Академический Документы
Профессиональный Документы
Культура Документы
Department of Industrial Information and Control Systems, KTH, Royal Institute of Technology,
Stockholm, Sweden
if appropriate documentation exists. The internal IT organization efficiency is called IT governance maturity. One might
argue, however, that internal efficiency metrics of the IT organization are of moderate interest only; what really matters is
the external effectiveness of services that the IT organization
delivers to the business. We refer to this latter effectiveness as
IT governance performance.
From a management perspective, the situation is further
complicated by the fact that IT governance performance is not
directly controllable. IT management can define and manage
the internal structure of the IT organization but they can only
hope that this in the end also leads to good IT governance performance as perceived by the business.
Fortunately for IT management, it is reasonable to believe
that an organization that displays a high IT governance maturity also benefits from good IT governance performance. Even
though Croteau & Bergeron (2001) concluded that little
research had previously shown the existence of a direct link
between IT governance and organizational performance, some
progress has been made. A number of studies have focused on
finding different linkages, e.g., Weill and Ross (2004) survey
on how financially top-performing companies manage IT
decision rights, Dahlberg and Lahdelmas (2007) study on IT
governance maturity and the degree of IT outsourcing, and De
Haes and Van Grembergens (2008) research on IT governance
and IT business alignment. The correlation of IT governance
maturity and IT governance performance, however, has never
been analyzed in detail.
RESEARCH HYPOTHESIS
The research presented in this article thus aims at testing the
following research hypothesis:
H1: There exists a positive correlation between IT governance
maturity and IT governance performance.
11
below. A recent addition to the growing number of IT governance frameworks is Val IT (ITGI, 2007b). Val IT takes IT governance onto a higher level of abstraction by providing general
directions on how to manage IT from a business point of view.
The high level of abstraction is however also a limitation, as Val
IT purely focuses on the interface between IT and the business
and lacks the support to represent e.g. the processes of an IT
organization. Val IT takes on where COBIT ends, and the two
frameworks complement each other well.
As described in the introduction, an important distinction can
be made between IT governance maturity and IT governance
performance. The former spans the internal quality of the IT
organization, which at least in principle is under the control of IT
management or a CIO. A maturely governed IT organization is
thus defined as an organization that is efficient and aligned with
state-of-the-practice frameworks such as the ones mentioned
above. The concept of maturity is used also in other disciplines,
including software development. The Software Engineering
Capability Maturity Model, SE-CMM, was created by the Software Engineering Institute of the Carnegie Mellon University in
the late eighties (Humphrey, 1989). It comprises a tool for objectively assessing the ability of government contractors processes
to perform software projects. The term IT governance performance, on the other hand, can rather be seen as the external
objective of IT governance. It describes the effectiveness and
impact of an enterprises IT organization as perceived from a
business point of view. Good IT governance performance is the
desired goal, but it is outside the direct domain of control of the
IT management responsible for achieving it.
As mentioned in the introduction, the main purpose of this
paper is to determine how IT governance maturity and IT
governance performance are correlated. A statistical approach
is chosen where the IT governance maturity is seen as an
aggregate of a set of independent variables and the IT governance performance is a variable potentially dependent on the
maturity. In order to determine the strength of correlations
between maturity and performance, a number of case studies
have been carried out. Before these are discussed, the following two subsections describe IT governance maturity and IT
governance performance in further detail.
IT GOVERNANCE MATURITY
The Control Objectives for Information and related Technology, COBIT is the most well-known framework for IT
governance maturity assessments (Debraceny, 2006;
Guldentops, 2004; Holm Larsen et al, 2006; Ridley et al, 2004;
Van Grembergen & De Haes, 2008; Warland & Ridley, 2005).
It was first issued by the IT Governance Institute, ITGI, in
1998 and has been constantly evolving ever since. COBIT
features a maturity model for IT governance, which follows the
same principles as the Software Engineering Institutes Capability Maturity Model (Humphrey, 1989). The framework
provides a definition of IT governance as consisting of four
12
M. SIMONSSON ET AL.
TABLE 1
Plan and organize IT processes (ITGI, 2007a)
Process name
PO1
PO2
PO3
PO4
PO5
PO6
Communicate management
aims and direction
PO7
PO8
Manage quality
PO9
PO10
Manage projects
Description
Incorporation of IT and business management in the translation of business
requirements into service offerings. Development of strategies to deliver these
services in a transparent and effective manner.
The establishment of an enterprise data model that incorporates a data
classification scheme to ensure the integrity and consistency of all data.
Defining and implementing a technology infrastructure plan, architecture and
standards that recognize and leverage technology opportunities.
Establishing transparent, flexible and responsive IT organizational structures and
defining and implementing IT processes with owners, roles and
responsibilities integrated into business and decision processes.
Effective and efficient IT investment and portfolio decisions, and by setting and
tracking IT budgets in line with IT strategy and investment decisions.
Providing accurate, understandable and approved policies, procedures,
guidelines and other documentation to stakeholders, embedded in an IT
control framework.
Hiring and training personnel, motivating through clear career paths, assigning
roles that correspond with skills, establishing a defined review process,
creating position descriptions and ensuring awareness of dependency on
individuals.
The definition of a QMS, ongoing performance monitoring against predefined
objectives and implementation of a program for continuous improvement of
IT services.
Development of a risk management framework that is integrated in business and
operational risk management frameworks, risk assessment, risk mitigation and
communication of residual risk.
A defined program and project management approach that is applied to IT
projects and enables stakeholder participation in and monitoring of project
risks and progress.
13
TABLE 2
Acquire and implement IT processes (ITGI, 2007a)
Process name
AI1
AI2
AI3
Description
AI4
AI5
Procure IT resources
AI6
Manage changes
AI7
TABLE 3
Deliver and support IT processes (ITGI, 2007a)
Process name
DS1
DS2
DS3
Manage performance
and capacity
DS4
Ensure continuous
service
Ensure systems security
DS5
DS6
DS7
DS8
DS9
DS10
DS11
DS12
DS13
Description
Identifying service requirements, agreeing on service levels and monitoring the
achievement of service levels.
Establishing relationships and bilateral responsibilities with qualified third-party service
providers and monitoring the service delivery to verify and ensure adherence to
agreements.
Meeting response time requirements of SLAs, minimizing downtime, and making
continuous IT performance and capacity improvements through monitoring and
measurement.
Building resilience into automated solutions and developing, maintaining and testing IT
continuity plans.
Defining IT security policies, plans and procedures, and monitoring, detecting, reporting
and resolving security vulnerabilities and incidents.
Complete and accurate capture of IT costs, a fair system of allocation agreed upon by
business users, and a system for timely reporting of IT use and costs allocated.
A clear understanding of IT user training needs, execution of an effective training strategy
and measurement of the results.
A professional service desk function with quick response, clear escalation procedures,
and resolution and trend analysis.
Establishing and maintaining an accurate and complete repository of asset configuration
attributes and baselines, and comparing them against actual asset configuration.
Recording, tracking and resolving operational problems; investigating the root cause of
all significant problems; and defining solutions for identified operations problems.
Maintaining the completeness, accuracy, availability and protection of data.
Providing and maintaining a suitable physical environment to protect IT assets from
access, damage or theft.
Meeting operational service levels for scheduled data processing, protecting sensitive
output, and monitoring and maintaining infrastructure.
14
M. SIMONSSON ET AL.
TABLE 4
Monitor and evaluate IT processes (ITGI, 2007a)
Process name
ME1
ME2
ME3
ME4
Provide IT governance
Description
Monitoring and reporting process metrics and identifying and
implementing
performance improvement actions.
Monitoring the internal control processes for IT-related activities and
identifying improvement actions.
Identifying all applicable laws, regulations and contracts and the
corresponding level of IT compliance and optimizing IT processes to
reduce the risk of non-compliance.
Preparing board reports on IT strategy, performance and risks, and
responding to governance requirements in line with board directions.
IT GOVERNANCE PERFORMANCE
IT governance performance is the quality of the services
that the IT organization delivers, as seen from a business point
of view. A similar, yet broader, discipline is strategic alignment, where Jerry Luftman attempted to provide guidance for
achieving strategic alignment between business and IT in a mid
90s framework. As of today, Luftmans framework has been
applied in 500 case studies (Luftman, 1996; Luftman, Papp &
Brier 1999). Dahlberg and Lahdelma (2007) synthesized IT
governance literature and created another broad definition of
business value delivery from IT. In the early 2000s, MIT
researchers Weill and Ross conducted a large set of case studies on IT governance performance of financially top-performing organizations. Their research method and the findings from
more than 250 organizations were published in a book that is
perhaps the most widely cited work in the field of IT governance today (Weill & Ross, 2004). Weill and Ross defined IT
governance performance as the effectiveness of IT governance
in delivering four objectives weighted by their importance to
the enterprise:
1.
2.
3.
4.
Cost-effective use of IT
Effective use of IT for asset utilization
Effective use of IT for growth
Effective use of IT for business flexibility
OPERATIONALIZATION OF IT GOVERNANCE
MATURITY AND PERFORMANCE
In the previous section, we discussed the difference between
the definitions of IT governance maturity and IT governance
performance. The definitions given by COBIT and Weill and
Ross, respectively, served as a foundation for operationalization.
COBITs IT governance maturity model does however not
provide transparency in the aggregation of separate metrics into
comprehensive maturity scores. The COBIT maturity models
require subjective assessments by auditors and do not take into
account the outcome of the numerous, more objective metrics
also proposed. Since this could affect the validity and reliability
of an IT governance maturity assessment (Simonsson, 2007), we
further operationalized COBIT by linking a maturity model to
objective metrics. Four maturity indicators were identified for
each process, namely the maturity of each activity, the maturity
of metrics monitoring, the maturity of documentation, and the
maturity of roles and responsibility assignment.
TABLE 5
Cohens taxonomy for determination
of correlation strength (Cohen, 1988)
Correlation
Small
Medium
Large
Negative
Positive
0.3 to 0.1
0.5 to 0.3
1 to 0.5
0.1 to 0.3
0.3 to 0.5
0.5 to 1
15
ANALYSIS FRAMEWORK
The purpose of the research reported in this article was to
study the relation between IT governance maturity and IT governance performance based on statistical data. In general, the
choice of method for such studies depends on several criteria,
such as the sample size, the number of independent variables to
analyze, and the degree of normality of the sample. As the
research was based on data collected through face-to-face
interviews and surveys, the number of variables in relation to
the sample size was the main limitation with respect to analysis
framework. Multiple correlation (Cohen, 1988) and Factor
analysis (Mundfrom et al, 2005) are two methods that analyze
cross-dependence between several variables. However, such
multivariate methods typically require between 3 and 50 times
more samples than the number of analyzed variables order to
obtain accurate results (Cohen, 1988; Mundfrom et al, 2005).
Bivariate correlation analysis (Cohen, 1988), on the other
hand, does not require large data sets, as only two variables at
the time are analyzed. Due to the limited number of samples
available, bivariate correlation was therefore chosen for the
analysis framework.
In probability theory and statistics, a bivariate correlation
(hereby denoted correlation) indicates the strength and direction of a linear relationship between two random variables. In
general statistical usage, correlation refers to the departure of
two variables from independence. However, before identifying
a correlation, it needs to be determined whether the data under
evaluation is approximately normally distributed, i.e. parametrical, or not. This can be done using the Kolmogorov-Smirnov
test (Cohen & Cohen, 1983). The test quantifies a distance
between the empirical distribution function of the sample data
and the reference distribution, e.g. a normal distribution. The
smaller the distance, the more the sample data equals a normally distributed dataset.
If the data subjected to analysis does not adhere to a normal
distribution, a number of so-called non-parametrical methods
can be used, e.g., c2, Point biserial correlation, Spearmans r or
Kendalls t (Cohen & Cohen, 1983). The non-parametrical
methods are slightly less powerful than parametric methods if
16
M. SIMONSSON ET AL.
TABLE 6
Null hypotheses and research hypotheses for the correlation between IT governance maturity and IT governance
performance. Taxonomy according to Cohen (1988)
Null hypothesis
Research hypothesis
Research hypothesis
explanation
FIG. 2.
the assumptions underlying the latter are met, but are less
likely to give distorted results when the assumptions fail.
If the data subjected to analysis adheres to a normal distribution, the parametrical Pearson product-moment correlation coefficient, r, is known to be the most accurate measure
for correlation strength (Cohen & Cohen, 1983; Siegel,
1957). This coefficient is obtained by dividing the covariance of the two variables by the product of their standard
deviations.
Several authors have offered guidelines for the interpretation of a correlation coefficient. All such criteria are in some
ways arbitrary and should not be observed too strictly (Cohen,
1988). Nonetheless, Cohen himself suggests a taxonomy for
the determination of correlation strength, c.f. Table 5 (Cohen,
1988).
The article employs an analysis framework built on the concept of Pearson correlation and Cohens taxonomy in order to
analyze how IT governance maturity and IT governance
performance co-vary.
An analysis framework with hypotheses was created
according to Table 6. The hypotheses were to be tested on the
correlation of the IT governance maturity of each of the 34 processes, and the IT governance performance. The purpose of the
analysis was to identify the strength of each process correlation to IT governance maturity.
17
Empirical Foundation
Due to the nature of the study, organizations could not be
randomly selected, but instead had to be selected based on their
willingness to participate and on their geographic location.
However, significant effort was put into finding organizations
from a wide range of industries and of different sizes to make
the results as general as possible.
In total, 13 case study investigators conducted 158 interviews and collected results from 60 surveys in 37 organizations
throughout the study, c.f. Table 7. Two organizations decided
to drop the study without finishing, resulting in 35 useable
cases. In the IT governance maturity part of the case studies, all
participating organizations responded with respect to the Business, IT Management, and IT Operations viewpoints discussed
in the previous section. When possible, also the viewpoints of
Executives (seven cases) and Compliance (seven cases) were
represented. In the IT governance performance part of the case
studies, all participating organizations responded with respect
to the Executive and/or the Business viewpoints. Please also
refer to Table 8.
About 50% of the organizations were multinational with
offices in several countries. All organizations have headquarters in Europe. The number of employees in the investigated
organizations spans from 10 to over 50,000 with a median
value of 2,000. The revenue ranges from 1 M to 480 B, with
a median of 0.46 B. All studies were carried out in 2007 and
2008, except for one of the pilot case studies that was made in
2006.
RESULTS & DISCUSSION
A Kolmogorov-Smirnov test (Cohen & Cohen, 1983)
showed that all data was approximately adhering to a normal distribution and Pearson correlation could therefore be
used for analysis. Confidence intervals on the 0.05 significance level were calculated for each Pearson correlation
coefficient r. According to Cohens (1988) taxonomy, most
correlations r between IT governance maturity for processes
and IT governance performance, are medium positive and
small positive with significance on the 0.05 level. Table 9
displays the H0a, H0b, and H0c hypothesis test results for
each process. Note that due to the focus of this study, Table
9 only details correlations between IT governance maturity
of different processes and IT governance performance. As
expected, there were also numerous and strong crosscorrelations between the IT governance maturity of different processes, c.f. Appendix A.
The next subsections are arranged according to the distinction of domains, c.f. the previous section labeled IT governance. Within each domain, the two processes with the
strongest and weakest correlation to IT governance performance are discussed. We also elaborate on the results for a few
other processes that triggered interesting discussions during the
meetings held with 15 experts in the field.
18
M. SIMONSSON ET AL.
TABLE 7
Characteristics of the organizations under evaluation
Case study
Biotechnology 1*, ***
Construction 1*
Energy 1***
Financial 1*,***,****
Financial 2*,****
Financial 3*,****
Financial 4*,****
Financial 5*,****
Financial 6*,****
Financial 7*,****
Financial 8*,****
Financial 9****
Manufacturing 1*
Manufacturing 2*
Manufacturing 3*
Manufacturing 4*
Manufacturing 5*
Manufacturing 6*
Manufacturing 7*
Municipality 1****
Municipality 2****
Municipality 3****
Municipality 4****
Municipality 5****
Municipality 6****
Municipality 7****
Small organization 1
Small organization 2
Small organization 3
Small organization 4
Small organization 5
Small organization 6
Small organization 7
Telecommunication 1*,***
Telecommunication 2*
Total
Number of
employees
Revenue,
M
Case study
investigator
1200
56000
270
53000
6400
11000
22000
18000
2200
32000
11824
200
45000
15000
900
1300
300
135
900
3700
9500
14000
11000
2300
4000
1900
20
50
25
15
20
30
10
1000
10000
2500
15000
110
480000
11000
213000
171000
210000
171000
161000
66691
1760
5 500
2400
1900
6000
90
200
400
270
600
600
550
200
200
150
2
3
2
3
2
2
1
350
4200
#3
#7
#1
#2
#7
# 10
# 10
# 10
# 12 & 13
# 10
# 10
#7
# 11
#6
# 10
# 10
# 10
# 10
# 10
#6
#6
#6
#6
#6
#6
#6
#8&9
#8&9
#8&9
#8&9
#8&9
#8&9
#8&9
#4&5
#7
IT Governance
maturity, number
of interviews
conducted
IT Governance
performance,
number of surveys
responded
20
3
6
30
3
3
4
3
2
3
3
3
8
3
3
3
3
3
3
2
2
3
4
3
1**
2
2
2
2
2
2
3
2
12
5
158
3
1
1
2
1
2
2
2
1
2
1
1
3
1
1
2
2
3
3
1
1
1
2
5
1
3
1
1
1
1
1
2
1
2
2
60
*The organization is multinational, **five additional mail survey answers per organization were collected in order to determine the IT governance maturity, ***pilot case study, ****revenue is interpreted as the total value of assets under management for financial institutions, and the
total amount of money spent for the (non profit) municipalities.
19
TABLE 8
The representation of different viewpoints in the case studies
Viewpoint
IT governance maturity
IT governance performance
Executives
Business
IT management
IT operations
Compliance, audit,
risk and security
35
35
35
35*
For instance, Executives were interviewed in seven case studies during IT governance maturity assessment. * In 35 case studies, Executives and/or Business viewpoints were obtained when assessing IT governance performance.
20
M. SIMONSSON ET AL.
TABLE 9
The Pearson correlation coefficient, r, between the IT governance maturity of IT processes,
and IT governance performance
Process
PO4
PO8
DS6
AI7
ME1
AI5
ME4
AI1
DS7
AI2
PO9
AI6
DS12
AI3
ME2
PO1
PO5
PO6
PO7
DS11
DS13
PO2
DS2
PO3
DS5
DS4
PO10
ME3
DS8
AI4
DS9
DS3
DS1
DS10
rmin
rmax
0,71** 0,48
0,85
0,71**
0,69**
0,66**
0,64**
0,64**
0,63**
0,62**
0,61**
0,59**
0,59**
0,59**
0,57**
0,56**
0,56**
0,55**
0,55**
0,55**
0,54**
0,53**
0,51**
0,50**
0,50**
0,50**
0,49**
0,49**
0,48**
0,47**
0,47**
0,43*
0,40*
0,35
0,28
0,18
0,85
0,84
0,82
0,80
0,80
0,80
0,80
0,79
0,77
0,78
0,78
0,77
0,75
0,76
0,75
0,75
0,75
0,74
0,75
0,74
0,72
0,72
0,71
0,72
0,72
0,70
0,71
0,71
0,68
0,67
0,63
0,57
0,52
0,48
0,46
0,41
0,38
0,38
0,36
0,35
0,32
0,32
0,30
0,30
0,26
0,27
0,26
0,27
0,26
0,25
0,25
0,21
0,17
0,20
0,19
0,20
0,17
0,17
0,17
0,13
0,12
0,09
0,04
-0,01
-0,08
-0,20
H0a test
(small)
H0b test
(medium)
H0c Test
(strong)
rmin and rmax is the 95% confidence interval of the Pearson correlation coefficient. An X means that the H0 hypothesis is falsified on the
95% level. Else, the H0 hypothesis is not falsified and the H1 hypothesis is valid according to Table 5. *Correlation significant on the 0.05 level.
**Correlation significant on the 0.01 level.
21
22
M. SIMONSSON ET AL.
a number of PhD students. He is secretary of the IFIP Working Group 5.8 on Enterprise Interoperability, technical coordinator of the FP7 Viking project, organizer, program
committee member, and associate editor of several international conferences, workshops and journals. He received his
MSc from the Lund Institute of Technology in 1997 and his
PhD from the Royal Institute of Technology in 2002. He
was appointed professor in 2009.
Mathias Ekstedt is a research associate at the Royal Institute of
Technology (KTH) in Stockholm, Sweden. He is the manger of the program IT Applications in Power System Operation and Control within the Swedish Centre of Excellence in
Electric Power Engineering, which focuses on the application of enterprise architecture in the power industry. He is
the founder of the Enterprise architecture network at the
Swedish Computer Society. He received his MSc and PhD
from the Royal Institute of Technology in 1999 and 2004
respectively.
REFERENCES
Bharadwaj, A.S. (2000). A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation. MIS
Quarterly, 24 (1), 169196.
Clementi, S., & Carvalho, T.C.M.B. (2007). Methodology for IT governance
Assessment and Design. In Proceedings of the 6th IFIP International Conference on e-Commerce, e-Business, and e-Government, Vol. 226 (pp. 189202).
Turku, Finland: Springer, Boston.
Cohen, J. (1988). Statistical Power Analysis for the Behavioral Sciences, 2nd
ed. Hillsdale, NJ: Lawrence Erlbaum Associates.
Cohen, J., & Cohen, P. (1983). Applied Multiple Regression/Correlation Analysis
for the Behavioral Sciences. Hillsdale, NJ: Lawrence Erlbaum Associates.
Croteau, A.-M., & Bergeron, F. (2001). An Information Technology Trilogy:
Business Strategy, Technological Deployment and Organizational Performance. Journal of Strategic Information Systems, 10, 7799.
Cyert, R.M., & March, J.M. (1963). A Behavioural Theory of the Firm.
Malden, Massachusetts: Blackwell Publishers.
Dahlberg, T., & Kivijrvi, H. (2006). An Integrated Framework for IT Governance and the Development and Validation of an Assessment Instrument.
In Proceedings of the 39th Hawaii International Conference on System
Sciences, Hawaii, USA.
Dahlberg, T., & Lahdelma, P. (2007). IT Governance Maturity and IT Outsourcing Degree: An Exploratory Study. In Proceedings of the 40th Hawaii
International Conference on System Sciences, Hawaii, USA.
Debraceny, R.S. (2006). Re-engineering IT Internal Controls - Applying capability Maturity Models to the Evaluation of IT Controls. In Proceedings of
the 39th Hawaii International Conference on System Sciences, Hawaii,
USA.
De Haes, S., & Van Grembergen, W. (2008). Analysing the Relationship
Between IT Governance and Business/IT Alignment Maturity. In
Proceedings of the 41st Hawaii International Conference on System Sciences, Hawaii, USA.
Galbraith, J.R. (2002). Designing Organizationsan Executive Guide to Strategy, Structure and Processes. San Francisco, CA: Jossey-Bass.
Guldentops, E. (2004). Governing Information Technology through COBIT. In
Van Grembergen, W. (Ed.) Strategies for Information Technology Governance. (pp. 269309). Hershey, UK: Idea Group Publishing.
Handel, M.J. (2003). The Sociology of Organizations. Classic, Contemporary
and Critical Readings. Thunder Oaks, CA: Sage Publishing.
Henderson, J.C., & Venkatraman, N. (1993). Strategic Alignment - Leveraging
Information Technology for Transforming Organizations. IBM Systems
Journal, 32 (1), 472485.
Holm Larsen, M., Khn Pedersen, M., & Viborg Andersen, K. (2006). IT
Governance Reviewing 17 IT Governance Tools and Analyzing the Case
of Novozymes A/S. In Proceedings of the 39th Hawaii International Conference on System Sciences, Hawaii, USA.
Humphrey, W. S. (1989). Managing the Software Process. Boston, MA: Addison-Wesley Professional.
IT Governance Institute (ITGI). (2007a). Control Objectives for Information
and Related Technology, 4.1st ed. Rolling Meadows, IL: IT Governance
Institute.
IT Governance Institute (ITGI). (2007b). The Val IT Framework, Rolling
Meadows, IL: IT Governance Institute.
Loh, L., & Venkatraman, N. (1993). Diffusion of Information Technology
Outsourcing: Influence Sources and the Kodak Effect. Information Systems
Research, 3(4), 334359.
Luftman, J.N. (1996). Competing in the Information Age. Oxford, NY: Oxford
University Press.
Luftman, J.N., Papp, R., & Brier, T. (1999). Enablers and Inhibitors of
Business-IT Alignment. Communications of AIS. 1(11). Association for
Information Systems.
March, J.G. (1994). A Primer on Decision-making How Decisions Happen.
New York, NY: The Free Press.
March, J., & Simon, H. (1958). Organizations. Malden, MA: Blackwell Publishers.
Mintzberg, H. (1979). The Structuring of Organizations. Upper Saddle River,
NJ: Prentice Hall.
Mundfrom, D. J., Shaw, D. G., & Ke, T. L. (2005). Minimum Sample Size
Recommendations for Conducting Factor Analyses. International Journal
of Testing, 5(2), 159168.
Office of Government Commerce. (2007). Service Strategy Book. Norwich,
United Kingdom: The Stationery Office.
Peterson, R. (2003). Information Strategies and Tactics for Information Technology Governance. In W. Van Grembergen (Ed.), Strategies for Information
Technology Governance. Hershey, PA: Idea Group Publishing.
Project Management Institute. (2004). A Guide to the Project Management
Body of Knowledge. Third Edition, Project Management Institute.
Ridley, G., Young, J., & Carroll, P. (2004). COBIT and its UtilizationA
Framework from the Literature. In Proceedings of the 37th Hawaii International Conference on System Sciences, Hawaii January 2004.
Ross, J.W., Weill, P., & Robertson, D.C. (2006). Enterprise Architecture as
Strategy. Boston, Massachusetts: Harvard Business School Press.
Sall, M. & Rosenthal, S. (2005). Formulating and Implementing an HP IT Program
Strategy Using COBIT and HP ITSM. In Proceedings of the 38th Hawaii International Conference on System Sciences, Hawaii, USA.
Siegel, S. (1957). Nonparametric Statistics. The American Statistician, 11(3),
1319.
Simonsson, M. & Johnson, P. (2008a). The IT organization modeling and
assessment tool: Correlating IT governance maturity with the effect of IT.
In Proceedings of the 41st Hawaii International Conference on System Sciences, Hawaii, Hawaii, USA.
Simonsson, M., Johnson, P., & Ekstedt, M. (2008b). The IT Organization
Modeling and Assessment Tool for IT Governance Decision Support. In
Proceedings of the 20th International Conference on Advanced Information
Systems Engineering, June 2008, Montpellier, France.
Simonsson, M., Johnson, P., & Wijkstrm, H. (2007). Model-Based IT Governance Maturity Assessments with COBIT. In Proceedings of the European
Conference of Information Systems, June 2007, St Gallen, Switzerland.
Soh, C. & Markus, M. L. (1995). How IT Creates Business Value: A Process.
Theory Synthesis. In Proceedings of the Sixteenth lnternational Conference on lnformation Systems, (pp. 2941). Amsterdam, The Netherlands.
Standish Group. (2004). The CHAOS Study. Retrieved February 29, 2008 from
http://www.standishgroup.com
Statens Offentliga Utredningar. (2004). SOU 2004:130 Svensk Kod fr
Bolagsstyrning. (In Swedish). Stockholm, Sweden: Justitiedepartementet.
Statistical Package for Social Sciences. (2007). The SPSS Software. Retrieved
February 22, 2008 from http://www.spss.com
Tu, W. (2007). Identifying Incentive Factors in IT Governance: An Exploratory
Study. In Proceedings of the 2007 International Conference on Convergence
Information Technology. November 2007, Gyeongju, Korea.
23
PO8
PO9
PO9
,458(*)
,564(**) ,407(*)
,382(*)
0,237
0,342
0,360
,504(**) 0,300
,398(*)
DS8
,373(*)
,368(*)
,479(**) ,400(*)
0,321
,379(*)
,420(*)
,596(**) ,496(**) 1
DS9
DS10
,750(**) 1
DS11
DS12
,403(*)
0,184
0,240
,439(*)
,732(**) ,743(**) ,591(**) ,741(**) ,762(**) ,746(**) ,676(**) ,771(**) ,740(**) ,786(**) ,748(**) ,703(**) ,616(**) ,529(**) ,648(**) ,767(**) ,666(**) ,438(*)
ITGP ,553(**) ,503(**) ,498(**) ,708(**) ,553(**) ,549(**) ,536(**) ,707(**) ,590(**) ,475(**) ,621(**) ,591(**) ,556(**) ,427(*)
0,369
ME4
,723(**) ,726(**) ,602(**) ,741(**) ,815(**) ,648(**) ,729(**) ,657(**) ,778(**) ,758(**) ,728(**) ,645(**) ,587(**) ,553(**) ,712(**) ,696(**) ,600(**) ,363(*)
,389(*)
ME3
,440(*)
,553(**) ,601(**) ,510(**) ,725(**) ,598(**) ,706(**) ,648(**) ,697(**) ,715(**) ,690(**) ,662(**) ,738(**) ,733(**) ,562(**) ,727(**) ,740(**) ,676(**) ,532(**) ,663(**) ,633(**) ,699(**) ,677(**) ,704(**) ,637(**) ,633(**) ,513(**) ,408(*)
ME2
,537(**) ,684(**) ,467(**) ,785(**) ,631(**) ,597(**) ,642(**) ,693(**) ,736(**) ,616(**) ,640(**) ,599(**) ,550(**) ,488(**) ,712(**) ,618(**) ,547(**) ,375(*)
ME1
DS13
ME1
ME2
ME3
ME4
ITGP
DS13 ,536(**) ,652(**) ,622(**) ,678(**) ,734(**) ,487(**) ,662(**) ,549(**) ,663(**) ,667(**) ,661(**) ,690(**) ,661(**) ,502(**) ,667(**) ,712(**) ,558(**) ,502(**) ,551(**) ,546(**) ,691(**) ,757(**) ,637(**) ,376(**) ,624(**) ,496(**) ,580(**) ,564(**) ,712(**) 1
DS12 ,621(**) ,720(**) ,572(**) ,741(**) ,568(**) ,636(**) ,611(**) ,596(**) ,607(**) ,681(**) ,659(**) ,666(**) ,588(**) ,537(**) ,654(**) ,754(**) ,693(**) ,390(**) ,674(**) ,625(**) ,648(**) ,730(**) ,690(**) ,640(**) ,667(**) ,673(**) ,455(*)
,515(**) ,423(*)
,594(**) ,589(**) ,519(**) ,587(**) ,558(**) ,513(**) ,498(**) ,504(**) ,458(**) ,559(**) ,514(**) ,649(**) ,549(**) ,497(**) ,627(**) 1
DS11 ,663(**) ,718(**) ,687(**) ,710(**) ,568(**) ,594(**) ,628(**) ,706(**) ,695(**) ,546(**) ,654(**) ,618(**) ,662(**) ,592(**) ,739(**) ,609(**) ,713(**) ,424(*)
DS10 ,370(*)
,404(*)
0,340
,561(**) ,570(**) ,555(**) ,570(**) ,494(**) ,555(**) ,533(**) ,399(**) ,562(**) ,610(**) ,499(**) ,690(**) ,614(**) ,481(**) ,501(**) ,623(**) ,619(**) ,466(**) ,592(**) ,623(**) ,633(**) ,623(**) ,578(**) ,465(*)
DS9
,597(**) 0,347
,600(**) ,587(**) ,527(**) ,667(**) ,534(**) ,798(**) ,559(**) ,641(**) ,553(**) ,595(**) ,550(**) ,605(**) ,618(**) ,534(**) ,636(**) ,649(**) ,609(**) ,410(**) ,662(**) ,496(**) ,463(**) ,483(**) ,663(**) 1
DS8
0,354
,775(**) ,721(**) ,747(**) ,740(**) ,631(**) ,747(**) ,659(**) ,810(**) ,761(**) ,641(**) ,769(**) ,759(**) ,782(**) ,585(**) ,793(**) ,654(**) ,729(**) ,478(**) ,706(**) ,592(**) ,687(**) ,776(**) 1
DS7
,447(*)
DS7
DS6
,439(*)
,362(*)
DS6
,721(**) ,693(**) ,652(**) ,516(**) ,662(**) ,551(**) ,694(**) ,610(**) ,713(**) ,604(**) ,711(**) ,677(**) ,742(**) ,449(*)
DS5
,676(**) ,813(**) ,619(**) ,708(**) ,697(**) ,565(**) ,686(**) ,674(**) ,724(**) ,590(**) ,743(**) ,668(**) ,598(**) ,545(**) ,723(**) ,644(**) ,634(**) ,558(**) ,669(**) ,640(**) ,794(**) 1
,422(*)
DS4
DS5
,389(*)
,549(**) ,575(**) ,477(**) ,425(**) ,365(**) ,553(**) ,484(**) ,418(**) ,536(**) ,464(**) ,510(**) ,496(**) ,510(**) ,374(**) ,385(**) ,461(**) ,561(**) ,691(**) ,700(**) 1
,356(*)
DS3
DS4
,426(*)
DS3
,506(**) ,415(*)
,736(**) ,750(**) ,622(**) ,682(**) ,661(**) ,780(**) ,858(**) ,611(**) ,824(**) ,593(**) ,794(**) ,748(**) ,762(**) ,650(**) ,684(**) ,605(**) ,711(**) ,499(**) 1
DS2
DS2
,721(**) ,714(**) ,587(**) ,641(**) ,596(**) ,716(**) ,737(**) ,692(**) ,724(**) ,662(**) ,759(**) ,735(**) ,679(**) ,711(**) ,705(**) ,851(**) 1
,640(**) ,728(**) ,545(**) ,740(**) ,733(**) ,689(**) ,750(**) ,730(**) ,746(**) ,762(**) ,782(**) ,792(**) ,645(**) ,748(**) ,760(**) 1
DS1
,650(**) ,656(**) ,605(**) ,798(**) ,767(**) ,731(**) ,754(**) ,739(**) ,814(**) ,632(**) ,806(**) ,816(**) ,768(**) ,762(**) 1
Al6
Al7
DS1
,623(**) ,708(**) ,536(**) ,702(**) ,605(**) ,774(**) ,588(**) ,547(**) ,709(**) ,488(**) ,745(**) ,692(**) ,680(**) 1
Al5
Al6
Al7
,801(**) ,681(**) ,859(**) ,679(**) ,748(**) ,778(**) ,700(**) ,701(**) ,829(**) ,680(**) ,759(**) ,799(**) 1
Al5
Al4
Al4
,709(**) ,702(**) ,705(**) ,738(**) ,804(**) ,808(**) ,782(**) ,660(**) ,778(**) ,726(**) ,866(**) 1
Al3
Al3
Al2
,883(**) ,808(**) ,733(**) ,733(**) ,820(**) ,785(**) ,856(**) ,729(**) ,822(**) ,705(**) 1
Al1
Al2
PO10
Al1
PO10 ,723(**) ,653(**) ,624(**) ,644(**) ,717(**) ,725(**) ,696(**) ,614(**) ,704(**) 1
PO7
PO8
PO7
PO6
PO6
PO5
PO5
,831(**) ,689(**) 1
PO4
PO3
PO4
PO2
PO2
PO3
,799(**) 1
PO1
PO1
APPENDIX A
Pearson Correlation Coefficients for Cross-correlations. * Correlation significant at 0.05 level, ** Correlation significant at 0.01 level.
Copyright of Information Systems Management is the property of Taylor & Francis Ltd and its content may not
be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written
permission. However, users may print, download, or email articles for individual use.