Abstract
This chapter analyses IT governance disclosure for a sample of 12 EU banks (from Italy, Germany, France and Spain) to observe if, how and where banks report on their IT governance issues and to verify if after the crises, banks have started to pay more attention to IT governance. Since IT governance (like other aspects of banking business) can be influenced by the regulatory environment we examine whether any differences in Supervisors’ attitude to IT issues induce differences in IT governance across countries. Regarding IT governance transparency, as a key mechanism of corporate governance, we: i) outline an original IT governance framework; ii) perform a content analysis on banks public disclosure and a selected number of Supervisors’ official documents (2008–2015) to build up IT governance indices; and iii) run a multidimensional analysis to detect causal relationships between variables.
References
Andriole, S. J. (2009). Boards of directors and technology governance: The surprising state of the practice. Communications of AIS, 24(Article 22), 373–394.
Banker, R., Chen, P. Y., Liu, F. C., & Ou, C. S. (2009). Business value of IT in commercial banks. ICIS 2009 Proceedings, 76.
Barry, C. B., & Brown, S. J. (1985). Differential information and security market equilibrium. Journal of Financial and Quantitative Analysis, 20(4), 407–422.
Barry, C. B., & Brown, S. J. (1986). Limited information as a source of risk. Journal of Portfolio Management, 12(2), 66–72.
BCBS. (2013). Principles for effective risk data aggregation and risk reporting. BIS: Basilea.
Beccalli, E. (2007). Does IT investment improve bank performance? Evidence from Europe. Journal of Banking & Finance, 31(7), 2205–2230.
Berger, A. N. (2003). The economic effects of technological progress: Evidence from the banking industry. Journal of Money, Credit, and Banking, 35(2), 141–175.
Bhushan, R. (1989). Collection of information about publicly traded firms: Theory and evidence. Journal of Accounting and Economics, 11(2–3), 183–206.
Bollen, L., Hassink, H., & Bozic, G. (2006). Measuring and explaining the quality of investor relations activities: A multinational empirical analysis. International Journal of Accounting Information Systems, 7(4), 273–298.
Boritz, E., & Lim, J.-H. (2008, August). IT control weaknesses, IT governance and firm performance. Paper presented at the American Accounting Association’s Annual Meeting, Anaheim, California.
Brown, C. V. (1997). Examining the emergence of hybrid IS governance solutions: Evidence from a single case site. Information Systems Research, 8(1), 69–94.
Brown, A., & Grant, G. G. (2005). Framing the frameworks: A review of IT governance research. Communications of AIS, 15, 696–712.
CEA. (2001). The annual report of the council of economic advisors. Washington, DC: The Economics of the President, U.S. Government Printing Office.
Chiasson, M. W., & Davidson, E. (2005). Taking industry seriously in information systems research. MIS Quarterly, 29(4), 591–605.
Chowdhury, A. (2003). Information technology and productivity payoff in the banking industry: Evidence from the emerging markets. Journal of International Development, 15(6), 693–708.
Clarkson, P., Li, Y., & Richardson, G. (2004). The market valuation of environmental expenditures by pulp and paper companies. Accounting Review, 79(2), 329–353.
De Haes, S., & Van Grembergen, W. (2008). An exploratory study into the design of an IT governance minimum baseline through Delphi Research. Communications of AIS, 22(Article 24), 443–458.
De Haes, S., & Van Grembergen, W. (2009). An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management, 26(2), 123–137.
Diamond, D. W., & Verrecchia, R. E. (1991). Disclosure, liquidity, and the cost of capital. The Journal of Finance, 46(4), 1325–1359.
DTCC (2014). Cyber risk – A global system IT great. A white paper to the industry of systemic risk, October.
Easley, D., & O’Hara, M. (2004). Information and the cost of capital. The Journal of Finance, LIX(4), 1553–1582.
EBA. (2015a). Risks and vulnerabilities in the EU financial system. London: EBA.
EBA. (2015b). Risk assessment of the European banking system. London: EBA.
EBA. (2016). Guidelines on ICT risk assessment under the supervisory review and evaluation process (SREP). London: EBA.
ECB. (2016). Report on financial structures, October.
Eldomiaty, T. I., & Choi, C. J. (2006). Corporate governance and strategic transparency: East Asia in the international business systems. Corporate Governance, 6(3), 281–295.
FSB-Financial Stability Board. (2015). 2015 update of list of global systemically important banks (G-SIBs), 3 November.
Fuβ, C., Gmeiner, R., Schiereck, D., & Strahringer, S. (2007). ERP usage in banking: An exploratory survey of the world’s largest banks. Information Systems Management, 24(2), 155–171.
Goldstein, J., Chernobai, A., & Benaroch, M. (2011). An event study analysis of the economic impact of IT operational risk and its subcategories. Journal of the Association for Information Systems, 12(9), 606–631.
Gu, B., Xue, L., & Ray, R. (2008, December). IT governance and IT investment performance: An empirical analysis. Paper presented at the International Conference on Information Systems, Paris, France.
Hadden, L. B., & Hermanson, D. R. (2003, July/August). Is your audit committee watching IT risks? The Journal of Corporate Accounting & Finance, 14(5), 35–39.
Heart, T., Maoz, H., & Pliskin, N. (2010). From governance to adaptability: The mediating effect of IT executives’ managerial capabilities. Information Systems Management, 27(1), 42–60.
Huang, R., Zmud, R. W., & Price, L. R. (2010). Influencing the effectiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, 19(3), 288–302.
Huff, S. L., Maher, P. M., & Munro, M. C. (2006). Information technology and the board of directors: Is there an IT attention deficit? MIS Quarterly Executive, 5(2), 55–68.
ISO/IEC 17999:2005 Information technology – Security techniques – Code of practice for information security management
IT Governance Institute [ITGI]. (2003). Board briefing on IT governance (2nd ed.). Rolling Meadows, IL: IT Governance Institute. Retrieved from http://www.itgi.org
IT Governance Institute [ITGI]. (2008). IT governance global status report, ISBN: 978-1-60420-064-5. Rolling Meadows, IL: IT Governance Institute.
Johnson, K. N. (2015). Cyber risks: Emerging risk management concerns for financial institutions. Georgia Law Review, 50(1), 131.
Jordan, P. E., & Musson, D. (2004). Corporate governance and IT governance: Exploring the board’s perspective. Retrieved from http://ssrn.com/abstract=787346
Jordan, E., & Silcock, L. (2005). Beating IT risks. West Sussex, UK: Wiley.
Joshi, A., Bollen, L., & Hassink, H. (2013). An empirical assessment of IT governance transparency: Evidence from commercial banking. Information Systems Management, 30(2), 116–136.
Kambil, A., & Lucas, H. (2002). The board of directors and the management of information technology. Communications of AIS, 8(Article 26), 380–391.
Karimi, J., Bhattacherjee, A., Gupta, Y. P., & Somers, T. M. (2000). The effects of MIS steering committees on information technology management sophistication. Journal of Management Information Systems, 17(2), 207–230.
Kim, O., & Verrecchia, R. (1994). Market liquidity and volume around earnings announcements. Journal of Accounting and Economics, 17(1–2), 41–67.
Korac-Kakabadse, N., & Kakabadse, A. (2001). IS/IT governance: Need for an integrated model. Corporate Governance, 1(4), 9–11.
Lang, M. H., & Lundholm, R. J. (1996). Corporate disclosure policy and analyst behaviour. Accounting Review, 71, 467–492.
Li, C., Lim, J.-H., & Wang, Q. (2007). Internal and external influences on IT control governance. International Journal of Accounting Information Systems, 8(4), 225–239.
Loch, K. D., Carr, H. H., & Warkentin, M. E. (1992). Threats to information systems: Today’s reality, yesterday’s understanding. MIS Quarterly, 16(2), 173–186.
Mähring, M. (2006, August). The role of the board of directors in IT governance: A review and agenda for research. Paper presented at the Twelfth Americas Conference on Information Systems, Acapulco, Mexico.
Mata, F. J., Fuerst, W. L., & Barney, J. B. (1995). Information technology and sustained competitive advantage: A resource-based analysis. MIS Quarterly, 19(4), 487–505.
McKinsey Global Institute. (2001). U.S. productivity growth 1995-2000: Understanding the contribution of information technology relative to other factors. Washington, D.C.: McKinsey Global Institute.
Merhout, J. W., & Havelka, D. (2008). Information technology auditing: A value-added IT governance partnership between IT management and audit. Communications of AIS, 23(Article 26), 463–482.
Millar, C., Eldomiaty, T., Choi, C., & Hilton, B. (2005). Corporate governance and institutional transparency in emerging markets. Journal of Business Ethics, 59(1), 163–174.
Nolan, R., & McFarlan, F. W. (2005). Information technology and board of directors. Harvard Business Review, 83(October), 96–106.
OECD. (1999). OECD principles of corporate governance. Paris: OECD.
OECD. (2004). OECD principles of corporate governance. Paris: OECD.
Pardo, C., Pino, F. J., GarcĂa, F., Piattini, M., Baldassarre, M. T., & Lemus, S. (2011, June). Homogenization, comparison and integration: a harmonizing strategy for the unification of multi-models in the banking sector. In International Conference on Product Focused Software Process Improvement (pp. 59–72). Berlin: Springer .
Parent, M., & Reich, B. H. (2009). Governing information technology risk. California Management Review, 51(3), 134–152.
Peterson, R. (2004). Crafting information technology governance. Information Systems Management, 21(4), 7–22.
Prasad, A., Heales, J., & Green, P. (2009). Towards a deeper understanding of information technology governance effectiveness: A capabilities-based approach. Paper presented at the International Conference on Information Systems, Phoenix, Arizona, USA.
Premuroso, R. F., & Bhattacharya, S. (2007). Is there a relationship between firm performance, corporate governance, and a firm’s decision to form a technology committee? Corporate Governance: An International Review, 15(6), 1260–1276.
Raghupathi, W. R. (2007). Corporate governance of IT: A framework for development. Communications of the ACM, 50(8), 94–99.
Sambamurthy, V., & Zmud, R. W. (1999). Arrangements for information technology governance: A theory of multiple contingencies. MIS Quarterly, 23(2), 261–291.
Sambamurthy, V., Venkataraman, S., & Desanctis, G. (1993). The design of information technology planning systems for varying organizational contexts. European Journal of Information Systems, 2(1), 23–35.
Spremić, M. (2009). IT governance mechanisms in managing IT business value. WSEAS Transactions on Information Science and Applications, 6(6), 906–915.
SSG. (2010). Observations on developments in risk. Appetite frameworks and IT infrastructure, SSG.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22(4), 441–469.
Takemura, T., Ukai, Y., & Nagaoka, H. (2005). Disclosure and circumstances concerning information system assets. In Y. Ukai (Ed.), Economic analysis of information system investment in banking industry (pp. 107–125). Tokyo: Springer.
Taplin, R. (2016). Managing cyber risk in the financial sector: Lessons from Asia, Europe and the USA. Routledge, London.
Trites, G. (2004). Director responsibility for IT governance. International Journal of Accounting Information Systems, 5(2), 88–99.
Van Grembergen, W., & De Haes, S. (2004). IT governance and its mechanisms. Information Systems Control Journal, 1, 1–7.
Van Grembergen, W., & De Haes, S. (2009). Enterprise governance of information technology: Achieving strategic alignment and value. New York: Springer.
Vanstraelen, A., Zarzeski, M. T., & Robb, S. (2003). Corporate nonfinancial disclosure practices and financial analyst forecast ability across three European countries. Journal of International Financial Management & Accounting, 14(3), 249–279.
Webb, P., Pollard, C., & Ridley, G. (2006, January). Attempting to define IT governance wisdom or folly? Paper presented at the 39th Hawaii International Conference on System Sciences, Kauai, Hawaii.
Weber, S. (1985). Basic content analysis. Beverly Hills, CA: Sage Publications.
Weill, P., & Ross, J. (2004). IT governance, how top performers manage IT decision rights for superior results. Boston, MA: Harvard Business School Press.
Willson, P., & Pollard, C. (2009). Exploring IT governance in theory and practice in a large multi-national organisation in Australia. Information Systems Management, 26(2), 98–109.
Xue, Y., Liang, H., & Boulton, W. R. (2008). Information technology governance in information technology investment decision processes: The impact of investment characteristics, external environment, and internal context. MIS Quarterly, 32(1), 67–96.
Xue, L., Ray, G., & Gu, B. (2011). Environmental uncertainty and IT infrastructure governance: A curvilinear relationship. Information Systems Research, 22(2), 389–399.
Zhu, K., Kraemer, K. L., Xu, S., & Dedrick, J. (2004). Information technology payoff in e-business environments: An international perspective on value creation in the financial services industry. Journal of Management Information Systems, 21(1), 17–54.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Leo, S., Panetta, I.C. (2018). IT Governance: Who Cares More? First Evidence from EU Banks and Supervisors. In: DĂaz DĂaz, B., Idowu, S., Molyneux, P. (eds) Corporate Governance in Banking and Investor Protection. CSR, Sustainability, Ethics & Governance. Springer, Cham. https://doi.org/10.1007/978-3-319-70007-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-70007-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70006-9
Online ISBN: 978-3-319-70007-6
eBook Packages: Business and ManagementBusiness and Management (R0)