The Social Representation of IT Governance: The Standpoint of IT Professionals.

AutorJoia, Luiz Antonio


Information technology (IT) governance has attracted increasing interest both in the business realm and academia as can be witnessed by the existence of several practical guidelines aiming to provide guidance on the implementation of IT governance (ITG), as well as the significant increase of scientific publications on this issue (Alves, Riekstin, Carvalho, & Vidal, 2013; Brown & Grant, 2005; Joshi, Bollen, Hassink, De Haes, & Van Grembergen, 2018; Lunardi, Macada, Becker, & Van Grembergen, 2017; Raymond, Bergeron, Croteau, & Uwizeyemungu, 2019).

Indeed, market globalization has demanded that organizations ensure the adequacy of their controls to broader and more accountable regulatory frameworks and standards of corporate governance. Thus, since the inception of the Sarbanes-Oxley Act and the consequent need of new processes for the monitoring of companies, ITG was highlighted, which has fostered the need for new practices for IT risk management to be adopted by organizations (Buckby, Best, & Stewart, 2009). Besides the financial risks associated with IT investments and expenses, ITG must also address operational risks accrued from the increasing complexity, sophistication, and dependence of business at large on IT (Alreemy, Chang, Walters, & Wills, 2016; IT Governance Institute, 2003; Papazafeiropoulou & Spanaki, 2016; Van Grembergen, De Haes, & Guldentops, 2004).

Both business and IT executives perceive that to date IT success has not been based on IT per se but on the way it is managed (Ilmudeen, Bao, & Alharbi, 2019; Peterson, 2004; Wu, Straub, & Liang, 2015). For example, after surveying 250 large companies in 23 countries, Weill and Ross (2004; 2005) found that companies that successfully implemented ITG achieved better results than their competitors, mainly due to their ability to make better and more consistent decisions on IT. On the other hand, the rapid development of IT and the wide diffusion of information systems in organizations have made ITG a complex and often misunderstood concept, a fact that can lead ITG initiatives to fail (Abu-Musa, 2007; Asgarkhani, Cater-Steel, Toleman, & Ally, 2017; Haghjoo, 2018).

While several organizations have implemented ITG in the past few years, research into how IT professionals actually understand and perceive this construct is scarce (Mota & Marques, 2013; Teodoro, Przeybilovicz, & Cunha, 2014; Silva, Silveira, Dornelas, & Ferreira, 2020), being this a research gap (Coertze & von Solms, 2014; Mahy, Ouzzif, & Bouragba, 2016; Simonsson & Ekstedt, 2006; Webb, Pollard, & Ridley, 2006; Wilkin & Chenhall, 2010). Thus, a question arises, namely: What is ITG per se? In other words, what is the perception of IT professionals regarding this construct? Do they perceive ITG as the construct is described in academic literature?

One of the significant reasons for rejection of papers submitted to scientific journals is the absence of clearness about the construct under scrutiny (Suddaby, 2010). Kerlinger (1973) characterizes a construct as an idea intentionally and deliberately developed or embraced for a particular scientific reason. In other words, a construct is a conceptual abstraction of a phenomenon that cannot be observed directly. As indicated by Priem and Butler (2001), constructs cannot be reduced to specific perceptions, being otherwise dynamic meanings of observed classifications. These classifications should be adequately powerful to permit academics and practitioners alike to recognize the construct being referred to. Constructs are, consequently, the bedrock of any theory (Eisenhardt, 1989; Suddaby, 2010), which confirms the importance of clearness in their definitions. However, the meaning of a construct is defined from the common sense of a collectivity. As one does not live isolated, but in a social group with which the world is shared, such meaning becomes a social representation, that is, it defines a social reality (Jodelet, 2001; Silva, Camargo, & Padilha, 2011; Silva, Camargo, & Padilha, 2011). That way, social representations have a great potential for clear definition of constructs in the information systems (IS) area, as this area deals directly with the advancements in information technology and so new constructs turn up evenly, leading academics to investigate them most of the time without knowing exactly their actual meanings (Joia & Marchisotti, 2018). Moreover, the application of social representations might confirm (or not) findings accrued from works that have used other methodological approaches. As an example, one can cite the study of Joia and Correia (2018) that compares and discusses critically the CIO competencies obtained via multivariate statistics analysis (Vreuls & Joia, 2012) with the social representation of it from the CIOs' perspective.

Thus, based on what was presented above, this work aims to answer the following research question: What is the social representation of IT governance for IT professionals? To answer this question, this article uses the social representation theory (SRT), which is a "theory of social knowledge" specifically concerned with how individuals, groups, and communities collectively make sense of socially relevant or problematic issues, ideas, and practices (Markova, 2008, p. 483). That way, it is intended to identify the perceptions of IT professionals in relation to the ITG construct--since in most cases this social group is responsible for IT governance initiatives in organizations--in order to compare the social representation obtained with the existing literature to identify cognitive similarities and gaps.

To do that, this article is structured in five sections after this introductory presentation. The second section sets forth the theoretical references used in this work, addressing topics on ITG and social representation theory. The third section describes the methodological procedure followed and, in the fourth section, the aforementioned procedure is applied to generate the social representation of ITG. In the fifth section, the results obtained are compared to the extant literature on the ITG construct definition, the similarities and cognitive gaps between these two strands being duly identified and discussed. In the final section, the academic and managerial implications of this research, its limitations, and further research to be developed on this subject are set forth.


IT governance: A polysemic construct

Brown and Grant (2005), Simonsson and Johnson (2006), Webb, Pollard, and Ridley (2006), Mota and Marques (2013), Teodoro et al. (2014), and Silva, Silveira, Dornelas, and Ferreira (2020), to name just a few, observed that the ITG construct does not seem to be clearly addressed in the vast existing literature on the subject, as it does not have a common meaning for different authors, revealing the existence of a wide range of definitions for this term according to different perspectives. The sundry definitions of ITG have distinct approaches, which vary according to the researcher's objective or the methodological angle adopted (Brown & Grant, 2005; Webb et al., 2006; Silva, Silveira, Dornelas, & Ferreira, 2020).

Webb et al. (2006) identified an overlapping of concepts accrued from the following knowledge areas: ITG, corporate governance, and strategic planning of information systems, suggesting a correlation among these three disciplines.

Many authors see ITG as a senior management concern with the control of the strategic impact of IT (IT Governance Institute, 2006; Ribbers, Peterson, & Parker, 2002; Weill & Ross, 2004; Van Gremberger et al., 2004). Thus, several definitions reflect the pressing need to ensure the alignment of IT with the business strategy and organizational objectives (Alves et al., 2013; Bermejo, Tonelli, Zambalde, Santos, & Zuppo, 2014; Van Gremberger & De Haes, 2009; Van Gremberger et al., 2004; Webb et al., 2006; Weill & Ross, 2004). Besides the IT-business alignment, Van Gremberger, De Haes, and Guldentops (2004) propose three other aspects of ITG: IT business value, IT management, and IT performance management. Webb et al. (2006) added another element to this list, namely IT control and tracking accrued from the tenets of corporate governance. Other authors equate ITG with structures, authority patterns, or responsibilities for decision-making related to IT (Alves et al., 2013; Information Systems Audit and Control Association [ISACA], 2012; IT Governance Institute, 2006; Lunardi, 2008; Peterson, 2004; Simonsson & Johnson, 2006; Weill & Ross, 2004), this vision being corroborated by benchmark institutions on ITG, such as the ITG Institute (ITGI) and the Information Systems Audit and Control Association (ISACA). Moreover, there are authors who associate ITG with relationship processes and skills (Weill & Woodham, 2002; Peterson, 2004; Van Grembergen et al., 2004), in addition to the mechanisms related to decision-making.

In this respect, Peterson (2004) describes the three key dimensions for successful IT governance implementation:

(a) Structures: roles and responsibilities formally defined within organizations for IT decisionmaking, involving the creation of committees to ensure the use of IT in line with the organizational strategy (Sambamurthy & Zmud, 1999).

(b) Processes: defined and implemented according to IT-related good practices frameworks such as the Information Technology Infrastructure Library (ITIL) and the Control Objectives for Information and Related Technology (COBIT). These processes refer to the planning, decisionmaking, and tracking of IT strategies (ITGI, 2003; Webb et al., 2006).

(c) Relationships: information flow between IT and all other corporate areas, including the stakeholders, to ensure the IT alignment with the business requisites. They include IT participation in other business areas, strategic dialogue, shared learning, appropriate communication, and use of incentives and rewards...

Para continuar a ler


VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT