Article Preview
Top1. Introduction
In an increasingly digitized economy, organizational decision-makers are confronted with the pervasiveness of IT. Investments in IT form a substantial portion of total investments for many contemporary organizations. For this reason, a focus on the governance and management of IT is warranted, to ensure that the current and future investments in IT are in line with business needs, and all of this at a level of IT-related risk that is appropriate for the organization (De Haes & Van Grembergen, 2015).
Academic research has provided answers on how organizations can implement IT governance. The state-of-the-art view in academia is that IT governance should be implemented as a holistic set of structures, processes, and relational mechanisms (Ali & Green, 2009; De Haes & Van Grembergen, 2009, 2015; Huang, Zmud, & Price, 2010; Peterson, 2004; Prasad, Green, & Heales, 2012; Weill & Ross, 2004). From the practitioner area, guidance has also surfaced. The leading practitioner framework for the governance and management of enterprise IT is developed by ISACA. The COBIT (Control Objectives for Information and Related Technologies) framework is currently in its fifth edition (www.isaca.org/COBIT).
In the realm of shared understanding between distinct types of stakeholders in an organization, the question can be asked whether these different stakeholders evaluate the implementation level of the governance and management of IT mechanisms in a similar fashion. Higher levels of shared understanding in this area would imply that there is a great degree of synergy about the mutual understanding of the implementation of the IT governance framework. This in turn can help organizations to realize the benefits of IT governance in a more consistent way with the desired business goals in mind. This paper sets out to research the effect of functional role on the perceived IT governance implementation level by focusing on three relevant stakeholder groups for IT governance: (1) business, (2) IT, and (3) audit, risk, and compliance stakeholders. Thus, the level of granularity of analysis in this paper is limited to these three distinct groups as collectives (i.e. business functional units are not further separated during analysis). Therefore, this paper puts forward the following research question: “How do (1) business, (2) IT, and (3) audit, risk, and compliance stakeholders evaluate the implementation level of IT governance and IT management mechanisms?”
The results of this analysis will therefore provide insights in the state of the perceived implementation level of enterprise governance and management of IT between these three stakeholder groups and, as a result, insights on the state of shared understanding about IT governance and IT management implementation can be derived. This research is positioned as a first step in the quest through the puzzle of shared understanding about enterprise governance and management of IT. Also, while most of the traditional IT governance and alignment literature mainly includes IT and business functions, we incorporate the audit, risk, and compliance function to shed more enriched insights on the discussion of shared understanding in IT governance implementation.