following milestones (Table 19):

If we analyze the number of aspects that have been studied per year (Figure 5), we can see that the previously mentioned years almost remain the same: 2004-2006, 2009-2010, and 2012-2014. It should be noted that all the fourteen aspects analyzed in this study were studied in 2014. This could also relate to the milestones mentioned in Table 19.

Regarding the number of papers that study each key aspect per year, decision-making structures occupy the first position in 9 of the 19 years studied, followed by alignment processes in 6, communication approaches and frameworks in 2, financial in 1, and risks in 1 (discounting 2001 as well as 1994 to 1998, as we have not found any paper related to this study during those years).

As Table 20 shows, researchers were interested in the three IT governance mechanisms during the years near the 2004 milestones. Before, the themes were quite varied although decision-making structures were already a topic of interest. Until the next milestone in 2009, the topics vary again, returning to two of the three IT governance mechanisms, with communication being replaced by frameworks, possibly owing to the milestones related to frameworks near 2010. After that, the three IT governance mechanisms reappear in different positions, although various key aspects have been gaining the interest of researchers and practitioners. This may be because of the difficulties encountered in implementing various frameworks (Buchwald et al., 2014), as well as the specific needs of each organization in focusing on other aspects of the communication interface between IT governance and IT management. The rebound in 2015 and 2017 could be owing to the launch of the second version of the ISO/IEC 38500 (ISO/IEC 38500, 2015) standard as well as its family. However, the decline in the following years, 2018 and 2019, could be because of the rise in popularity of the concept of digital transformation.

Gaps In Research And Research Agenda

After reviewing the literature and analyzing the 14 key aspects that should be considered in the communication interface when developing IT governance frameworks, we have identified the following three research gaps.

Gap 1: social and communication aspects have been less investigated.
The key aspects that occupy the first three positions in this study are decision-making structures, alignment processes, and communication approaches, in this order. This is not surprising, because this study has been based on the three IT governance mechanisms as they were first presented by Weill and Ross (Weill & Ross, 2004) and Van Grembergen et. al. (Van Grembergen et al., 2004). What is remarkable is the constant third position of communication approaches in the literature. In fact, according to Van Grembergen and De Haes (Van Grembergen & De Haes, 2009), there is not much knowledge about this mechanism in organizations, having verified it after evaluating the maturity level of the three mechanisms in several Belgian financial firms.

Furthermore, according to Table 20, communication approaches appear twice in the first position, in contrast to the other two mechanisms, where structures appear nine times and alignment appears six times. In this sense, Ko and Fink (Ko & Fink, 2010) and Smits and Van Hillegersberg (Daniel Smits & Van Hillegersberg, 2014) especially focused on the social aspect, identified as human behavior and knowledge sharing. Both concepts hardly appear in Table 20 and never occupy the first position. The importance of social and communicative aspects begins to slightly increase from 2015 onwards with studies such as Schlosser et al. (Schlosser, Beimborn, Weitzel, & Wagner, 2015) about social mechanisms that better support the mutual understanding among layers to improve the business performance. Another study by De Maere and De Haes (De Maere & De Haes, 2016) took a learning perspective and posed that communication and collaboration issues should be stated when implementing IT governance activities. Thus, social aspects that may include communication approaches, human behavior, knowledge sharing, culture, leadership, partnership, collaboration, participation, understanding, and engagement, should be researched more. This should help

organizations in developing and deploying IT governance frameworks that better fit their needs and will improve the communication interface among layers.

Gap 2: Organizations’ scope and development less researched.

In this study, we have emphasized the importance of analyzing empirical papers, which provide valuable information on the successes and difficulties that organizations experience when developing IT governance frameworks. Although the number of empirical studies found has been high ( $68 \%$ ), only $8 \%$ of these empirical studies were on developing countries, and only $11 \%$ were on public organizations. It would be interesting to delve into both aspects owing to the particularities that each one has. On one hand, developing countries are not only immature in IT governance, but they lack maturity in the use of IT. Because they lack even management aspects, there is minimal or no presence of governance aspects, thus they fail in aligning business with IT and in obtaining expected value, mainly because investments are solely management responsibility without board engagement and/ or sponsorship (Phiri & Weiguo, 2013). On the other hand, public organizations face difficulties in implementing IT governance, as up-to-date frameworks do not fit their needs. In public organizations, value is understood as efficiency in delivering services to the community instead of financial growth or competency advantage (Vogt & Hales, 2013). Thus, the definition of the strategy should have other focus to better align the business with IT. Therefore, it would be interesting to study the development and deployment of IT governance solutions in both developing and public scenarios to draw better conclusions, because the number of papers we have found on both has been inefficient.

Gap 3: Difficulties implementing IT governance

Several empirical studies show the theory-practice gap of implementing IT governance in organizations (Buchwald et al., 2014; De Maere & De Haes, 2017; González-Rojas et al., 2018; Daniël Smits & Van Hillegersberg, 2018b; Teo, Abd Manaf, et al., 2013). Buchwald et al. (Buchwald et al., 2014) argue that practitioners are not clearly understanding IT governance concepts, thus IT managers resist being governed. De Maere and De Haes (De Maere & De Haes, 2016) showed in their study that practitioners are facing misunderstandings regarding IT governance aspects, making it difficult for them to implement in their organizations. This may be because of the disparity in the different existing solutions. On the one hand, the ISO/IEC 38500 standard (last revision of 2015), in addition to presenting six principles of IT governance, explains the three activities to be carried out when governing IT: evaluate, direct, and monitor. They also explain how these three activities interact with IT management through direction and control. However, its focus is too broad, giving each organization the flexibility to implement the method or process that best suits them without specifying one in particular. Therefore, organizations do not purportedly know where to start. On the other hand, the COBIT framework (2019 version) is process-oriented and differentiates between IT governance and IT management. Similar to the standard, it explains the three activities to govern IT, i.e. evaluate, direct, and monitor. However, it is based on an extensive list of processes, making it overly cumbersome to implement (Dahlberg & Kivijärvi, 2006; Pereira & da Silva, 2012; Racz, Weippl, & Seufert, 2010). Needless to say how difficult it is to implement both in developing countries, whose political-social and economic context is complex (Yokkhun & Papasratorn, 2018).

CONCLUSION

In this study, we have performed a rigorous scoping review to study how IT governance and management communicate, identifying 14 key aspects regarding this interface. The reasons for conducting this review were because we aimed to map fields of study where it is difficult to see the

range of available material, as IT governance and IT management are both broad concepts (Arksey & O’Malley, 2005). We have based our study on the three IT governance mechanisms (Van Grembergen et al., 2004; Weill & Ross, 2004); the five key IT decisions stated by Weill and Ross (Weill & Ross, 2004); Ko and Fink’s (Ko & Fink, 2010) and Smits and van Hillegersberd’s (Daniel Smits & Van Hillegersberg, 2014) models; the five main focus areas of IT governance from ITGI (ITGI, 2003); and the six principles from the ISO/IEC 38500 (ISO/IEC 38500, 2015) standard, thus continuing with their work. We have prioritized empirical works as they provide insights from organizations and practitioners in their efforts of developing IT governance frameworks. We have detailed the 14 key aspects in 50 subsequent themes focusing on how IT governance and management layers should communicate to better understand themselves. Furthermore, we have shown the evolution of the popularity of the different aspects over the years and identified three research gaps for further research.

With this work, we have highlighted the aspects practitioners should focus on to better communicate among layers, thus emphasizing the IT governance-management interface. We have tried to conceptualize the aspects of IT governance, thus facilitating the understanding of practitioners when they are developing IT governance frameworks.

REFERENCES

Aasi, P., Rusu, L., & Han, S. (2014). The influence of culture on IT governance: A literature review. Proceedings of the Annual Hawaii International Conference on System Sciences, 4436-4445. doi:10.1109/HICSS.2014.546

Almeida, R., Pereira, R., & Mira da Silva, M. (2013). IT Governance Mechanisms: A Literature Review. In Exploring Services Science (Vol. 143, pp. 186-199). doi:10.1007/978-3-642-36356-6_14

Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management, 36(6), 907-916. doi:10.1016/j. ijinfomgt.2016.05.017

Arksey, H., & O’Malley, L. (2005). Scoping studies: Towards a methodological framework. International Journal of Social Research Methodology: Theory and Practice, 8(1), 19-32. doi:10.1080/1364557032000119616

Asgarkhani, M., Cater-Steel, A., Toleman, M., & Ally, M. (2018). A Conceptual Model to Evaluate the Effectiveness of Information Technology Governance. In International Conference on Management, Leadership, and Governance (ICMLG 2018) (pp. 41-50). Academic Press.

Badger, D., Nursten, J., Williams, P., & Woodward, M. (2000). Should all literature reviews be systematic? Evaluation and Research in Education, 14(3&4), 220-230. doi:10.1080/09500790008666974

Beulen, E. (2004). Governance in IT Outsourcing Partnerships. In Strategies for information technology governance (pp. 310-341). Idea Group Publishing. doi:10.4018/978-1-59140-140-7.ch012

Bianchi, I. S., & Sousa, R. D. (2016). IT Governance Mechanisms in Higher Education. Procedia Computer Science, 100, 941-946. doi:10.1016/j.procs.2016.09.253

Bin-Abbas, H., & Bakry, S. H. (2014). Assessment of IT governance in organizations: A simple integrated approach. Computers in Human Behavior, 32, 261-267. Advance online publication. doi:10.1016/j. chb.2013.12.019

Boonstra, A., Eseryel, U. Y., & van Offenbeek, M. A. G. (2017). Stakeholders’ enactment of competing logics in IT governance: Polarization, compromise or synthesis? European Journal of Information Systems, 27(4), 415-433. doi:10.1057/s41303-017-0055-0

Bounagui, Y., Mezrioui, A., & Hafiddi, H. (2019). Computer Standards & Interfaces Toward a unified framework for Cloud Computing governance : An approach for evaluating and integrating IT management and governance models. Computer Standards & Interfaces, 62(July), 98-118. 10.1016/j.csi.2018.09.001

Bouraad, F. (2010). IT project portfolio governance: The emerging operation manager. Project Management Journal, 41(5), 74-86. Advance online publication. doi:10.1002/pmj. 20083

Bradley, R. V., Byrd, T. A., Pridmore, J. L., Thrasher, E., Pratt, R. M. E., & Mbarika, V. W. A. (2012). An empirical examination of antecedents and consequences of IT governance in US hospitals. Journal of Information Technology, 27(2), 156-177. doi:10.1057/jit. 2012.3

Brown, A. E., & Grant, G. G. (2005). Framing the Frameworks: A Review of IT Governance Research. Communications of the Association for Information Systems, 15(May), 696-712. doi:10.17705/1CAIS. 01538

Buchwald, A., Urbach, N., & Ahlemann, F. (2014). Business value through controlled IT: Toward an integrated model of IT governance success and its impact. Journal of Information Technology, 29(2), 128-147. doi:10.1057/ jit. 2014.3

Butler, R., & Butler, M. J. (2010). Beyond King III: Assigning accountability for IT governance in South African enterprises. South African Journal of Business Management.

Caluwe, L., & De Haes, S. (2019). Board Level IT Governance : A Scoping Review to Set the Research Agenda. Information Systems Management, 36(3), 262-283. doi:10.1080/10580530.2019.1620505

Cervone, H. F. (2017). Implementing IT governance : a primer for informaticians. 10.1108/DLP-07-2017-0023
Coertze, J., & Von Solms, R. (2015). Towards a cybernetics-based communication framework for IT governance. Proceedings of the Annual Hawaii International Conference on System Sciences, 4595-4606. doi:10.1109/ HICSS. 2015.547

Dahlberg, T. (2015). Cooperation benefits in the establishment of voluntary inter-organizational IT governance for healthcare and social welfare IT - A case study. Proceedings of the Annual Hawaii International Conference on System Sciences. doi:10.1109/HICSS. 2015.370

Dahlberg, T., & Kivijärvi, H. (2006). An Integrated Framework for IT Governance and the Development and Validation of an Assessment Instrument. 39th Hawaii International Conference on System Sciences. doi:10.1109/ HICSS. 2006.57

Dameri, R. P. (2010). From IT compliance cost to IT governance benefits: An Italian business case. In Management of the Interconnected World - ItAIS. The Italian Association for Information Systems. doi:10.1007/978-3-7908-2404-9_37

Damianides, M. (2005). Sarbanes-Oxley and IT governance: New guidance on IT control and compliance. Information Systems Management, 22(1), 77-85. Advance online publication. doi:10.1201/1078/44912.22.1.2 $0051201 / 85741.9$

Daudt, H. M. L., Van Mossel, C., & Scott, S. J. (2013). Enhancing the scoping study methodology: A large, interprofessional team’s experience with Arksey and O’Malley’s framework. BMC Medical Research Methodology, 13(1), 48. doi:10.1186/1471-2288-13-48 PMID:23522333

De Jong, F., Van Hillegersberg, J., Van Eck, P., Van Der Kolk, F., & Jorissen, R. (2010). Governance of offshore IT outsourcing at shell global functions IT-BAM development and application of a governance framework to improve outsourcing relationships. Lecture Notes in Business Information Processing. doi:10.1007/978-3-642-$15417-1 \_8$

De Maere, K., & De Haes, S. (2016). Exploring Organizational Learning in the Context of IT Governance. In 10th European Conference on Information Systems Management (pp. 215-222). Academic Press.

De Maere, K., & De Haes, S. (2017). An Investigation of the Theory-Practice Gap in the Context of IT Governance. Proceedings of the 13Th European Conference on Management, Leadership and Governance (Ecmlg 2017), 530-537.

De Smet, D., & Mayer, N. (2016). Integration of IT governance and security risk management: A systematic literature review. 2016 International Conference on Information Society (i-Society). doi:10.1109/iSociety. 2016.7854200

Drake, J. R., & Byrd, T. A. (2006). Risk in Information Technology Project Portfolio Management. Journal of Information Technology Theory and Application.

Ernest, M., & Nisavic, J. M. (2007). Adding value to the IT organization with the Component Business Model. IBM Systems Journal, 46(3), 387-403. doi:10.1147/sj.463.0387

Gewald, H., & Helbig, K. (2006). A governance model for managing outsourcing partnerships a view from practice. Proceedings of the Annual Hawaii International Conference on System Sciences. doi:10.1109/ HICSS. 2006.12

Gómez, B., Bermejo, B., & Juiz, C. (2017). IT Governance and Its Implementation Based on a Detailed Framework of IT Governance (dFogIT) in Public Enterprises. In Information Technology Governance in Public Organizations (pp. 133-155). Academic Press.

González-Rojas, O., Gómez-Morantes, J. E., & Beltrán, G. (2018). Gaps between theory and practice on IT governance capabilities. In Lecture Notes in Information Systems and Organisation (Vol. 26, pp. 129-148). doi:10.1007/978-3-319-74817-7_9

Guldentops, E. (2002). Governing Information Technology Through CobiT. In Integrity. Internal Control and Security in Information Systems. doi:10.1007/978-0-387-35583-2_8

Harguem, S., Karuranga, E., & Mellouli, S. (2014). Impact of IT Governance on Organizational Performance : Proposing an Explanatory Model. Proceedings of the European Conference on Management, Leadership & Governance.

Henderson, J. C., & Venkatraman, H. (1993). Strategic alignment: Leveraging information technology for transforming organizations. IBM Systems Journal, 32(1), 472-484. Advance online publication. doi:10.1147/ sj.382.0472

Hiekkanen, K., Pekkala, A., & Collin, J. (2015). Improving Strategic Alignment: A Case Study. Information Resources Management Journal, 28(4), 19-37. doi:10.4018/IRMJ. 2015100102

Huang, R., Zmud, R. W., & Price, R. L. (2010). Influencing the effectiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, 19(3), 288-302. Advance online publication. doi:10.1057/ejis.2010.16

Ionita, F. D. (2009). IT governance - a global approach at company level. Electronic Government, an International Journal. 10.1504/EG.2009.027786

ISACA. (2018). COBIT 2019 Framework: Introduction & Methodology. ISACA.
ISO/IEC 38500. (2015). Information Technology — Governance of IT - For the organization.
ITGI. (2003). Board Briefing on IT Governance (2nd ed.). IT Governance Institute.
Jamieson, R. (2002). Governance for E-Business Knowledge Management systems. In 2nd Working Conference on E-Business (pp. 437-459). Copenhagen: Kluwer Academic Publishers.

Jordan, E. (2005). An Integrated IT Risk Model. In 9th Pacific Asia Conference on Information Systems (PACIS 2005) (pp. 632-644). Bangkok: Natl Sun Yat-Sen Univ.

Juiz, C. (2011). New engagement model of IT governance and IT management for the communication of the IT value at enterprises. In Communications in Computer and Information Science. doi:10.1007/978-3-642-22603-8_13

Juiz, C., Gomez, B., & Rosenmöller, M. (2017). Standardization of IT Governance in Healthcare Institutions. Proceedings of the 19th International Conference on E-Health Networking, Applications and Services (Healthcom).

Juiz, C., Gómez, M., & Barceló, M. I. (2012). Implementing business/IT projects alignment through the project portfolio approval process. In Lecture Notes in Electrical Engineering (Vol. 180, pp. 1-8). LNEE., doi:10.1007/978-94-007-5083-8_1

Kamogawa, T. (2010). Structural models that manage IT portfolio affecting business value of enterprise architecture. IEICE Transactions on Information and Systems, E93D(9), 2566-2576. 10.1587/transinf.E93.D. 2566

Karhade, P., Shaw, M. J., & Subramanyam, R. (2015). Patterns in Information Systems Portfolio Prioritization: Evidence from Decision Tree Induction. Management Information Systems Quarterly, 39(2), 413-433. Advance online publication. doi:10.25300/MISQ/2015/39.2.07

Kearns, G. S., & Lederer, A. L. (2003). A resource-based view of strategic IT alignment: How knowledge sharing creates competitive advantage. Decision Sciences, 34(1), 1-29. Advance online publication. doi:10.1111/15405915.02289

Keyes-Pearce, S. V. (2002). Rethinking the Importance of IT Governance in the e-World. In 6th Pacific Asia Conference on Information Systems (PACIS-2002) (pp. 256-272). Academic Press.

Khouja, M., Bouassida Rodriguez, I., Ben Halima, Y., & Moalla, S. (2018). IT Governance in Higher Education Institutions: A Systematic Literature Review. International Journal of Human Capital and Information Technology Professionals, 9(2), 52-67. doi:10.4018/IJHCITP. 2018040104

Kim, S. (2007). Governance of Information Security: New Paradigm of Security Management. In N. Nedjah, A. Abraham, & L. Mourelle (Eds.), Computational intelligence in information assurance and security (pp. 235-254). Springer. doi:10.1007/978-3-540-71078-3_9

Kim, Y. J., Lee, J. M., Koo, C., & Nam, K. (2013). The role of governance effectiveness in explaining IT outsourcing performance. International Journal of Information Management, 33(5), 850-860. doi:10.1016/j. ijinfomgt.2013.07.003

Kitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Technical report EBSE-2007-01. Keele.

Klotz, S., Kopper, A., Westner, M., & Strahringer, S. (2019). Causing factors, outcomes, and governance of Shadow IT and business-managed IT : A systematic literature review. International Journal of Information Systems and Project Management, 7(1), 15-43. doi:10.12821/ijispm070102

Ko, D., & Fink, D. (2010). Information technology governance : An evaluation of the theory-practice gap. $10.1108 / 14720701011085616$

Könning, M., Westner, M., & Strahringer, S. (2019). A Systematic Review of Recent Developments in IT Outsourcing Research. Information Systems Management, 36(1), 78-96. doi:10.1080/10580530.2018.1553650

Kuruzovich, J., Bassellier, G., & Sambamurthy, V. (2012). IT governance processes and IT alignment: Viewpoints from the board of directors. Proceedings of the Annual Hawaii International Conference on System Sciences. doi:10.1109/HICSS. 2012.394

Lankhorst, M. M., Quartel, D. A. C., & Steen, M. W. A. (2010). Architecture-based IT portfolio valuation. Lecture Notes in Business Information Processing. doi:10.1007/978-3-642-16770-6_4

Levac, D., Colquhoun, H., & O’Brien, K. K. (2010). Scoping studies: Advancing the methodology. Implementation Science; IS, 5(1), 69. doi:10.1186/1748-5908-5-69 PMID:20854677

Levstek, A., Hovelja, T., & Pucihar, A. (2018). IT Governance Mechanisms and Contingency Factors. Towards an Adaptive IT Governance Model, 51(4), 286-310. Advance online publication. doi:10.2478/orga-2018-0024

Liu, L., & Yin, G. (2009). IT organization transformation in enterprise eCommerce. 2nd International Symposium on Electronic Commerce and Security, ISECS 2009. doi:10.1109/ISECS.2009.92

Luftman, J. (2000). Assessing Business-It Alignment Maturity. Communications of the Association for Information Systems.

Lwakatare, L. E., Kuvaja, P., Haapasalo, H., & Tolonen, A. (2015). Empirical challenges in the implementation of IT portfolio management: A survey in three companies. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). doi:10.1007/978-3-319-19069-3_28

Magnusson, J., & Bygstad, B. (2014). Technology Debt: Toward a New Theory of Technology Heritage. ECIS.
Magnusson, J., Juiz, C., Gómez, B., & Bermejo, B. (2018). Governing technology debt: Beyond technical debt. In International Conference on Software Engineering (pp. 76-84). doi:10.1145/3194164.3194169

Marshall, P., & McKay, J. (2004). Strategic IT Planning, Evaluation and Benefits Management: The basis for effective IT governance. AJIS. Australasian Journal of Information Systems, 11(2). Advance online publication. doi:10.3127/ajis.v11i2.112

Medeiros, B. C., Danjour, M. F., & De Sousa Neto, M. V. (2017). Project management: Contributions for IT governance in brazilian public sector. Revista Gestao & Tecnologia-Journal of Management and Technology, 17(1), 54-78. doi:10.20397/2177-6652/2017.v17i1.977

Moura, A., Sauvé, J., & Bartolini, C. (2007). Research challenges of business-driven IT management. In Second IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM 2007. doi:10.1109/ BDIM.2007.375008

Neirotti, P., & Paolucci, E. (2007). Assessing the strategic value of Information Technology: An analysis on the insurance sector. Information & Management, 44(6), 568-582. Advance online publication. doi:10.1016/j. im.2007.05.005

Neuman, W. L. (2011). Social Research Methods: Qualitative and Quantitative Approaches (7th ed.). Pearson Education.

Nolan, R., & McFarlan, F. W. (2005). Information technology and the board of directors. Harvard Business Review. PMID:16250628

Nuijten, A., Zwiers, B., & van der Piji, G. (2008). The Effect of IS-Auditors’ Risk Information on IS-Managers’ Perceived Risk. In J. Hampe, M. Swatman, J. Gricar, A. Pucihar, & G. Lenart (Eds.), 21st Bled eConference on eCollaboration - Overcoming Boundaries through Multi-Chanel Interaction (pp. 182-197). Bled: Univ Maribor.

Okoli, C., & Schabram, K. (2010). A Guide to Conducting a Systematic Literature Review of Information Systems Research. SSRN Electronic Journal. 10.2139/ssrn. 1954824

Pang, M. S. (2014). IT governance and business value in the public sector organizations - The role of elected representatives in IT governance and its impact on IT value in U.S. state governments. Decision Support Systems, 59(1), 274-285. doi:10.1016/j.dss.2013.12.006

Paré, G., Trudel, M. C., Jaana, M., & Kitsiou, S. (2015). Synthesizing information systems knowledge: A typology of literature reviews. Information & Management, 52(2), 183-199. Advance online publication. doi:10.1016/j. im.2014.08.008

Parry, V. K. A., & Lind, M. L. (2016). Alignment of Business Strategy and Information Technology Considering Information Technology Governance, Project Portfolio Control, and Risk Management. International Journal of Information Technology Project Management, 7(4), 21-37. doi:10.4018/IJITPM. 2016100102

Pawson, R. (2002). Evidence-based Policy: In Search of a Method. Evaluation, 8(2), 157-181. doi:10.1177/1358902002008002512

Peppard, J. (2010). Unlocking the performance of the Chief Information Officer (CIO). California Management Review, 52(4), 73-99. doi:10.1525/cmr.2010.52.4.73

Peppard, J., Edwards, C., & Lambert, R. (2011). Clarifying the ambiguous role of the CIO. MIS Quarterly Executive. Advance online publication. doi:10.1108/02635570910926564

Pereira, R., & da Silva, M. M. (2012). Towards an Integrated IT Governance and IT Management Framework. In 2012 IEEE 16th International Enterprise Distributed Object Computing Conference. doi:10.1109/EDOC.2012.30

Peterson, R. (2004). Crafting Information Technology Governance. Information Systems Management, 21(October), 7-22. doi:10.1201/1078/44705.21.4.20040901/84183.2

Phiri, D., & Weiguo, F. (2013). Information Technology Investment and Firm Performance in Developing Economies: The Relationship Between Management Practices and Performance. In Z. Zhang, J. Zhang, & R. Zhang (Eds.), 2nd International Conference on Logistics, Informatics and Service Science (LISS). Springer. doi:10.1007/978-3-642-32054-5_76

Prasad, A., Green, P., & Heales, J. (2012). On IT governance structures and their effectiveness in collaborative organizational structures. International Journal of Accounting Information Systems, 13(3), 199-220. Advance online publication. doi:10.1016/j.accinf.2012.06.005

Prasad, A., Heales, J., & Green, P. (2009). Towards a Deeper Understanding of Information Technology Governance Effectiveness : A Capabilities-Based Approach. In International Conference on Information Systems (ICIS 2009) (pp. 1-19). Academic Press.

Prasad, A., Heales, J., & Green, P. (2010). A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: Evidence from IT steering committees. International Journal of Accounting Information Systems, 11(3), 214-232. Advance online publication. doi:10.1016/j.accinf.2010.07.013

Racz, N., Weippl, E., & Seufert, A. (2010). A process model for integrated IT governance, risk, and compliance management. The Ninth Baltic Conference on Databases and Information Systems.

Rahimi, F., Møller, C., & Hvam, L. (2016). Business process management and IT management: The missing integration. International Journal of Information Management, 36(1), 142-154. Advance online publication. doi:10.1016/j.ijinfomgt.2015.10.004

Rau, K. G. (2004). Effective Governance of It: Design Objectives, Roles, and Relationships. Information Systems Management, 21(4), 35-42. Advance online publication. doi:10.1201/1078/44705.21.4.20040901/84185.4

Raymond, L., Bergeron, F., Croteau, A. M., & Uwizeyemungu, S. (2019). Determinants and outcomes of IT governance in manufacturing SMEs: A strategic IT management perspective. International Journal of Accounting Information Systems, 35, 100422. doi:10.1016/j.accinf.2019.07.001

Robb, A., & Parent, M. (2009). Understanding IT Governance: A Case of Two Financial Mutuals. Journal of Global Information Management, 17(3), 59-77. Advance online publication. doi:10.4018/jgim. 2009070104

Ross, J. W., & Weill, P. (2002). Six IT decisions your IT people shouldn’t make. Harvard Business Review.

Saetang, S., & Haider, A. (2012). CIO and CTO Nexus: Empowering Organizations with IT Governance. Picmet `12: Proceedings - Technology Management for Emerging Technologies.

Salle, M., & Di-Vitantonio, G. (2006). Business Service Management: The Impact of IT Governance Models on IT Management Policies. 2006 IEEE International Conference on Services Computing (SCC’06). doi:10.1109/ SCC.2006.31

Sambamurthy, V., & Zmud, R. W. (1999). Arrangements for Information Technology Governance: A Theory of Multiple Contingencies. Management Information Systems Quarterly, 23(2), 261. Advance online publication. doi:10.2307/249754

Schlosser, F., Beimborn, D., Weitzel, T., & Wagner, H. T. (2015). Achieving social alignment between business and IT - An empirical evaluation of the efficacy of IT governance mechanisms. Journal of Information Technology, 30(2), 119-135. Advance online publication. doi:10.1057/jit. 2015.2

Selig, G. J. (2016). IT Governance-An Integrated Framework and Roadmap : How to Plan, Deploy and Sustain for Improved Effectiveness. Journal of International Technology and Information Management, 25(1), 55-77.

Silvius, A. J. G. (2007). Exploring Differences in the Perception of Business & IT Alignment. Communications of the IIMA. 10.1007/BF00289625

Simonsson, M., & Johnson, P. (2008). The IT organization modeling and assessment tool: Correlating IT governance maturity with the effect of IT. Proceedings of the Annual Hawaii International Conference on System Sciences. doi:10.1109/HICSS. 2008.447

Simonsson, M., Johnson, P., & Ekstedt, M. (2010). The effect of IT governance maturity on IT governance performance. Information Systems Management, 27(1), 10-24. doi:10.1080/10580530903455106

Sirisomboonsuk, P., Ching, V., Qing, R., & Burns, J. R. (2018). ScienceDirect Relationships between project governance and information technology governance and their impact on project performance. International Journal of Project Management, 36(2), 287-300. doi:10.1016/j.ijproman.2017.10.003

Sledgianowski, D., & Luftman, J. (2005). IT-Business Strategic Alignment Maturity. Journal of Cases on Information Technology, 7(2), 102-120. Advance online publication. doi:10.4018/jcit. 2005040107

Smits, D., & Van Hillegersberg, J. (2014). The Development of an IT Governance Maturity Model for Hard and Soft Governance. In J. Devos & S. De Haes (Eds.), 8th European Conference on IS Management and Evaluation (ECIME) (pp. 347-355). Ghent: Acad Conferences Ltd.

Smits, D., & Van Hillegersberg, J. (2018a). Hard and Soft Governance: The Missing Link Between Corporate and IT Governance. In International Conference on Management, Leadership, and Governance (ICMLG 2018) (pp. 421-430). Academic Press.

Smits, D., & Van Hillegersberg, J. (2018b). The continuing mismatch between IT governance maturity theory and practice: A new approach. Procedia Computer Science, 138, 549-560. doi:10.1016/j.procs.2018.10.075

Spósito, M. A. F., Neto, A. C. D., & Barreto, R. da S. (2016). Business-IT Alignment Research Field - A Systematic Literature Review. In Proceedings of the 18th International Conference on Enterprise Information Systems. doi:10.5220/0005832005490558

Spremic, M., & Popovic, M. (2007). Towards a corporate IT risk management model. In 6th WSEAS International Conference on Information Security and Privacy (p. 111). Puerto de la Cruz: World Scientific and Engineering Acad and Soc.

Tallon, P. P. (2014). Do you see what I see? The search for consensus among executives’ perceptions of IT business value. European Journal of Information Systems, 23(3), 306-325. doi:10.1057/ejis. 2013.2

Tambotoh, J. J. C., Kosala, R., Ranti, B., Isa, S. M., & Pudjianto, B. W. (2017). A Conceptual Model for Creating Effective Public Value Through Key Practices in Information Technology Governance Mechanisms. Academic Press.

Teo, W. L., Abd Manaf, A., & Choong, P. L. F. (2013). Practitioner Factors Influencing Participation in Information Technology Governance Initiatives. In K. Solimon (Ed.), 20th International-Business-Information-ManagementAssoc Conf on Entrepreneurship Vision 2020: Innovation, Development Sustainability, and Economic Growth (p. 696). Kuala Lumpur: Int Business Information Management Assoc-IBIMA.

Teo, W. L., Manaf, A. A., & Choong, P. L. F. (2013). Perceived effectiveness of information technology governance initiatives among IT practitioners. International Journal of Engineering Business Management, 5, 19. Advance online publication. doi:10.5772/56661

Tjong, Y., Adi, S., Prabowo, H., & Kosala, R. (2017). Benefits to implementing IT governance in higher education: (Systematic literature review). In International Conference on Information Management and Technology, ICIMTech 2017 (pp. 35-38). Yogyakarta. doi:10.1109/ICIMTech.2017.8273507

Van Den Berg, M., & Van Vliet, H. (2014). Enterprise architects should follow the money. In 16th IEEE Conference on Business Informatics, CBI 2014 (Vol. 1, pp. 135-142). IEEE. doi:10.1109/CBI.2014.10

Van Grembergen, W., & De Haes, S. (2009). Enterprise governance of information technology: Achieving strategic alignment and value. Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. 10.1007/978-0-387-84882-2

Van Grembergen, W., De Haes, S., & Guldentops, E. (2004). Structures, Processes and Relational Mechanisms for IT Governance. IGI Global. 10.4018/978-1-59140-140-7.ch001

Venkatraman, N., Henderson, J. C., & Oldach, S. (1993). Continuous strategic alignment: Exploiting information technology capabilities for competitive success. European Management Journal, 11(2), 139-149. Advance online publication. doi:10.1016/0263-2373(93)90037-I

Vogt, M., & Hales, K. (2013). Alignment of IT Projects and Investments to Community Values. In From government to e-governance: public administration in the digital age (pp. 93-113). IGI Global. doi:10.4018/978-1-4666-1909-8.ch007

Von Solms, S. H. (2005). Information Security Governance - Compliance management vs operational management. Computers & Security, 24(6), 443-447. Advance online publication. doi:10.1016/j.cose.2005.07.003

Vunk, M., Mayer, N., & Matulevičius, R. (2017). A Framework for Assessing Organisational IT Governance, Risk and Compliance. In Software Process Improvement and Capability Determination (Vol. 1, pp. 337-350). SPICE. doi:10.1007/978-3-319-67383-7_25

Waheed, H., Hussin, H., & Razi, M. J. M. (2018). The influence of IT leaders’ leadership behaviour on IT governance performance in Higher Education: A Literature Review. In International Conference on Information and Communication Technology for the Muslim World 2018, ICT4M 2018 (pp. 254-259). doi:10.1109/ ICT4M. 2018.00054

Warkentin, M., & Johnston, A. C. (2008). IT Governance and Organizational Design for Security Management. Information Security Policies and Practices.

Webb, P., Pollard, C., & Ridley, G. (2006). Attempting to define IT governance: Wisdom or folly? Proceedings of the Annual Hawaii International Conference on System Sciences. doi:10.1109/HICSS.2006.68

Webster, J., & Watson, R. T. (2002). Analyzing the Past to Prepare for the Future: Writing a Literature Review. Management Information Systems Quarterly, 26(2), xiii-xxiii. 10.1.1.104.6570

Weill, P., & Ross, J. (2005). A Matrixed Approach to Designing IT Governance. MIT Sloan Management Review. Advance online publication. doi:10.1177/0275074007310556

Weill, P., & Ross, J. W. (2004). IT Governance: How Top Managers Manage IT Decision Rights for Superior Results. Harvard Business Press.

Whittemore, R., Chao, A., Jang, M., Minges, K. E., & Park, C. (2014). Methods for knowledge synthesis: An overview. Heart and Lung: Journal of Acute and Critical Care. 10.1016/j.hrtlng.2014.05.014

Wijaya, S. F., & Kosala, R. R., & Prabowo, H. (2017). Impact of IT governance framework in post-implementation for ERP performance: A literature review. In International Conference on ICT for Smart Society, ICISS 2017 (pp. 1-6). doi:10.1109/ICTSS.2017.8288868

Wilkin, C. L., & Chenhall, R. H. (2010). A review of IT governance: A taxonomy to inform accounting information systems. Journal of Information Systems, 24(2), 107-146. doi:10.2308/jis.2010.24.2.107

Worrell, J. L., Bush, A. A., & Di Gangi, P. M. (2014). Cousins separated by a common language: Perceptions of information technology risk. International Journal of Digital Accounting Research. 10.4192/1577-8517-v14_1

Xenos, M. (2004). Technical Issues Related to IT Governance Tactics: Product Metrics, Measurements, and Process Control. Strategies for Information Technology Governance. doi:10.4018/978-1-59140-140-7.ch009

Xue, Y., Liang, H., & Boulton, W. R. (2008). Information technology governance in information technology investment decision processes: The impact of investment characteristics, external environment, and. Management Information Systems Quarterly, 32(1), 67-96. doi:10.2307/25148829

Yokkhun, A., & Papasratorn, B. (2018). An IT Governance Framework for Virtual Enterprise in Tourism Industry: Evidence from Small Tourism Enterprises in Thailand. International Journal of Innovation and Technology Management, 15(3), 1850023. Advance online publication. doi:10.1142/S0219877018500232

Yudatama, U., Nazief, B. A. A., & Hidayanto, A. N. (2017). Benefits and barriers as a critical success factor in the implementation of IT governance: A literature review. In International Conference on ICT for Smart Society, ICISS 2017 (pp. 1-6). doi:10.1109/ICTSS.2017.8288869

Yudatama, U., Nazief, B. A. A., Hidayanto, A. N., & Mishbah, M. (2017). Factors Affecting Awareness and Attitude of IT Governance Implementation in The Higher Education Institution : A Literature Review. Academic Press.

Zarvić, N., Stolze, C., Boehm, M., & Thomas, O. (2012). Dependency-based IT Governance practices in interorganizational collaborations: A graph-driven elaboration. International Journal of Information Management, 32(6), 541-549. Advance online publication. doi:10.1016/j.ijinfomgt.2012.03.004

Carlos Juiz is a Full Professor of Computer Technology and Architecture at the University of the Balearic Islands (UIB). He has a postgraduate degree in Office Automation from the Polytechnic University of Madrid, Spain. He had several positions related to the computer systems industry. He was visiting researcher at the Department for Computer Science and Business Informatics, University of Vienna, in 2003 and Visiting Associate Professor at Biomedical Informatics Research, in 2011, at Stanford University. Carlos Juiz is heading the ACSIC research group (http://acsic.uib.eu) and his research interest mainly focuses on performance engineering, green computing, and IT governance. Carlos Juiz is a senior member of IEEE, a senior member of ACM, and an Academic Advocate of ISACA (gold member). He is the coordinator of the IT Governance WG within SC 40 at AENOR, the Spanish body in ISO/IEC. Currently, he is co-editor of the ISO/IEC 38503 standard.

Beatriz Gómez received the B.Sc. and M.Sc. degrees in Informatics on 2011 and 2013 respectively from the University of the Balearic Islands (UIB), Spain.Assistant lecturer at the University of the Balearic Islands where she teaches various courses in the area of Architecture and Computer Technology: Information Systems Administration, Large Computer Architecture and Computer Architecture II. Before joining the Department of Computer Sciences of the UIB she served for two years as an analyst and programmer in the technical department and software development of the company Emergency Management of the Balearic Islands (GEIBSAU) and thereafter participated as an engineer and researcher at the Chair Telefónica - UIB: Digital Health and Sustainable Tourism. She belongs to http://acsic.uib.eu research group which currently performs its functions about $R+D+i$ in various projects who has written several articles and has participated in several conferences internationally. Her research covers various topics such as IT Governance, Digital Transformation, e-health, m-health, ICT and tourism and energy efficiency.