IT Governance Practices Adoption through an Institutional Perspective: the Perception of Brazilian and American CIOs - paper presented by Edimara M Luciano ate HICSS 2013
IT Governance Practices Adoption through an Institutional Perspective
1. INFORMATION TECHNOLOGY GOVERNANCE
PRACTICES ADOPTION THROUGH AN
INSTITUTIONAL PERSPECTIVE: THE PERCEPTION
OF BRAZILIAN AND AMERICAN CIOS
Gabriela Viale Pereira1,4
Edimara M. Luciano2,4
Marie Anne M. Moron2,4
Vanessa Marques Daniel3,4
1 Doctorate Student; 2 Professor of Graduate Program in Business Administration;
3 Master’s Student
Pontifical Catholic University of Rio Grande do Sul, Bra
2. Context
Increasing levels of Corporate Governance and
Information Technology Governance, meeting
organization and all stakeholder expectations
Organizations share the same aspirations, and the
survival in the same organizational field can be related
to the use of isomorphic mechanisms in the quest of
legitimacy
Institutions need to adopt certain standards in search
of their legitimacy due to the instability present in the
organizational field
3. Motivation
Most studies regarding adopting ITG practices use a
rational view of the factors that influence ITG
The institutional perspective goes beyond
presuppositions such as rationality and efficiency for
the incorporation of norms, rules, and socially
constructed beliefs and their impacts on the behavior
of organizations
The institutional perspective considers the
irrationalities of the organizational context and the
way in which organizations are influenced by this
context
4. Purpose
To identify the influence of institutional factors in the
adoption of ITG practices
5. Theoretical Background: IT Governance
IT Governance is the set of practices, mechanisms and
responsibilities regarding IT decisions in order to
ensure that objectives are achieved while providing
alignment between IT and the business
“[..] processes, structures and relational mechanisms
in the organization that enable both business and IT
people to execute their responsibilities in support of
business/IT alignment and the creation of business
value […]“ (Van Grembergen and De Haes, 2009)
6. Theoretical Background: Institutional Theory
The Institutional Theory studies aspects of the social
structure considering the processes by which these
structures (including plans, rules, norms, and
routines) are established as guidelines for social
behavior (Scott, 2004)
7. Mimetic
isomorphism
Competito
r A
Supplier
A
Custom
er A
Competito
r B
Institutional Theory: isomorphism and stages of
practices adoption
Normative
isomorphism
Coercive
isomorphism
Objetification
Habitualization
Sedimentation
Organizations tend to
create new institutional
arrangements in order to
produce answers for the
organizational problems
detected
The adherence of other
institutions by means of pre-
used structures occurs by
observing other organizations
that have already
incorporated this structure
Is the continuity of
the structure and its
perpetuation for
several generations
of members within
the organization
8. Institutional Theory: stages of institutionalization
Pre-
institutionalization
Semi-
institutionalization
Company
G
Company
I
Company
H
Company
A
Compan
y C
Compan
y B
Institutionalization
Company
I
Company
D
Company
F
Company
E
Company
F
9. Theoretical Model
Coercive
pressures
Normative
pressures
Mimetic
pressures
P1
P2
P3
Organizations
- Expressive
results
- Successful
models
- Acceptance
- Best practices
models
- Legitimacy
- Regulatory
compliance
Institutional factors
Adopting IT
Governance
practices
Organizational context
Regulatory compliance, which means that
institutionalized ITG practices in the
organizational environment are adopted by
coercive pressures in order to obtain
legitimacy by the organizations
P1 The organizations that need legitimacy
adopt institutionalized ITG practices by
coercive pressures
10. Theoretical Model
Coercive
pressures
Normative
pressures
Mimetic
pressures
P1
P2
P3
Organizations
- Expressive
results
- Successful
models
- Acceptance
- Best practices
models
- Legitimacy
- Regulatory
compliance
Institutional factors
Adopting IT
Governance
practices
Organizational context
Best practices models and certifications,
meaning semi-institutionalized ITG practices in
the organizational environment, are adopted by
the organizations because of normative
pressures
P2 The organizations that need acceptance
adopt semi-institutionalized ITG practices
by normative pressures
11. Theoretical Model
Coercive
pressures
Normative
pressures
Mimetic
pressures
P1
P2
P3
Organizations
- Expressive
results
- Successful
models
- Acceptance
- Best practices
models
- Legitimacy
- Regulatory
compliance
Institutional factors
Adopting IT
Governance
practices
Organizational context
Successful models and common beliefs, that
is, pre-institutionalized ITG practices in the
organizational environment, are adopted by
mimetic pressures in order to obtain better
results by the organizations
P3 The organizations that need expressive
results adopt pre-institutionalized ITG
practices by mimetic pressures
13. Research Methodology
Exploratory perspective
Qualitative method for data collection
Data collection instrument :
based on the theoretical model and organized in three
dimensions:
institutionalization processes: tried to identify aspects that influenced
the decision making on the adoption of ITG practices
isomorphic mechanisms: tried to identify the influence of mimetic
mechanisms
institutionalization stages : tried to identify the degree of
institutionalization
composed of six open-ended questions complemented with
closed-ended questions that helped check the consistency of
the answers
14. Research Methodology
Data collection :
The answers from the IT executives in Brazil and the
United States
Answers were received from 12 CIOs in Brazil and 28
CIOs in the U.S. from large and medium-sized
companies
Nine answers from Brazil and 17 from the U.S. were
considered for the study
15. Results
The practices assist the legitimacy and credibility of
companies for their market, while remaining
important to the improvement of the organization
The adoption of ITG practices occurs in different types
of market (among those analyzed), tending to the
semi or full institutionalization stages of the practices
The influence of institutional factors in the decision to
adopt ITG practices in the studied organizations is very
similar between Brazil and the U.S.
16. Results
IT Governance
Habitualization Objectification Sedimentation
Technological
Change
Legislation
Market Forces
Adopted to increase
efficiency
IT Governance
Pre-institutionalization
Occur in homogeneous
organizations
Mimetism: adopted
by competing
organizations
As far as the need for efficiency and
improved business results is concerned,
organizations tend to adopt pre-
institutionalized practices through
mimetic mechanisms, based on the
adoption of ITG practices in similar
organizations (usually competitors), also
to stay competitive, as suggested by the
proposition 3
17. Results
IT
Governance
Habitualization Objectification Sedimentation
Technological
Change
Legislation
Market Forces
Highlight the
concern with
competitors
IT
Governance
Semi-institutionalization
credibility of organizations
compared to the others
Dissemination:
through a social
consensus
When there is need for acceptance by
other organizations, it ends up adopting
standardized ITG practices in the
environment in which it operates as best
practices models for achieving
certification, and it does so through
regulatory mechanisms, as these
practices are semi-institutionalized, as
discussed in proposition 2
18. Results
IT
Governance
Habitualization Objectification Sedimentation
Technological
Change
Legislation
Market Forces
SOX: Brazil and
U.S
IT
Governance
Technological
Change
Full institutionalization
heterogeneous environments: normative
or coercive mechanisms (rules and laws)
Focus: increased
legitimacy and
credibility
When the organization needs legitimacy in
the target market (customers, suppliers
and competitors) it adopts institutionalized
ITG practices (legal aspects, regulatory
compliance), due to coercive pressures, in
order to gain credibility and recognition by
others, as suggested by the proposition 1
19. Conclusions
The analysis of the collected data indicates that both
Brazilian and American CIOs, to a certain extent, share
the same view regarding the reasons how IT managers
decide to adopt ITG practices
Based on considerations of these executives, it is
possible to see that there are pressures from the
external environment that influence the adoption of
such practices
The adoption of IT Governance practices, according to
the answers, is more a result of coercive, mimetic or
normative pressures than a rational decision process
20. Thank you!
Information Technology Governance Practices Adoption through an
Institutional Perspective: the Perception of Brazilian and American CIOs
Gabriela Viale Pereira1,4
Edimara M. Luciano2,4
Marie Anne M. Moron2,4
Vanessa Marques Daniel3,4
1 Doctorate Student; 2 Professor of Graduate Programa in Business Administration; 3
Master’s Student; 4 Pontifical Catholic University of Rio Grande do Sul
The authors acknowledge the financial support of CNPq and CAPES, Brazilian
agencies that supported this research and the attendance of this conference.
21. Discussion
Among the possible explanations for the similarity of
responses among American and Brazilian CIOs, some can
be mentioned:
The internationalization of Brazilian companies, which leads
to greater use of international standards
Corporate Governance, widely discussed in Brazil and in the
process of adoption in a large number of companies which
are making efforts to adopt the best international practices
The institutionalization process can lead companies to use
practices which are very similar to each other in order to seek
this homogenization as a way to feel more included in the
business context
The legitimization process occurs with companies and
countries (Brazil is seeking legitimacy through the use of
international standards)
22. Data collection instrument
1 – Regarding IT governance practices, which ones do you consider
important for the organization you work today? Please name them.
2 – Considering the decision-making process about IT governance
adoption of those practices that you mentioned above, please
answer and comment (in detail):
What motivated the adoption of these practices in your
organization?
Which aspects were considered to decide about the adoption or not
of those practices?
Did a prioritization occur during the choice of those practices? If so,
how was that prioritization made?
23. Data collection instrument
3 – How much do you agree with each of the following statements, considering their
influence in the decision-making process for IT governance practices adoption?
Please, check your level of agreement: Disagree, Partially disagree, Partially agree, Agree
The main competitors are already using or are in process of adoption of those
practices.
The main customers are already using or are in process of adopting those practices.
The main suppliers already use or are in process of adopting those practices.
Organizations that are using those practices obtained meaningful results.
Those practices contribute to the achievement of desirable certifications for the
organization.
Those practices contribute to the suitability to market segment rules.
Those practices contribute to the achievement of obligatory certifications for the
organization.
Those practices, or mechanisms, contribute to obtain regulatory compliance.
Please, justify the items checked as "Partially agree" or "Agree".
24. Data collection instrument
4 – How much do you agree with each statement below, considering the use of IT
Governance practices?
Please, check your level of agreement: Disagree, Partially disagree, Partially agree, Agree
It can be noticed the practices adoption in a set of similar organizations.
It can be noticed that the practices adoption support problem solving or challenges in
organizations.
There are a number of events about those practices that seek to spread their use.
There are a number of training programs about those practices.
There is a proliferation of publications (books and articles) about those practices.
It can be noticed the practices adoption by organizations with meaningful results.
The market in general already uses or is in adoption process of those practices
There is a market consensus on the importance of practices adoption.
Please, justify the items checked as "Partially agree" or "Agree".
25. Data collection instrument
5 – Social demographic issues
Number of employees in your company (in the US and abroad):
Is your company subjected to regulatory rules (such as the Sarbanes-Oxley)? If so,
which ones?
How long has the company been using IT governance practices?
How many years of experience do you have in IT?
How long have you been carrying out your current position?
What is your education level?
26. Theoretical Background
Scott proposes a definition of institutions based on three
pillars:
Regulative: makes use of mandatory mechanisms, is indicated by
the presence of rules, laws, and penalties, and is legally sanctioned
in relation to its basis for legitimacy
Normative: has social obligation as the basis for compliance,
adequacy as logic, and certification and acceptance as indicators,
pointing to a morally regulated legitimacy
Cognitive: based on the importance of social identities - who
organizations are and how actions make sense for these
organizations
DiMaggio and Powell propose three mechanisms through
which institutional changes occur: coercive isomorphism,
mimetic isomorphism, and normative isomorphism
27. Theoretical Background
Tolbert and Zucker define that the institutionalization
process involves three stages that occur sequentially:
Habitualization (or pre-institutionalization): organizations tend to
create new institutional arrangements in order to produce answers for
the organizational problems detected
Objectification: the adherence of other institutions by means of pre-
used structures occurs by observing other organizations that have
already incorporated this structure
Sedimentation: is the continuity of the structure and its perpetuation
for several generations of members within the organization, and it
relies on the historical continuity of the structure.
Habitualization Objectification Sedimentation
28. Propositions
Regulatory compliance, which means that institutionalized
ITG practices in the organizational environment are
adopted by coercive pressures in order to obtain
legitimacy by the organizations
P1 The organizations that need legitimacy adopt
institutionalized ITG practices by coercive pressures
Coercive
pressures
P1
Organizations
Adopting IT
Governance
practices
29. Propositions
Best practices models and certifications, meaning semi-
institutionalized ITG practices in the organizational
environment, are adopted by the organizations because
of normative pressures
P2 The organizations that need acceptance adopt semi-
institutionalized ITG practices by normative pressures
Normative
pressures
P2
Organizations
Adopting IT
Governance
practices
30. Propositions
Successful models and common beliefs, that is, pre-
institutionalized ITG practices in the organizational
environment, are adopted by mimetic pressures in order
to obtain better results by the organizations
P3 The organizations that need expressive results adopt
pre-institutionalized ITG practices by mimetic pressures
Mimetic
pressures
P3
Organizations
Adopting IT
Governance
practices
31. Results
Practices at the pre-institutionalization
are adopted with the expectation of increased
efficiency
Occur in homogeneous organizations (competitors,
customers and suppliers) due to the proximity and
accessibility of use of the practices.
The dissemination occurs through mimetic
mechanisms based on the practices adopted mainly by
competing organizations, in order to obtain similar
results and to remain competitive in the market.
32. Results
Practices at the semi-institutionalization
Dissemination in heterogeneous environments
through a social consensus on their importance
Highlight the concern with competitors and other
stakeholders, although they seek references on the
performance benefits in the adoption of certain
practices
the market begins to have importance in the
credibility of organizations in comparison to the
others.
33. Results
Practices of full institutionalization
Focus of organizations is on achieving increased
legitimacy and credibility within the target market
occur in heterogeneous environments through
normative or coercive mechanisms, usually to adjust
the rules and laws and to meet the market demands.
This scenario occurs both in Brazil and the U.S. with
regulations such as SOX for publicly traded companies
that have a big influence on companies worldwide
regarding the adoption of ITG practices.
34. Discussion
When the organization needs legitimacy in the target market
(customers, suppliers and competitors) it adopts
institutionalized ITG practices (legal aspects, regulatory
compliance), due to coercive pressures, in order to gain
credibility and recognition by others, as suggested by the
proposition 1
When there is need for acceptance by other organizations, it
ends up adopting standardized ITG practices in the environment
in which it operates as best practices models for achieving
certification, and it does so through regulatory mechanisms,
as these practices are semi-institutionalized, as discussed in
propositions 2
35. Discussion
As far as the need for efficiency and improved business results is
concerned, organizations tend to adopt pre-institutionalized
practices through mimetic mechanisms, based on the adoption
of ITG practices in similar organizations (usually competitors),
also to stay competitive, as suggested by the propositions 3
36. References
[1] Avgerou, C. Information systems and global diversity. Oxford University Press, New York, 2002.
[2] Avgerou, C. IT and organizational change: an institutionalism perspective. Information Technology &
People, 13(4), pp. 234-262, 2000.
[3] Avgerou. The significance of context in information systems and organizational change. Information
Systems Journal, 11, pp.43–63, 2001.
[4] Bardin, L. Análise de Conteúdo. Lisboa: Editions 70; 1977.
[5] Bowen, P., Cheung, M. Y.; Rohde, F. Enhancing IT governance practices: A model and case study of an
organization’s effort. International Journal of Accounting Information Systems, 8, 2007.
[6] Dimaggio, P. J.; Powell, W. W. The iron cage revisited: Institutional isomorphism and collective
rationality in organizational fields. American Sociological Review, 48(2), pp.147-160, 1983.
[7] Flick, Uwe. An Introduction to Qualitative Research. Fourth Edition, London: SAGE Publications Ltd.,
2009.
[8] ITGI (IT Governance Institute). Board briefing on IT governance. 2. ed. 2003. Retrieved December 2,
2010, from http://www.itgi.org/ .
[9] ITGI (IT Governance Institute). About IT Governance.
Retrieved September 18, 2011, from
http://www.itgi.org/template_ITGIa166.html?Section=About_IT_Governance1&Template=/ContentMan
agement/HTMLDisplay.cfm&ContentID=19657
37. References
[12] Liang, H. G.; Saraf, N.; Hu, Q.; Xue,Y. Assimilation of enterprise systems: The effect of
institutional pressures and the mediating role of top management. MIS Quarterly, 31(1), pp.59-87,
2007.
[13] Marrone, M.; Homann, L.; Kolbe, L. M. IT Executives’ Perception of CobiT: Satisfaction,
Business-IT Alignment and Benefits. Proceedings of the Sixteenth Americas Conference on
Information Systems, Lima, Peru, August 12-15, 2010.
[14] Meyer, J. W.; Rowan, B. Institutionalized organizations: formal structures as myth an ceremony.
In: Meyer, J. W.; Scott, W. R. Organizational environments: ritual and rationality. Update Edition.
London: Sage, 1992.
[15] Prasad, Acklesh; Heales, Jon; Green, Peter. A capabilities-based approach to obtaining a deeper
understanding of information technology governance effectiveness: Evidence from IT steering
committees. In: International Journal of Accounting Information Systems, 11, pp.214–232, 2010.
[16] Sambamurthy, V.; Zmud, R. W. Arrangements for information technology governance: A theory
of multiple contingencies. MIS Quarterly, 23(2), pp. 261-290, 1999.
[17] Scott, W. R. Institutional theory P408-14 in Encyclopedia of Social Theory, George Ritzer, ed.
Thousand Oaks, CA: Sage, 2004.
[18] Scott. Institutions and organizations. Thousand Oaks: Sage, 1995.
[19] Teo, H. H.; Wei, K. K.; Benbasat, I. Predicting intention to adopt interorganizational linkages: An
institutional perspective. MIS Quarterly, 27(1), pp.19-49, 2003.
[20] Tolbert, Pamela S.; Zucker, Lynne G.. The Institutionalization of Institutional Theory. In: CLEGG,
S. R.; Hardy, C. e Nord, W. R. (Orgs.) Handbook of Organization Studies. London: Sage, 1996.
[21] Verhoef, C. Quantifying the effects of IT-governance rules. In: Science of Computer
Programming, 67(1), pp. 247–277, 2007.
[22] Weill, P.; Ross, J. IT Governance: How Top Performers Manage IT Decision Rights for Superior