Gaps Between Theory and Practice on IT Governance Capabilities

  • Oscar González-RojasEmail author
  • Juan E. Gómez-Morantes
  • Guillermo Beltrán
Conference paper
Part of the Lecture Notes in Information Systems and Organisation book series (LNISO, volume 26)


Nowadays, Information Technology (IT) governance is a core activity either adopted or at least expected by most organizations, to control the behavior of IT assets. However, this discipline faces a growing gap between the views, priorities and practices of academics and practitioners. This paper presents a consolidated view of capabilities for implementing IT governance within an organization. We evaluated such capabilities in the practice of Colombian companies within the logistics industry. The main gaps that arise when adopting IT governance capabilities are discussed, and research insights are provided for aligning theory and practice.


IT management ICT governance Capability model Business-ICT alignment Risk management 


  1. 1.
    Webb, P., Pollard, C., Ridley, G.: Attempting to define IT governance: wisdom or folly? In: Proceedings of the 39th Hawaii International Conference on System Sciences, pp. 1–10. IEEE (2006)Google Scholar
  2. 2.
    Brown, A., Grant, G.: Framing the frameworks: a review of IT governance research. Commun. Assoc. Inform. Sys. 15, 696–712 (2005)Google Scholar
  3. 3.
    Weill, P.: Don’t just lead, Govern: how top-performing firms govern IT. MIS Q. Exec. 3(1), 1–17 (2004)Google Scholar
  4. 4.
    Giraldo O.L., Herrera, A., Gómez, J. E.: IT Governance State of Art at enterprises in the Colombian Pharmaceutical Industry. In: Quintela Varajão J.E., Cruz-Cunha M.M., Putnik G.D., Trigo A. (eds) ENTERprise Information Systems. CENTERIS 2010. CCIS, vol. 109. Springer, Berlin, HeidelbergGoogle Scholar
  5. 5.
    Jacobson, D.D.: Revisiting IT governance in the light of institutional theory. In: Proceedings of the 42nd Hawaii International Conference on System Sciences, pp. 1–9. IEEE (2009)Google Scholar
  6. 6.
    Willson, P., Pollard, C.: Exploring IT governance in theory and practice in a large multi-national organisation in Australia. Inform. Syst. Manage. 26, 98–109 (2009)CrossRefGoogle Scholar
  7. 7.
    Simonsson, M., Ekstedt, M.: Getting the priorities right: literature vs practice on IT governance. In: Technology Management for the Global Future—PICMET 2006 Conference, pp. 18–26. IEEE (2006)Google Scholar
  8. 8.
    Keyes-Pearce, S.: Rethinking the importance of IT governance in the e-World. In: Proceedings of the 6th Pacific Asia Conference on Information Systems, pp. 256–272. AISeL (2002)Google Scholar
  9. 9.
    Winkler, T., Brown, C.V.: Horizontal allocation of decision rights for on-premise applications and software-as-a-service. J. Manage. Inform. Syst. 30, 13–48 (2014)CrossRefGoogle Scholar
  10. 10.
    Ko, D., Fink, D.: Information technology governance: an evaluation of the theory-practice gap. Corp. Govern. 10, 662–674 (2010)CrossRefGoogle Scholar
  11. 11.
    Winkler, T., Goebel, C., Benlian, A., Bidault, F., Günther, O.: The impact of software as a service on IS authority—a contingency perspective. In: Proceedings of the 32nd International Conference on Information Systems, pp. 1–17. AISeL (2011)Google Scholar
  12. 12.
    Yin, R.K.: Case Study Research: Design and Methods. Sage Publications, Thousand Oaks (2008)Google Scholar
  13. 13.
    Ulrich, W., Rosen, M.: The business capability map: the “rosetta stone” of business/IT alignment. Enterp. Archit. 14 (2011)Google Scholar
  14. 14.
    Eisenhardt, K.M., Martin, J.A.: Dynamic capabilities: what are they? Strateg. Manage. J. 21, 1105–1121 (2000)CrossRefGoogle Scholar
  15. 15.
    Swauger, J.: Is it time for an IT governance audit? EDPACS 47, 1–6 (2013)CrossRefGoogle Scholar
  16. 16.
    González-Rojas, O., Lesmes, S.: GovernIT: a software for decision-making support on automated IT governance models. In: Information Systems Development: Advances in Methods, Tools and Management (ISD2017 Proceedings), pp. 12. AISeL (2017)Google Scholar
  17. 17.
    Westerman, G., Hunter, R.: IT Risk: Turning Business Threats Into Competitive Advantage. Harvard Business School Press, Boston, MA, USA (2007)Google Scholar
  18. 18.
    ISACA: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA (2012)Google Scholar
  19. 19.
    Cervone, F.: ITIL: a framework for managing digital library services. Digit. Libr. Perspect. 24, 87–90 (2008)Google Scholar
  20. 20.
    Fonstad, N.O., Robertson, D.: Transforming a company, project by project: the IT engagement model. MIS Q. Exec. 5, 1–14 (2006)Google Scholar
  21. 21.
    Heart, T., Maoz, H., Pliskin, N.: From governance to adaptability: the mediating effect of IT executives’ managerial capabilities. Inform. Syst. Manage. 27, 42–60 (2010)CrossRefGoogle Scholar
  22. 22.
    Gonzalez-Rojas, O., Beltrán, G., Correal, D.: Measurement of current and potential non-financial business value delivery of IT investments. Information 19, 2869–2874 (2016)Google Scholar
  23. 23.
    Kohnke, A., Shoemaker, D.: Making cybersecurity effective: the five governing principles for implementing practical IT governance and control. EDPACS 52, 9–17 (2015)CrossRefGoogle Scholar
  24. 24.
    ISO: ISO/IEC 38500;2008: Corporate Governance of Information Technology. International Standards Organisation (2008)Google Scholar
  25. 25.
    Jordan, E.: An integrated IT risk model. In: Proceedings of the 9th Pacific Asia Conference on Information Systems: IT & Value Creation, pp. 632–644. AISeL (2005)Google Scholar
  26. 26.
    Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing OCTAVE Allegro: improving the information security risk assessment process (No. CMU/SEI-2007-TR-012) (2007)Google Scholar
  27. 27.
    Héroux, S., Fortin, A.: Exploring IT dependence and IT governance. Inform. Syst. Manage. 31, 143–166 (2014)CrossRefGoogle Scholar
  28. 28.
    González-Rojas, O.: Governing IT services for quantifying business impact. In: Matulevicius, R., Dumas, M. (eds.) Perspectives in Business Informatics Research. BIR 2015. LNBIP, vol. 229, pp. 97–112. Springer, Cham (2015)Google Scholar
  29. 29.
    González-Rojas, O., Lesmes, S.: Value at risk within business processes: an automated IT risk governance approach. In: La Rosa, M., Loos, P., and Pastor, O. (eds.) Business Process Management. BPM 2016. LNCS, vol. 9850, pp. 365–380. Springer, Cham (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Oscar González-Rojas
    • 1
    Email author
  • Juan E. Gómez-Morantes
    • 2
  • Guillermo Beltrán
    • 1
  1. 1.Systems and Computing Engineering DepartmentUniversidad de los AndesBogotáColombia
  2. 2.Systems Engineering DepartmentPontificia Universidad JaverianaBogotáColombia

Personalised recommendations