Research on IT Governance, Risk, and Value: Challenges and Opportunities

This theme issue of the Journal of Information Systems sees the publication of seven papers that cover a variety of facets of research on the governance of information technology. IT governance (ITG) is the process by which organizations seek to ensure that their investment in information technology facilitates strategic and tactical goals. IT governance is a subset of broader corporate governance, focusing on the role played by information technology within the organization. There are several important dimensions of ITG. Arguably the most important element of ITG is the design of decision rights and organizational structures. What role do governing bodies, such as the Board of Directors, play in the oversight and direction of IT? What roles and responsibilities for IT does the governing body assume and what is delegated to senior and operational management? How is IT to be structured within the organization? Is the provision of IT to be centrally organized within a single, functional IT organizational unit? Or, perhaps, is provision of IT to be largely distributed to operational or administrative units within the organization? Other dimensions of ITG, as noted by Wilkin and Chenhall (2010), include strategic alignment between organizational goals and needs and IT outcomes; management of risk; value delivery; and measurement of performance. ITG has become more important within organizations as the important role that IT plays in adding organizational value has become increasingly clear (Brynjolfsson and Saunders 2010; Masli et al. 2011; Tambe and Hitt 2012). Investment in IT is a significant proportion of current and capital spending in most industries, giving additional impetus to ITG. IT is also subject to high levels of environmental instability. How are organizations to respond to the insourcing/outsourcing nexus, cloud computing, virtualization, and mobile computing among other environmental challenges? Equally, the compliance requirements arising from overall (e.g., SOX) and industry (e.g., HIPAA, Basel II, PCI) regulatory regimes have given an added impetus to ITG efforts. Given that IT both mitigates risk (e.g., by supporting internal control processes) and creates risk (e.g., by exposure of corporate IT systems to external threats), there is an increased understanding that IT is an important component of enterprise risk management (Parent and Reich 2009; Wilkin and Chenhall 2010). While these challenges are compelling for many organizations and particularly for governing bodies, they are shared by a wide variety of organizations. While there may be entity, industry, or national differences, all entities must address questions such as ‘‘how is IT to be organized?’’ or ‘‘how much of the provision of IT should we move to cloud providers?’’ There are also many aspects of IT provision (e.g., security, enterprise architecture, user management, software

[1]  Paul P. Tallon,et al.  Competing Perspectives on the Link Between Strategic Information Technology Alignment and Organizational Agility: Insights from a Mediation Model , 2011, MIS Q..

[2]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .

[3]  Roger S. Debreceny,et al.  IT Governance and Process Maturity: A Multinational Field Study , 2013, J. Inf. Syst..

[4]  Prasanna Tambe,et al.  The Productivity of Information Technology Investments: New Evidence from IT Labor Data , 2011, Inf. Syst. Res..

[5]  Gary P. Schneider,et al.  The Updated COSO Internal Control - Integrated Framework: Recommendations and Opportunities for Future Research , 2012, J. Inf. Syst..

[6]  James S. Denford,et al.  The Chief Information Officer and Chief Financial Officer Dyad--How an Effective Relationship Impacts Individual Effectiveness and Strategic Alignment , 2012, 2012 45th Hawaii International Conference on System Sciences.

[7]  Mihaela Ulieru,et al.  WIRED for Innovation: How Information Technology is Reshaping the Economy , 2011, Comput. J..

[8]  J. Efrim Boritz,et al.  IS practitioners' views on core concepts of information integrity , 2005, Int. J. Account. Inf. Syst..

[9]  J. Efrim Boritz,et al.  Investigating the Impact of Auditor-Provided Systems Reliability Assurance on Potential Service Recipients , 2002, J. Inf. Syst..

[10]  Acklesh Prasad,et al.  On Governing Collaborative Information Technology (IT): A Relational Perspective , 2013, J. Inf. Syst..

[11]  Jackie Rees Ulmer,et al.  The Association between Top Management Involvement and Compensation and Information Security Breaches , 2013, J. Inf. Syst..

[12]  Shan Ling Pan,et al.  Examining the Strategic Alignment and Implementation Success of a KMS: A Subculture-Based Multilevel Analysis , 2011, Inf. Syst. Res..

[13]  James S. Denford,et al.  The Chief Information Officer and Chief Financial Officer Dyad in the Public Sector: How an Effective Relationship Impacts Individual Effectiveness and Strategic Alignment , 2013, J. Inf. Syst..

[14]  James E. Hunton,et al.  Retraction: Investigating the Impact of Auditor-Provided Systems Reliability Assurance on Potential Service Recipients , 2015, J. Inf. Syst..

[15]  Carla L. Wilkin,et al.  A Review of IT Governance: A Taxonomy to Inform Accounting Information Systems , 2010, J. Inf. Syst..

[16]  Sylvie Héroux,et al.  The Internal Audit Function in Information Technology Governance: A Holistic Perspective , 2013, J. Inf. Syst..

[17]  Lawrence A. Gordon,et al.  Market Value of Voluntary Disclosures Concerning Information Security , 2010, MIS Q..

[18]  Ruey-Shun Chen,et al.  Aligning information technology and business strategy with a dynamic capabilities perspective: A longitudinal study of a Taiwanese Semiconductor Company , 2008, Int. J. Inf. Manag..

[19]  B. Reich,et al.  Governing Information Technology Risk , 2009 .

[20]  Peter F. Green,et al.  Measuring Top Management's IT Governance Knowledge Absorptive Capacity , 2013, J. Inf. Syst..

[21]  Lior Fink,et al.  Exploring the perceived business value of the flexibility enabled by information technology infrastructure , 2009, Inf. Manag..

[22]  Steven De Haes,et al.  COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities , 2013, J. Inf. Syst..

[23]  Moon-Sang Chung,et al.  The Impact of Ubiquitous Factors on Intention to Use Mobile Services , 2007 .

[24]  Vernon J. Richardson,et al.  The Business Value of IT: A Synthesis and Framework of Archival Research , 2011, J. Inf. Syst..

[25]  H. Raghav Rao,et al.  Firms' information security investment decisions: Stock market evidence of investors' behavior , 2011, Decis. Support Syst..

[26]  Paul P. Tallon A Process-Oriented Perspective on the Alignment of Information Technology and Business Strategy , 2007, J. Manag. Inf. Syst..

[27]  Oana Velcu,et al.  Strategic alignment of ERP implementation stages: An empirical investigation , 2010, Inf. Manag..

[28]  Sally Wright,et al.  Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations , 2002, J. Inf. Syst..

[29]  Husnayati Hussin,et al.  IT alignment and firm performance in small manufacturing firms , 2002, J. Strateg. Inf. Syst..