• Artificial Intelligence
  • Generative AI
  • Business Operations
  • Cloud Computing
  • Data Center
  • Data Management
  • Emerging Technology
  • Enterprise Applications
  • IT Leadership
  • Digital Transformation
  • IT Strategy
  • IT Management
  • Diversity and Inclusion
  • IT Operations
  • Project Management
  • Software Development
  • Vendors and Providers
  • United States
  • Middle East
  • Italia (Italy)
  • Netherlands
  • United Kingdom
  • New Zealand
  • Data Analytics & AI
  • Newsletters
  • Foundry Careers
  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Copyright Notice
  • Member Preferences
  • About AdChoices
  • Your California Privacy Rights

Our Network

  • Computerworld
  • Network World
  • Enterprise Buyer's Guides

What is IT governance? A formal way to align IT & business strategy

7 things you should know about IT governance, including choosing a framework and how to ensure a smooth implementation.

Road sign with the word Governance on it

IT governance is a formal framework that provides a structure for organizations to ensure that IT investments support business objectives. The need for formal corporate and IT governance practices across U.S. organizations was fueled by the enactment of laws and regulations, including the Gramm–Leach–Bliley Act (GLBA) and the Sarbanes-Oxley Act , in the 1990 and early 2000s that resulted from the fallout from several high-profile corporate fraud and deception cases.

I reached out to Paul Calatayud, chief technology officer at security management provider FireMon, for his input on IT governance and what’s required for successful implementation. Calatayud leads Firemon’s corporate development program and provides thought leadership regarding product strategy, product management, and research and development. He’s also a SANS Institute instructor and sits on advisory boards for several security-related companies.

1. What is IT governance?

Essentially, IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. A formal program also takes stakeholders’ interests into account, as well as the needs of staff and the processes they follow. In the big picture, IT governance is an integral part of overall enterprise governance.

2. What’s the relationship between IT governance and GRC (governance, risk and compliance)?

According to Calatayud, IT governance and GRC are practically the same thing. “While GRC is the parent program, what determines which framework is used is often the placement of the CISO and the scope of the security program. For example, when a CISO reports to the CIO, the scope of GRC is often IT focused. When security reports outside of IT, GRC can cover more business risks beyond IT.”

[ Related: Learn more about GRC ]

3. Why do organizations implement IT governance infrastructures?

Organizations today are subject to many regulations governing the protection of confidential information, financial accountability, data retention and disaster recovery, among others. They’re also under pressure from shareholders, stakeholders and customers.

To ensure they meet internal and external requirements, many organizations implement a formal IT governance program that provides a framework of best practices and controls.

4. What kind of organization uses IT governance?

Both public- and private-sector organizations need a way to ensure that their IT functions support business strategies and objectives. And a formal IT governance program should be on the radar of any organization in any industry that needs to comply with regulations related to financial and technological accountability. However, implementing a comprehensive IT governance program requires a lot of time and effort. Where very small entities might practice only essential IT governance methods, the goal of larger and more regulated organizations should be a full-fledged IT governance program.

5. How do you implement an IT governance program?

The easiest way is to start with a framework that’s been created by industry experts and used by thousands of organizations. Many frameworks include implementation guides to help organizations phase in an IT governance program with fewer speedbumps.

The most commonly used frameworks are:

  • COBIT : Published by ISACA, COBIT is a comprehensive framework of “globally accepted practices, analytical tools and models” ( PDF ) designed for governance and management of enterprise IT. With its roots in IT auditing, ISACA expanded COBIT’s scope over the years to fully support IT governance. The latest version is COBIT 5 , which is widely used by organizations focused on risk management and mitigation.
  • ITIL : Formerly an acronym for Information Technology Infrastructure Library, ITIL focuses on IT service management . It aims to ensure that IT services support core processes of the business. ITIL comprises five sets of management best practices for service strategy, design, transition (such as change management), operation and continual service improvement.
  • COSO : This model for evaluating internal controls is from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO’s focus is less IT-specific than the other frameworks, concentrating more on business aspects like enterprise risk management (ERM) and fraud deterrence.
  • CMMI : The Capability Maturity Model Integration method, developed by the Software Engineering Institute, is an approach to performance improvement. CMMI uses a scale of 1 to 5 to gauge an organization’s performance, quality and profitability maturity level. According to Calatayud, “allowing for mixed mode and objective measurements to be inserted is critical in measuring risks that are qualitative in nature.”
  • FAIR : Factor Analysis of Information Risk ( FAIR ) is a relatively new model that helps organizations quantify risk. The focus is on cyber security and operational risk, with the goal of making more well-informed decisions. Although it’s newer than other frameworks mentioned here, Calatayud points out that it’s already gained a lot of traction with Fortune 500 companies.

6. How do I choose which framework to use?

Most IT governance frameworks are designed to help you determine how your IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from its investments.

Where COBIT and COSO are used mainly for risk, ITIL helps to streamline service and operations. Although CMMI was originally intended for software engineering, it now involves processes in hardware development, service delivery and purchasing. As previously mentioned, FAIR is squarely for assessing operational and cyber security risks.

When reviewing frameworks, consider your corporate culture. Does a particular framework or model seem like a natural fit for your organization? Does it resonate with your stakeholders? That framework is probably the best choice.

But you don’t have to choose only one framework. For example, COBIT and ITIL complement one another in that COBIT often explains why something is done or needed where ITIL provides the “how.” Some organizations have used COBIT and COSO, along with the ISO 27001 standard (for managing information security).

7. How do you ensure a smooth implementation and positive results?

One of the most important paths to success is with executive buy-in. Calatayud recommends forming a risk management committee with top-level sponsorships and business representation. “To ensure it’s an effective program, it needs to be supported by a broad set of line of business leaders.” He also recommends sharing results with the board or audit committee to “develop real attention when items begin to get ignored.”

As with any significant project, you should always keep communication lines open between various parties, measure and monitor the progress of the implementation, and seek outside help if needed.

More on IT governance:

  • Rethinking IT governance for agility and innovation
  • The keys to effective IT governance in the digital era
  • 7 IT governance myths
  • 7 IT governance mistakes — and how to avoid them
  • What is CGEIT? A certification for seasoned IT governance professionals

Related content

Kyndryl bets on partnerships, consulting arm to redeem itself, what are the main challenges cisos are facing in the middle east, american honda it to fuel innovation with generative ai, 8 revealing statistics about career challenges black it pros face, from our editors straight to your inbox, show me more, copilot: an indispensable tool for banking security teams.


Google integrates Gemini AI into enterprise tools


ESG software: 6 tips for selecting the best fit for your business


CIO Leadership Live India with Sankaranarayanan Raghavan, Chief Technology and Data Officer, IndiaFirst Life


CIO Leadership Live Canada with Parm Sandhu, CIO at Immigrant Services Society of BC


AMB Sports and Entertainment CTO on digitally engaging Atlanta Falcons fans


Building a Foundation for Future GenAI Jobs


Sponsored Links

  • Want to justify your IT investments faster? IDC reports on how to measure business impact.
  • Read this IDC spotlight to learn what commonly prevents value realization – and how to solve it
  • Experience the comprehensive solution that provides end-to-end visibility across applications, infrastructure, and network layers. Plus improve your IT operations and enhance overall business performance. Sign up for a Free Trial and explore the benefits
  • Data, AI, & Machine Learning
  • Managing Technology
  • Social Responsibility
  • Workplace, Teams, & Culture
  • AI & Machine Learning
  • Diversity & Inclusion
  • Big ideas Research Projects
  • Artificial Intelligence and Business Strategy
  • Responsible AI
  • Future of the Workforce
  • Future of Leadership
  • All Research Projects
  • AI in Action
  • Most Popular
  • The Truth Behind the Nursing Crisis
  • Work/23: The Big Shift
  • Coaching for the Future-Forward Leader
  • Measuring Culture

Winter 2024 Issue

The winter 2024 issue features a special report on sustainability, and provides insights on developing leadership skills, recognizing and addressing caste discrimination, and engaging in strategic planning and execution.

  • Past Issues
  • Upcoming Events
  • Video Archive
  • Me, Myself, and AI
  • Three Big Points

MIT Sloan Management Review Logo

A Matrixed Approach to Designing IT Governance

Throughout an organization, individuals make decisions daily that influence the need for and the value received from information technology. A simple one-page framework can help companies allocate IT decision rights and accountabilities so that individual IT decisions align with strategic objectives.

  • IT Governance & Leadership

Every enterprise engages in IT decision making, but each differs considerably in how thoughtfully it defines accountability and how rigorously it formalizes and communicates decision-making processes. Without formal IT governance, individual managers are left to resolve isolated issues as they arise, and those individual actions can often be at odds with each other. Our study of almost 300 enterprises around the world suggests that IT governance is a mystery to key decision makers at most companies. On average, just one in three senior managers knows how IT is governed at his company. (See “About the Research.”) In this case, ignorance is definitely not bliss. When senior managers take the time to design, implement, and communicate IT governance processes, companies get more value from IT.

About the Research

This article is based on two studies led by the authors. The first was a survey of CIOs at 256 enterprises in the Americas, Europe and the Asia/Pacific region on how large enterprises across a wide range of industries — both for profit and not — govern IT. The survey was developed by MIT Sloan’s Center for Information Systems Research in 2001 and distributed throughout 2002, both electronically and on paper, by Gartner Inc. to members of its EXP group and by CISR to participants in executive programs. Gartner additionally contributed to the research by conducting 10 case studies on IT governance. The second study comprised a set of 40 interview-based case studies at large companies such as Johnson & Johnson, Carlson Companies, UPS, Delta Air Lines and ING DIRECT, which examined IT governance in the context of organizational changes such as enterprise resource planning implementations, e-business initiatives, enterprise architecture development and IT-enabled organizational transformations. These cases were developed by CISR researchers and affiliates between 1995 and 2004. To understand how top-performing enterprises governed IT, MIT CISR researchers analyzed the data using both statistical and qualitative analysis. This article draws on and extends the material in P. Weill and J. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results (Boston: Harvard Business School Press, 2004).

While the research did not identify a single best formula for governing IT, one thing is abundantly clear: Effective IT governance doesn’t happen by accident. Top-performing enterprises carefully design governance. In those companies, managers at all levels throughout the enterprise apply that design as they make daily decisions about the use of IT. Further, 60% to 80% of senior executives in those companies have a clear understanding of and can describe their IT governance. In fact, senior management awareness of IT governance is the single best indicator of its effectiveness.

The effectiveness of an enterprise’s or business unit’s IT governance can be assessed by evaluating how well it enables IT to deliver on four objectives: cost-effectiveness, asset utilization, business growth and business flexibility. Our research, which weighed each factor according to its relative importance to each company, showed that governance performance varies significantly across enterprises in an approximately bell-shaped distribution. (See “Assessing IT Governance Performance.”) According to this measure, high IT governance performance correlated with the achievement of other desired measures of success. For example, companies that effectively govern information technology garner profits that are 20% higher than those of other companies pursuing similar strategies. 1 They also achieve higher returns on equity and growth in market capitalization.

Assessing IT Governance Performance

case studies for it governance

View Exhibit

The worksheet below allows you to assess how well your company’s IT governance facilitates its goals. The average score in our sample was 69 out of 100. The top third scored above 74. How does your company compare?

case studies for it governance

Although it cannot be concluded that superior governance performance causes superior financial performance, it can definitely be said that the two measures correlate quite well. It is certainly plausible that the two are linked. Effective governance aligns IT investments with overall business priorities, determines who makes the IT decisions and assigns accountability for the outcomes. IT is inextricable from other key enterprise assets (financial resources, human resources, intellectual property, physical structure and organizational relationships), and its governance overlaps with other enterprisewide governance processes. There is surely a good deal to learn from examining how successful enterprises govern their IT.

How Key IT Governance Decisions Are Made

IT governance encompasses five major decision domains. IT principles comprise the high-level decisions about the strategic role of IT in the business. IT architecture includes an integrated set of technical choices to guide the organization in satisfying business needs. IT infrastructure consists of the centrally coordinated, shared IT services that provide the foundation for the enterprise’s IT capability and were typically created before precise usage needs were known. Business application needs are the business requirements for purchased or internally developed IT applications. Last, prioritization and investment decisions determine how much and where to invest in IT.

Each of these decision areas can be addressed at the corporate, business unit or functional level or some combination of the three. And senior management can hold business unit or IT managers accountable for the related outcomes. Thus, the first step in designing IT governance is to determine who should make and be held accountable for each decision area. (See “Key Issues for Each IT Decision Area.”)

Key Issues for Each IT Decision Area

case studies for it governance

IT governance encompasses five major decision areas. In thinking about who should make and be accountable for these decisions, a number of the questions should be addressed.

case studies for it governance

There are six archetypal approaches to IT decision making, ranging from highly centralized to highly decentralized. Most companies employ a variety of them, using different approaches for different decisions. In a business monarchy — the most centralized approach — a senior business executive or a group of senior executives, sometimes including the CIO, makes all the IT-related decisions for the enterprise. In an IT monarchy, those decisions are made by an individual IT executive or a group of IT executives. In a federal system, C-level executives and business representatives of all the operating groups collaborate with the IT department. This is equivalent to the central government and the states working together. In an IT duopoly, a two-party decision-making approach involves IT executives and a group of business leaders representing the operating units. In a feudal system, business unit or process leaders make separate decisions on the basis of the unit or process needs. And, finally, the most decentralized system is anarchy, in which each individual user or small group pursues his, her or their own IT agenda.

A matrix that juxtaposes the five decision areas against the six archetypal approaches creates on a single page a valuable tool for specifying, analyzing and communicating where IT decisions are made. Take United Parcel Service of America Inc. as an example. (See “IT Governance on One Page.”) UPS’s governance arrangements reflect the company’s commitment to offering total, integrated solutions for customers’ global commerce needs. Senior management accountability for principles and investment decisions ensures that IT issues are incorporated into the company’s strategic decision-making processes. The CIO, who is a member of the senior management team, translates principles and investment decisions into IT architecture and infrastructure (such as standards, policies and processes). Business unit projects, delivered in the context of business and IT principles, define business application needs in a way that both enhances business unit performance and supports corporate objectives. 2

IT Governance on One Page

case studies for it governance

A matrix that juxtaposes the five IT decision domains against five of the six archetypal approaches creates, on a single page, a valuable tool for specifying, analyzing and communicating where IT decisions are made. UPS’s governance is clear and relatively centralized: A subset of the senior management team takes responsibility for defining IT principles and IT investment; the CIO’s team is held accountable for IT architecture and IT infrastructure; and business unit leaders and enterprisewide process managers are responsible for defining business application needs.

case studies for it governance

UPS’s IT governance creates strategic control at the top of the company while empowering decision making at multiple organizational levels. Senior management works to make IT governance transparent so that everyone understands and follows prescribed processes for proposing, implementing and using IT. This limits the role of organizational politics in IT-related decisions and shows in the company’s bottom-line performance.

Governance Mechanisms

Once the types of decisions and the archetypes for making those decisions are mapped out, a company must design and implement a coordinated set of governance mechanisms that managers will work with on a daily basis. Enterprises generally design three kinds of governance mechanisms: (1) decision-making structures, (2) alignment processes and (3) formal communications.

Decision-making structures.

The most visible IT governance mechanisms are the organizational committees and roles that locate decision-making responsibilities according to intended archetypes. Different archetypes rely on different decision-making structures. Anarchies (which are rarely used — or at least rarely admitted to!) require no decision-making structures at all. Feudal arrangements rely on local decision-making structures. But monarchy, federal or duopoly arrangements demand decision-making structures with the representation and authority to produce enterprisewide synergies.

Alignment processes.

Alignment processes are management techniques for securing widespread and effective involvement in governance decisions and their implementation. For example, the IT investment proposal process delineates steps for defining, reviewing and prioritizing IT projects, in determining which projects will be funded. Architecture exception processes provide a formal assessment of the costs and value of project implementations that veer from company standards. Service-level agreements and chargebacks help IT units clarify costs for IT services and instigate discussion of the kinds of services the business requires. Finally, formal tracking of business value from IT forces firms to determine the payback on completed projects, which can help firms focus their attention on generating intended benefits.

Formal communications.

A huge barrier to effective IT governance is lack of understanding about how decisions are made, what processes are being implemented and what the desired outcomes are. Management can communicate governance processes in a variety of ways: general announcements, the institution of formal committees, regular communication from the office of the CIO or the office of IT governance, one-on-one sessions, intranets and so on. Our research indicates that more communication generally means more effective governance.

Well-designed, well-understood and transparent mechanisms promote desirable IT behaviors and individual accountability. For example, UPS has designed four coordinated governance mechanisms to implement the company’s intended governance arrangements: (1) an IT steering committee, comprising four top executives who accept primary responsibility for principles and investment decisions, (2) an IT governance committee of senior IT executives responsible for key architecture decisions, (3) a formal “charter” process that winnows down the entire enterprise’s IT project proposals to those best aligned with strategic objectives and (4) an escalation process to handle exceptions to architecture standards at the appropriate organizational level. These four mechanisms clarify processes and accountabilities so that individuals throughout the company can make decisions that result in desirable behavior as defined at UPS.

How Top Performers Govern

There is no single best model of IT governance. Given different strategies and organizational forms, different enterprises will attempt to encourage different behaviors. Governance arrangements thus can vary from more centralized approaches (most notably monarchies) to more decentralized approaches (most notably feudal designs), with federal and some duopoly designs straddling the two. Similarly, some governance mechanisms support more centralized approaches (such as executive committees and centralized capital approval process). Others support more hybrid approaches (such as business/IT relationship managers and service-level agreements). 3 Decentralized governance designs involve very few mechanisms.

Ultimately, however, effective IT governance should be evident in business-performance metrics. We investigated the IT governance patterns of leaders relative to the following financial performance measures: 4 profit as measured by return on equity (ROE), return on investment (ROI) and percent profit margin; asset utilization as measured by return on assets (ROA); and growth as measured by percent change in revenue per year. It is clear that top-performing companies govern significantly differently from other companies. Even among top performers, governing styles differ according to which performance metric they emphasize. (See “Governance Lessons From Leaders”)

Governance Lessons From Leaders

case studies for it governance

Top-performing companies* govern significantly differently from other companies. Even among top performers, governing styles differ according to which performance metric they emphasize.

case studies for it governance

Centralized Approaches and Profitability

The most profitable companies tend to be centralized in their approach to IT governance. Their strategies emphasize efficient operations. Accordingly, it is desirable for IT governance to encourage a high degree of standardization in the pursuit of low business costs. Key mechanisms include executive committees for decision making, centralized processes for architecture compliance and exceptions, enterprisewide IT investment decision processes, and formal post-implementation assessments of IT-related projects. The United Nations Children’s Fund (UNICEF) is an example.

Although UNICEF is not for profit, its emphasis on cost-effectiveness and rapid organizational learning led it to adopt a centralized IT governance model. UNICEF operates in remote and sometimes dangerous locations, including sites affected by armed conflict, natural disasters and other tragedies. For years, IT at UNICEF supported administrative tasks at headquarters but was nearly nonexistent in the field offices, where the needs of children were directly addressed. In the mid-1990s, senior management recognized that the lack of IT in field offices was handcuffing operations, so the organization, led by CIO Andre Spatz, equipped remote locations with IT services. Spatz worked with other C-level managers to establish priorities and make important trade-offs among features like cost, reliability, speed and accessibility. The result was improved global knowledge, information flow, transparency and communication. Field offices now can serve their constituents based on transaction-level and value-added information that they could not access only a few years ago.

Decentralized Approaches and Growth

The fastest-growing companies are focused on innovation and time to market. They insist on local accountability. They measure success through growth in revenues, which are often generated from products introduced in the last two or three years. These companies seek to maximize responsiveness to local customer needs and minimize constraints on creativity and business unit autonomy by establishing few, if any, enterprisewide technology and business-process standards. Accordingly, they require few governance mechanisms, often relying only on an investment process that identifies high-priority strategic projects and manages risk.

Atlanta-based Manheim Auctions, the U.S. market leader in business-to-business car auctions, recognized during the early years of e-commerce that the Internet would offer opportunities to grow its business. 5 In the late 1990s, Manheim introduced online auction capabilities and experimented with related revenue-generating electronic capabilities. One service, the Manheim Market Report, generated significant value by providing online information on the company’s auctions to car dealers and other industry participants.

To launch its fast-growth online business, the company created an independent business unit, Manheim Online, a subsidiary of Manheim Interactive. Hal Logan, then the CEO of Manheim Interactive, worked with the senior management team to define principles and strategic business requirements. Like most high-growth startups, the company did not tightly govern architecture or infrastructure, focusing instead on managing projects for rapid development. A development team was made responsible for all aspects of each new Manheim Online service rollout: product management, deploying of the Web servers, development of the service and quality assurance of the service.

Manheim’s decentralized approach to IT governance allowed the company to innovate and grow its business base. As the development teams’ focus on speed of delivery became unsustainable in the context of the larger company, Manheim eventually identified a need for more centralized architecture and reusable infrastructure services. Its online business today is integrated into the overall Manheim Auctions business model, relying on a set of shared IT services. Accordingly, IT governance has transitioned to a blend of centralized and decentralized arrangements.

Hybrid Approaches and Asset Utilization

Companies seeking optimal asset utilization attempt to balance the contrasts between governance for profitability and governance for revenue growth and innovation. They focus on using shared services to achieve either responsiveness to customers or economies of scale — or both. Their IT principles emphasize sharing and reuse of processes, systems, technologies and data. Asset utilization demands a hybrid approach to governance, mixing elements of centralized and decentralized governance. Leaders who excel at asset utilization typically rely on duopolies and federal governance design. They introduce governance mechanisms to address the tensions between enterprisewide and local control. Those mechanisms include high-level business-IT relationship managers, service-level agreements and IT chargeback, IT leadership teams comprising business unit IT representatives, and enterprisewide business process teams with IT members. The hybrid approach is common, but it clearly demands a great deal of management attention.

ING DIRECT, the international direct banking unit of Dutch financial services conglomerate ING Groep N.V., takes a hybrid approach to IT governance. 6 ING DIRECT is organized into nine country-based businesses. Each country unit operates autonomously, but the units share a common business model. The bank leverages standardized business solutions as well as standardized technical and infrastructure components, offering a product set featuring savings accounts, term deposits, personal loans/mortgages, retirement savings plans and a few select mutual funds.

ING DIRECT’s IT governance uses duopoly arrangements for all its IT decisions. The key mechanism is the Information Technology and Operations Council (made up of the CIOs and COOs of the country-based businesses and the head office CIO/COO). The Council makes enterprisewide principles, architecture, infrastructure and investment decisions. Its semiannual meetings offer a forum for coordinating ING’s IT plan with the businesses’ mid-term plans. The outcome of this meeting serves as input for the ING DIRECT Council (executive team meeting), where the international business strategy is discussed and defined. In doing so, ING DIRECT allows IT capabilities to influence business strategy just as strategy influences IT.

To facilitate development and reuse of business process modules, ING DIRECT looks to its local businesses for innovations. If a country unit wants to introduce a new product, country managers develop a product proposal detailing financial and business implications and risks. A product committee at the company’s head office approves every new product, based on a thorough and detailed review process involving all business units. The outcome of this selection process is a global standard rather than an isolated local solution. In addition, ING DIRECT’s chief architect helps define application specifications so that the new application modules work effectively with existing modules and fit with the existing business, application and technical architecture. This arrangement supports ING DIRECT’s desirable behaviors of building modules for reuse, standardizing applications and achieving a universally compatible architecture.

Minneapolis-based Carlson Companies Inc. takes a different approach to hybrid IT governance. 7 Carlson is a $20 billion, privately owned conglomerate in the marketing, hospitality and travel business. It has grown through acquisition, with operating groups in relationship marketing services, loyalty programs (Gold Points Reward Network), hotels (Radisson Hotels and Resorts, Regent International Hotels), restaurants (T.G.I. Friday’s Inc.), cruises and travel services.

Traditionally, each Carlson operating group functioned independently and competed with other operating groups. But in 2000, chairman and CEO Marilyn Carlson sought to change that competitive relationship to a collaborative one. CIO Steve Brown, who reports directly to the CEO, was given responsibility for defining the role of IT for the integrated enterprise.

Toward that end, Brown articulated two key principles. First, application development could continue to take place within operating groups, but applications would be presented to users through a shared portal, and, where necessary, data would be shared across business units. Second, Carlson would have a shared IT infrastructure.

To translate these principles into IT architecture, infrastructure, business applications and IT investment decisions, Carlson assigned governance responsibilities to five decision-making structures: the Carlson Technology Architecture Committees (CTAC), which reside in each operating group and take responsibility for meeting the unique needs of each individual business; the Enterprise Architect Organization (EAO), a team of business unit IT representatives that sets corporatewide standards guiding the development efforts of all the operating units; the IT Council, made up of the CTOs and CIOs of each operating group, which meets monthly to talk about new technologies and ways technology can be leveraged across Carlson; the Carlson Shared Services Board, the business unit CIOs and CFOs, who meet to identify opportunities to provide shared IT and financial services to the company; and an Investment Committee, a subset of the Executive Committee, which renders final judgment on all large Carlson Companies investment projects.

With some responsibility for IT decisions being more centralized (investment, for example) and some less centralized (such as business application needs), Carlson’s governance arrangements attempt to maximize opportunities to leverage shared services while minimizing constraints on the unique needs of related but distinct operating requirements across diverse business units. (See “IT Governance at Carlson Companies.”)

IT Governance at Carlson Companies

case studies for it governance

Carlson Companies allocates IT decision making to encourage business unit autonomy while ensuring strategic use of corporate IT funds. Five decision-making mechanisms implement this objective. The IT investment committee, a subset of the senior executive committee, makes IT investment decisions. The CIO is responsible for establishing IT principles, and the CIO’s centralized enterprise architecture organization makes architecture decisions. Carlson uses a duopoly — members of the board of its shared services organization, as well as the CIOs and CTOs of the business units — to make infrastructure decisions. Application needs are feudal, allowing each business unit to meet unique business needs. In addition to these decision-making mechanisms, Carlson benefits from three alignment mechanisms to allocate accountability for daily decisions. First, an architecture exception process relies on the CTAC (Carlson Technology Architecture Committee) in each business unit to either make exception decisions or forward them to the Enterprise Architecture Organization. Second, a services catalog, compiled by the shared services unit, provides a listing of infrastructure services and their prices to help the Carlson Shared Services Board consider changes to infrastructure services. Finally, Carlson’s funding process requires the business unit and the CIO’s office to carefully develop authorization proposals for funding of IT projects as input to the IT funding process.

case studies for it governance

Large, global companies often require the benefits of a hybrid IT governance model to achieve both the synergies emphasized in more centralized models and the autonomy allowed by more decentralized models. In addition to Carlson and ING DIRECT, companies like DuPont, J.P. Morgan Chase and Johnson & Johnson achieve these benefits by implementing IT governance at three levels: the enterprise, the region or group of businesses and the business unit. J.P. Morgan Chase, for example, encourages autonomy in order to generate innovation and recognize the very different requirements of businesses that range from credit cards to investment banking. But the company has instituted some enterprisewide IT principles in order to encourage the use of standardized technologies where they can provide economies of scale. At the division level, J.P. Morgan Chase businesses have introduced governance mechanisms that facilitate sharing of customer data so that business units can, when appropriate, present a single face to the customer. At the individual business unit level, each business can design the IT governance arrangements that best address its own needs for synergy and autonomy.

Companies attempting to realize cost savings by capitalizing on business unit synergies often look to shared services to remove duplication or reduce IT unit costs. DuPont, for example, has an enterprise IT architecture group with representatives from all regions, all strategic business units and all competency centers. This group proposes architecture rules to a team consisting of the corporate CIO and the CIOs of the largest business units. That team makes sure the rules make sense for the businesses and takes responsibility for enforcing architectural standards. Enterprise-level governance mechanisms like DuPont’s establish parameters for IT governance design at lower organizational levels.

Recommendations to Guide Effective IT Governance Design

Effective IT governance demands that senior managers define enterprise performance objectives and actively design governance to facilitate behavior that is consistent with those objectives. Often companies have mature business governance processes to use as a starting point in designing IT governance. 8 For example, the Tennessee Valley Authority piggybacked its IT governance on its more mature business governance mechanisms, such as its capital investment process. The TVA’s IT governance included a project review committee, benchmarking and selective chargeback — all familiar mechanisms from the engineering side of the business. 9

Companies can use the one-page framework of IT governance to help design structures and processes that enhance their strategic use of IT. In order to use the framework effectively, management teams must first establish the context for IT governance. That means clarifying how the company will operate, how the company’s structure will support its operations and what governance arrangements will elicit the desirable behaviors that structure cannot ensure. Governance arrangements generally transcend organizational structure and can be more stable than structure.

IT governance design should encompass four steps:

Identify the company’s needs for synergy and autonomy.

Senior managers are often enamored of the potential to derive business value from synergistic efforts like cross-selling, standard technology platforms or enterprisewide business processes. Management teams should consider realistically both the benefits and costs of such synergies. Synergy-autonomy trade-offs force senior managers to make tough decisions and communicate those decisions throughout the enterprise. Clarifying those decisions establishes the parameters for the design of IT governance and accompanying managerial incentives.

Establish the role of organization structure.

Companies have long relied on organization structure to create the context for achieving organizational objectives. For some time, this resulted in pendulum-like swings between centralized and decentralized organizational forms. Companies eventually pursued both centralization and decentralization simultaneously by introducing more matrixed reporting relationships. However, the complexity of matrices can overwhelm managers and limit effectiveness. By establishing organizational priorities for autonomy and synergy, companies can introduce organizational designs and incentive systems that reinforce their priorities. Governance processes —and related incentives — can then compensate for the limitations and instability of the organizational structure. These governance processes can be easier to design if their objectives are clear and less disruptive to implement.

Identify the desirable IT-related behaviors that fall outside the scope of organizational structures.

Management teams that understand what behaviors organizational structures will enforce can identify the additional behaviors they must promote in order to achieve their objectives. Then, rather than restructuring each time priorities shift, new governance mechanisms can force new behaviors without requiring reorganization. Governance mechanisms can provide organizational stability by demanding disciplined processes. And governance itself appears to become more stable as companies learn good governance practices. 10 Together, organizational structure and IT governance design can allow companies to achieve seemingly conflicting objectives.

For example, even if organizational structures emphasize the autonomy of individual business units, a company can establish IT architecture principles that limit business unit technical choices —and achieve enterprisewide cost objectives. Similarly, IT investment decision processes can direct business unit priorities toward enterprise priorities by approving only projects that support enterprise strategies, even if organizational structures place responsibility for accomplishing project outcomes on business unit managers. Dual incentives are necessary in most companies to motivate senior-level managers to focus on both enterprisewide and business unit goals.

Thoughtfully design IT governance on one page.

When the objectives of IT governance are clear, companies can design IT governance by outlining governance arrangements and then specifying the mechanisms that will implement the intended arrangements. Companies that have not been effective in using IT strategically should expect to invest in organizational learning. Early in the learning cycle, those decision-making mechanisms may involve large numbers of managers.

For example, in the mid-1990s, the senior executive team at Dow Corning Corp. sought to transform IT from back-office function to strategic enabler. 11 The executive committee met regularly for several years to redefine the role of IT, articulate the role of the CIO, establish architectural principles, outline key projects — particularly the implementation of an enterprise system —and closely manage IT investment priorities. Once the full executive committee had entrenched IT as a key function, installed a capable CIO, and gained competence in articulating how IT should enable business strategy, ongoing IT governance responsibilities were assumed by a subset of executive committee members. The ability to reduce the size of the steering committee, indicated that Dow Corning had created sustainable senior management participation in high-level IT management. Making the CIO a member of both the business monarchy and the IT monarchy provided a natural linkage between business and IT strategy. EFFECTIVE IT GOVERNANCE certainly doesn’t happen accidentally. But companies that have followed the steps enumerated above have had demonstrable success designing, communicating and refining IT that creates real business value in their enterprises.

About the Authors

Peter Weill is director of the Center for Information Systems Research and a senior research scientist at the MIT Sloan School of Management. Jeanne Ross is principal research scientist at the Center for Information Systems Research, MIT Sloan School of Management. Contact them at [email protected] and [email protected].

1. P. Weill and J. Ross, “IT Governance: How Top Performers Manage IT Decision Rights for Superior Results” (Boston: Harvard Business School Press, 2004).

2. See J.W. Ross, “United Parcel Service: Delivering Packages and e-Commerce Solutions,” working paper 318, MIT Sloan School of Management, Center for Information Systems Research, Cambridge, Massachusetts, 2001.

3. For a discussion of hybrid governance arrangements, see C.V. Brown and S.L. Magill, “Reconceptualizing the Context-Design Issue for the Information Systems Function,” Organization Science 9, no. 2 (March–April 1998): 176–194.

4. The analysis was adjusted for industry differences so that companies were compared to competitors.

5. For more information see www.manheim.com and R. Woodham and P. Weill, “Manheim Interactive: Selling Cars Online,” working paper 4160-01, MIT Sloan School of Management, Center for Information Systems Research, Cambridge, Massachusetts, August 2001.

6. For a more complete description of governance and architecture at ING DIRECT, see D. Robertson, “ING DIRECT: The IT Challenge (A)” and “ING DIRECT: The IT Challenge (B),” IMD-3-1344 and IMD-3-1345, IMD International, Lausanne, Switzerland 2003.

7. For a more complete description of IT governance at Carlson Companies, see P. Weill and J. Ross, “Mechanisms for Implementing IT Governance,” chap. 4 in “IT Governance: How Top Performers Manage IT Decision Rights for Superior Results” (Boston: Harvard Business School Press, 2004).

8. See V. Sambamurthy and R.W. Zmud, “Arrangements for Information Technology Governance: A Theory of Multiple Contingencies,” MIS Quarterly 23 (June 1999): 261–288. The authors find that corporate governance is one of three important contingencies influencing IT governance arrangements in organizations. The other two contingencies are absorptive capacity and economies of scope.

9. References to TVA excerpted with permission from Gartner. See M. Broadbent and P. Weill, “Effective IT Governance: By Design,” Gartner EXP Premier Report, Gartner Inc., January 2003.

10. In our research, we found that companies with effective governance changed some aspect of governance about once per year, whereas companies with less effective governance changed governance as many as three times per year.

11. J.W. Ross, “Case Study — Dow Corning Corporation: Business Processes and Information Technology,” Journal of Information Technology 14, no. 3 (1999): 253–266.


More like this, add a comment cancel reply.

You must sign in to post a comment. First time here? Sign up for a free account : Comment on articles and get access to many more articles.

  • Browse All Articles
  • Newsletter Sign-Up

Governance →

case studies for it governance

  • 17 Jan 2024
  • Research & Ideas

Are Companies Getting Away with 'Cheap Talk' on Climate Goals?

Many companies set emissions targets with great fanfare—and never meet them, says research by Shirley Lu and colleagues. But what if investors held businesses accountable for achieving their climate plans?

case studies for it governance

  • 09 Jan 2024

Could Clean Hydrogen Become Affordable at Scale by 2030?

The cost to produce hydrogen could approach the $1-per-kilogram target set by US regulators by 2030, helping this cleaner energy source compete with fossil fuels, says research by Gunther Glenk and colleagues. But planned global investments in hydrogen production would need to come to fruition to reach full potential.

case studies for it governance

  • 02 Jan 2024
  • What Do You Think?

Do Boomerang CEOs Get a Bad Rap?

Several companies have brought back formerly successful CEOs in hopes of breathing new life into their organizations—with mixed results. But are we even measuring the boomerang CEOs' performance properly? asks James Heskett. Open for comment; 0 Comments.

case studies for it governance

  • 28 Nov 2023

Economic Growth Draws Companies to Asia. Can They Handle Its Authoritarian Regimes?

The efficiency of one-party governments might seem appealing, but leaders need a deep understanding of a country's power structure and "moral economy," says Meg Rithmire. Her book Precarious Ties: Business and the State in Authoritarian Asia explores the delicate relationship between capitalists and autocrats in the region.

case studies for it governance

  • 07 Nov 2023
  • Cold Call Podcast

How Should Meta Be Governed for the Good of Society?

Julie Owono is executive director of Internet Sans Frontières and a member of the Oversight Board, an outside entity with the authority to make binding decisions on tricky moderation questions for Meta’s companies, including Facebook and Instagram. Harvard Business School visiting professor Jesse Shapiro and Owono break down how the Board governs Meta’s social and political power to ensure that it’s used responsibly, and discuss the Board’s impact, as an alternative to government regulation, in the case, “Independent Governance of Meta’s Social Spaces: The Oversight Board.”

case studies for it governance

  • 06 Jun 2023

The Opioid Crisis, CEO Pay, and Shareholder Activism

In 2020, AmerisourceBergen Corporation, a Fortune 50 company in the drug distribution industry, agreed to settle thousands of lawsuits filed nationwide against the company for its opioid distribution practices, which critics alleged had contributed to the opioid crisis in the US. The $6.6 billion global settlement caused a net loss larger than the cumulative net income earned during the tenure of the company’s CEO, which began in 2011. In addition, AmerisourceBergen’s legal and financial troubles were accompanied by shareholder demands aimed at driving corporate governance changes in companies in the opioid supply chain. Determined to hold the company’s leadership accountable, the shareholders launched a campaign in early 2021 to reject the pay packages of executives. Should the board reduce the executives’ pay, as of means of improving accountability? Or does punishing the AmerisourceBergen executives for paying the settlement ignore the larger issue of a business’s responsibility to society? Harvard Business School professor Suraj Srinivasan discusses executive compensation and shareholder activism in the context of the US opioid crisis in his case, “The Opioid Settlement and Controversy Over CEO Pay at AmerisourceBergen.”

case studies for it governance

  • 02 May 2023

How Should Artificial Intelligence Be Regulated—if at All?

Some AI pioneers say the technology could be a risk to humanity, and some governments have taken steps to rein it in. But who should set the rules and what details must they consider? asks James Heskett. Open for comment; 0 Comments.

case studies for it governance

  • 24 Apr 2023

What Does It Take to Build as Much Buzz as Booze? Inside the Epic Challenge of Cannabis-Infused Drinks

The market for cannabis products has exploded as more states legalize marijuana. But the path to success is rife with complexity as a case study about the beverage company Cann by Ayelet Israeli illustrates.

case studies for it governance

  • 21 Apr 2023

The $15 Billion Question: Have Loot Boxes Turned Video Gaming into Gambling?

Critics say loot boxes—major revenue streams for video game companies—entice young players to overspend. Can regulators protect consumers without dampening the thrill of the game? Research by Tomomichi Amano and colleague.

case studies for it governance

  • 31 Mar 2023

Can a ‘Basic Bundle’ of Health Insurance Cure Coverage Gaps and Spur Innovation?

One in 10 people in America lack health insurance, resulting in $40 billion of care that goes unpaid each year. Amitabh Chandra and colleagues say ensuring basic coverage for all residents, as other wealthy nations do, could address the most acute needs and unlock efficiency.

case studies for it governance

  • 28 Mar 2023

The FDA’s Speedy Drug Approvals Are Safe: A Win-Win for Patients and Pharma Innovation

Expediting so-called breakthrough therapies has saved millions of dollars in research time without compromising drug safety or efficacy, says research by Ariel Stern, Amitabh Chandra, and colleagues. Could policymakers harness the approach to bring life-saving treatments to the market faster?

case studies for it governance

  • 23 Mar 2023

As Climate Fears Mount, More Investors Turn to 'ESG' Funds Despite Few Rules

Regulations and ratings remain murky, but that's not deterring climate-conscious investors from paying more for funds with an ESG label. Research by Mark Egan and Malcolm Baker sizes up the premium these funds command. Is it time for more standards in impact investing?

case studies for it governance

  • 14 Mar 2023
  • In Practice

What Does the Failure of Silicon Valley Bank Say About the State of Finance?

Silicon Valley Bank wasn't ready for the Fed's interest rate hikes, but that's only part of the story. Victoria Ivashina and Erik Stafford probe the complex factors that led to the second-biggest bank failure ever.

case studies for it governance

  • 14 Feb 2023

Does It Pay to Be a Whistleblower?

In 2013, soon after the US Securities and Exchange Commission (SEC) had started a massive whistleblowing program with the potential for large monetary rewards, two employees of a US bank’s asset management business debated whether to blow the whistle on their employer after completing an internal review that revealed undisclosed conflicts of interest. The bank’s asset management business disproportionately invested clients’ money in its own mutual funds over funds managed by other banks, letting it collect additional fees—and the bank had not disclosed this conflict of interest to clients. Both employees agreed that failing to disclose the conflict was a problem, but beyond that, they saw the situation very differently. One employee, Neel, perceived the internal review as a good-faith effort by senior management to identify and address the problem. The other, Akash, thought that the entire business model was problematic, even with a disclosure, and believed that the bank may have even broken the law. Should they escalate the issue internally or report their findings to the US Securities and Exchange Commission? Harvard Business School associate professor Jonas Heese discusses the potential risks and rewards of whistleblowing in his case, “Conflicts of Interest at Uptown Bank.”

case studies for it governance

Is Sweden Still 'Sweden'? A Liberal Utopia Grapples with an Identity Crisis

Changing political views and economic forces have threatened Sweden's image of liberal stability. Is it the end of the Scandinavian business-welfare model as we know it? In a case study, Debora Spar examines recent shifts in Sweden and what they mean for the country's future.

case studies for it governance

  • 17 Jan 2023

Nestlé’s KitKat Diplomacy: Neutrality vs. Shared Value

In February 2022, Russia invaded Ukraine, and multinational companies began pulling out of Russia, in response. At Switzerland-based Nestlé, chief executive Mark Schneider had a difficult decision to make. Nestlé had a long tradition of neutrality that enabled it to operate in countries regardless of their political systems and human rights policies. But more recently the company had embraced Michael Porter’s “shared value” paradigm, which argues that companies have a responsibility to improve the business community and the health of their communities. What should Schneider do? Professor Geoffrey Jones discusses the viability of the shared value concept and the social responsibility of transnational corporations today in the case, “Nestlé, Shared Value and Kit Kat Diplomacy.”

case studies for it governance

  • 04 Oct 2022

Cold Call: Corporate Governance and Growth Strategy at Capital SAFI

Jorge Quintanilla Nielsen started the independent asset management firm Capital SAFI in 2007. Now a leader in Bolivia’s closed-end funds industry with a total of $430 million in assets under management, Quintanilla planned to expand into other countries, like Peru and Colombia. He knew that governance would be one of the main aspects potential partners would evaluate. Capital SAFI’s board had evolved over time with the establishment of a governance committee, an assessment process for the board, professional development offerings for board members, tools to manage governance risk, and succession plans for board members and company executives. Would local and foreign investors be impressed by those measures or were additional improvements needed? Professor V. G. Narayanan discusses the importance of corporate governance in his case, “Building the Governance to Take Capital SAFI to the Next Level.”

case studies for it governance

  • 20 Sep 2022

How Partisan Politics Play Out in American Boardrooms

The discord gripping the nation has reached the heights of corporate America, with costly consequences for companies and investors. Research by Elisabeth Kempf shows just how polarized the executive suite has become.

case studies for it governance

  • 06 Sep 2022

Curbing an Unlikely Culprit of Rising Drug Prices: Pharmaceutical Donations

Policymakers of every leaning have vowed to rein in prescription drug costs, with little success. But research by Leemore Dafny shows how closing a loophole on drugmaker donations could eliminate one driver of rising expenses.

case studies for it governance

  • 01 Sep 2022

Is It Time to Consider Lifting Tariffs on Chinese Imports?

Many of the tariffs levied by the Trump administration on Chinese goods remain in place. James Heskett weighs whether the US should prioritize renegotiating trade agreements with China, and what it would take to move on from the trade war. Open for comment; 0 Comments.

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

  • View all journals
  • My Account Login
  • Explore content
  • About the journal
  • Publish with us
  • Sign up for alerts
  • Open access
  • Published: 10 March 2023

The moderating role of information technology governance in the relationship between board characteristics and continuity management during the Covid-19 pandemic in an emerging economy

  • Faozi A. Almaqtari   ORCID: orcid.org/0000-0002-5625-3643 1 ,
  • Najib H. S. Farhan 2 ,
  • Hamood Mohammed Al-Hattami   ORCID: orcid.org/0000-0001-6290-1697 3 &
  • Tamer Elsheikh 1 , 4  

Humanities and Social Sciences Communications volume  10 , Article number:  96 ( 2023 ) Cite this article

2446 Accesses

9 Citations

2 Altmetric

Metrics details

  • Business and management
  • Library science

The main aim of the current study is to investigate the relationship between governance characteristics, information technology governance, and continuity management during Covid-19 in an emerging economy. The study also examines the moderating role of information technology governance in the relationship between governance characteristics and business continuity management. The quantitative approach is used by utilising a survey questionnaire. A sample of 232 questionnaire surveys has been collected from the board of directors, top and middle management executives, external auditors, information technology experts, and some other respondents. The results were estimated using structural equation modelling. The results indicate that information technology governance has a statistically significant effect on business continuity. Board size, board independence, audit committee independence, audit committee diligence, and external audit have a statistically significant positive effect on information technology governance. Further, the results indicate that information technology governance significantly moderates the effect of board size, board independence, board diligence, audit committee independence, audit committee diligence, and external audit on business continuity. However, information technology governance does not moderate the relationship between board committees and business continuity, which indicates less board involvement in information technology governance. The current research provides insight into the role of information technology governance in business continuity management during crises. The present study provides a unique contribution as it investigates the relationship between corporate governance characteristics, information technology governance, and business continuity management during Covid-19, providing empirical evidence from an emerging country.


The coronavirus pandemic has caused a substitutional business disruption. Some firms may be forced to close permanently due to this disruption (Kaushik & Guleria, 2020 ). The pandemic created new challenges for global consumers, leading to the use of digital technology (Al Halbusi et al., 2022 ; Cifuentes-Faura, 2020 ). It also impacted psychological health and quality of life (Aqeel et al., 2022 ; Farzadfar et al., 2022 ; NeJhaddadgar et al., 2022 ; Yu et al., 2022 ; Zhou et al., 2022 ; Su et al., 2022 ; Hossain et al., 2020 ; Dong et al., 2021 ; Nueangnong et al., 2020 ). The Covid-19 pandemic triggered an economic crisis and a public health emergency, jeopardising energy efficiency consumption, long-term food diversity, and household nutrition security (Zhuang et al., 2022 ; Zafar et al., 2022 ; Jiakui et al., 2023 ; Hossain et al., 2020 ; Cifuentes-Faura, 2021b ). It has consistently influenced environmental behaviour by reducing income and disrupting economies (Geng et al., 2022 ). Most business operations across industries and sectors, including manufacturing, services, global supply chains, commercials, travelling, hospitality, cargo traffic, tourism, and education, have either halted or slowed dramatically and significantly (Barua, 2020 ).

Further, as the Covid-19 pandemic spreads, and it is unlikely to unfold, some firms will need years to recover (Kaushik & Guleria, 2020 ). This increases the business risk and affects business continuity (BC), which is becoming increasingly fragile (Zsidisin et al., 2005 ). Business continuity management (BCM) seeks to identify these risks to plan for, avoid, or limit them and keep business operations and services running smoothly (Gibb & Buchanan, 2006 ). Herbane et al. ( 2004 ) indicate that BCM is a socio-technical strategy focusing on anticipating potential continuity issues for retaining the organisation’s value. Information technology (IT) is one of the most crucial aspects of BCM. Business enterprises increasingly rely on technology and their ability to integrate IT resources effectively with other organisational and administrative tasks (Lindström et al., 2010 ; Li et al., 2022 ).

In Jordan, a survey has been conducted by Kebede et al. ( 2021 ), comprising 2039 enterprises from different geographical regions and industries. The survey found that most businesses reported decreasing demand for their products and services, resulting in revenue declines and financial challenges. Mandatory closures harmed half of the surveyed businesses, and closed marketplaces impacted more than a third. Despite government efforts to reduce layoffs and unemployment, one-third of the businesses attributed their layoffs to Covid-19. The tourism industry had the highest percentage of layoffs (48%), followed by construction (45%) and manufacturing (34%). Rent (61%), wages, social security payments (51%), and invoice payments (30%) were the most significant financial burdens on enterprises throughout the pandemic. With regard to the most significant economic impact, eight out of ten businesses reported lower sales, followed by a lack of capital and liquidity issues (six out of ten). Almost half of the respondents said they had lost money. One-quarter of the businesses surveyed had bank loans, and more than one-third had either supplier credit or informal credit from family or friends. One out of every five businesses confirmed that their debt increased. Large and medium-sized businesses, notably those in the manufacturing and construction industries, had the highest debt-to-bank ratio.

Several studies have been conducted to assess various recent issues (Abbas et al., 2019 ; Azadi et al., 2021 ; Yao et al., 2022 ; Yu et al., 2022 ; Zhou et al., 2022 ; Li et al., 2022 ; Zafar et al., 2022 ). However, these studies did not investigate the effect of IT governance on business continuity. According to Wan and Chan ( 2008 ), the BCM approach should include both business and technological elements. The technological component of the BCM improves the firm’s capability to sustain the minimum work requirements in case of a business interruption. Several studies (e.g., Pathak et al., 2020 ; Al-Hattami et al., 2022 ; Al-Hattami & Kabra, 2022 ; Dwivedi et al., 2020 ; Su et al., 2022 ) have stressed the importance of IT strategies in achieving corporate success, particularly during pandemics. As a result, to deal with the pandemic, most enterprises were forced to adjust their policies through digitalisation and remote working (Carroll & Conboy, 2020 ). Some businesses have begun to operate via the ‘Work from Home’ mode, utilising disruptive technology to deal with the economic disruption that happened because of Covid-19 (Kaushik & Guleria, 2020 ; Dwivedi et al., 2020 ).

Zhang et al. ( 2016 ) indicate that, based on strategic choice theory, IT governance is significantly influenced by corporate governance characteristics (CGC), including board involvement, which is reflected by board knowledge of IT (Jewer, McKay, 2012 ). In the same context, Zhang et al. ( 2016 ) indicate that board involvement in IT is more likely to be evaluated by external auditors and audit committees. The ability of businesses to combine IT and other corporate resources must be improved, especially when the board is made up primarily of independent directors who are probably to develop a more resilient IT competence. Therefore, the current research proposes that corporate governance characteristics alone are insufficient to combat the business disruptions caused by Covid-19. IT governance is needed to maintain BC and avoid business disruptions caused by Covid-19.

Based on this background, two central questions form the main focus of the present study: (1) To what extent did CGC influence BC during the Covid-19 pandemic? (2) Did IT governance moderate the effect of CGC on BC during the Covid-19 pandemic? Accordingly, the current study is motivated by the Covid-19 pandemic’s consequences, due to which all businesses and enterprises were negatively impacted and business operations were interrupted. Therefore, we assume that corporate governance attributes alone are not efficient enough to run business operations smoothly during the crisis. Hence, IT governance can play an effective role in enhancing business efficiency and avoiding business interruptions during crises, contributing to an efficient, holistic, and strategic BC process.

Therefore, this study contributes to the strand literature on CGC, IT governance, and BCM in several ways. First, it provides empirical evidence from an emerging country on the relationship between CGC, IT governance, and BCM. Second, it assesses the mediating role of IT governance in the relationship between CGC and BCM. We propose that during the Covid-19 crisis, corporate governance mechanisms alone are efficient in managing business interruptions and continuities. Third, there is a serious gap in the strand literature on these issues. Very few studies and limited research have been conducted on IT governance and BCM (e.g., Wan & Chan, 2008 , crisis management (e.g., Sahebjamnia et al., 2015 ), and IT governance (e.g., Järveläinen, 2013 ; Zhang et al., 2016 ). However, there is a scarcity of studies investigating this issue in the context of the Covid-19 pandemic. Hence, the current research makes a novel contribution to the state-of-the-art and bridges the gap in prior studies. To the researchers’ knowledge, this is the first study that investigates the role of IT governors in the relationship between corporate governance attributes and BCM. Finally, as a methodological contribution, the present research assesses the perceptions of the board of directors, executives, and other respondents from different sectors during the crisis, providing valuable insights into how businesses managed their business disruptions during Covid-19. The respondents’ responses have been estimated using structural equation modelling, which has high statistical power for providing clear and meaningful findings that can establish a holistic approach and framework to help businesses avoid disruptions. Accordingly, the present study is beneficial and significant for business organisations’ board members, policymakers, IT specialists, and academicians. It offers valuable insights into the influence of IT governance during the crisis and how corporate governance mechanisms can be complemented by IT governance to avoid business disruptions and maintain BC.

The next section discusses the background and hypotheses development; section “Methods” outlines the research method; section “Results” is devoted to the empirical results; section “Discussion and implications” provides discussions, implications, and research limitations.

Background and hypotheses development

Covid-19 background.

Covid-19, with its various variants, continues to worry the world. The story is that, by the end of 2019, an unwanted guest turned the world upside down. It began precisely in December 2019 when the Chinese government notified the World Health Organization (WHO) about the spread of an unknown disease in Wuhan (Nueangnong et al., 2020 ; Cifuentes-Faura, 2020 ; Cifuentes-Faura, 2021a ). The disease spread unexpectedly fast worldwide and became a pandemic (Nueangnong et al., 2020 ). Covid-19 has resulted in a significant short-term economic downturn, the closure of many businesses, the unemployment of tens of millions of people, and other repercussions on commercial activities. Covid-19 is a pandemic wreaking havoc on the global economy and causing massive disruptions to lives and livelihoods. According to many assessments, it is the worst worldwide disaster since World War 2 (Engidaw, 2022 ; Nueangnong et al., 2020 ). The disease created significant and massive business and service downtime (Kaushik & Guleria, 2020 ; Buheji, 2020 ). To mitigate the spread of the disease, most countries used various regulations, including travel bans, security measures, and social distancing (Fabeil et al., 2020 ; Nueangnong et al., 2020 ).

As observed by Barua ( 2020 ), Covid-19 presented a dramatic impact on international business and threatened the widespread economic well-being of entire countries to the point where delocalisation is imminent. This includes multiple industries from various sectors, such as distribution networks, transportation and cargo flow, production, commercial operations, academic learning, and tourism. The viral outbreak has brought about catastrophic destruction and company closures. Getting past these challenges will not ensure a prosperous or even a long-term positive future outlook (Donthu & Gustafsson, 2020 ). This forced scientists and researchers to find a way out of this crisis (Alshebami & Rengarajan, 2020 ). In light of this, the use of technology, like the Internet, and food and environmental security has been found beneficial to curbing the pandemic (see Al-Hattami, 2021 ; Cifuentes-Faura, 2020 ; Su et al., 2022 ; Jiakui et al., 2023 ; Zafar et al., 2022 ; Zhuang et al., 2022 ; Li et al., 2022 ; Liu et al., 2022 ).

Research background and hypotheses development

Several prior studies have examined BC from various aspects (e.g., Cerullo & Cerullo, 2004 ; Zsidisin et al., 2005 ). Further, some studies have been conducted on crisis management (e.g., Torabi et al., 2016; Hazaa et al., 2021 ; Sahebjamnia et al., 2015 ; Tosh et al., 2014 ; Liu et al., 2022 ). The context of these studies is narrow and limited to some crises other than Covid-19, which has caused massive effects. Furthermore, various studies have examined CGC (e.g., Hashed & Almaqtari, 2020; Youssef & Diab, 2021 ; Almaqtari & Hashed, et al., 2020; Farhan et al., 2020 ; Almaqtari & Shamim et al., 2020 ; Almaqtari & Al-Hattami et al., 2020 ; Al Maqtari & Farhan et al., 2020 ). However, no study has linked IT governance, BC, and CGC. While some studies focused on IT in the context of BC (e.g., Gómez et al., 2017 ; Haouam, 2020 ; Wahab & Arief, 2015 ; Järveläinen, 2013 ), they focused more on information technology than IT governance. Similarly, very few studies have investigated IT governance (e.g., Hamdan et al., 2018 ); however, they paid more attention to financial issues. In addition, despite some studies on governance characteristics, BC, and IT governance, these studies did not investigate the relationship between them in the context of Covid-19. Accordingly, there is a dearth of studies in the strand literature on the relationship between IT governance and BC during Covid-19.

Board characteristics and business continuity management

Gibb and Buchanan ( 2006 ) indicated a relationship between BCM and information management; both focused on uncertainty. Bunjongmanomai et al. ( 2020 ) investigated the relationship between corporate governance and BC during Covid-19. They report that BCM is considered a vital element of corporate governance that functions to control disruptive incidents. Similarly, Tosh et al. ( 2014 ) provided evidence of the relationship between hospitals’ ITG and BCP during Covid-19. They revealed that IT readiness is essential for connection and operations. They also contended that information technology improves hospital preparation, business operations, and the health system as a whole. As a result, a thorough BCP describing IT systems and infrastructures should be prepared. IT preparedness is critical for hospitals and health systems to maintain their operations networks, operate health and administrative information systems, and have sufficient capacity to restore and support health and administrative operations (Tosh et al., 2014 ).

Numerous recent studies have investigated BCM in various contexts (Aragão & Fontana, 2022 ; Ewertowski, 2022 ; Ino and Watanabe, 2022 ; Kaur et al., 2022 ; Kosieradzka et al., 2022 ; Le and Nguyen, 2022 ; Robertson et al., 2022 ; Singh and Jain, 2022 ). The researchers agree that BC is critical for business organisations during disruptive incidents. Lindström et al. ( 2010 ) indicated that IT and information security are essential elements of BCP. Tammineedi ( 2010 ) stated that a dedicated BCM team is necessary in the case of business disruption to enable the efficient continuation of business activities. Experts in business risks, IT, and organisational activities should be included in the team. Moreover, critical business functions should collaborate with their IT application support teams to develop a comprehensive and consistent BCP. The BCM group has to be organised in a hierarchical framework. The group should consist of individuals with relevant expertise and credentials to address pandemic-related constraints.

Several experiences have been provided by different studies on BCM during crises. For example, Goromaru et al. ( 2021 ) reported that Covid-19 has severely influenced many enterprises. Hence, any enterprise should establish BCP. The pandemic left consequences that will continue over the coming years. Consequently, experiences from this pandemic should be learned to avoid the negative effects and apply these lessons to future BCP. BCP is recommended during a pandemic to increase elasticity in the face of uncertain future hazards. In another context, Meechang et al. ( 2021 ) indicated that flood disasters in Thailand prompted the adoption of BC management, prompting enterprises to consider their long-term viability and sustainability.

The threat of business disruption grows as firms become more reliant on IT infrastructure. The BCP strategy seeks to mitigate the impact of any major business system failures (Cerullo and Cerullo, 2004 ). Ostadi et al. ( 2021 ) reveal that BCM is a complete strategy for identifying risks and mitigating their effects on an organisation’s operations. Product recovery and resource allocation following disruptive incidents are essential components of BCM. Organisations should prioritise resource allocation for restarting activities, minimising expenses, and returning operations to a tolerable level, so that disruptive incidents do not impede important activities. Therefore, the following hypothesis has been framed:

H 0 1. There is no significant impact of CGC on BCM during the Covid-19 pandemic .

Corporate governance characteristics and IT governance

ITG exists at the three hierarchical levels of an organisation involving the board and senior executives. The board of directors and the top management develop an IT strategy that will be implemented at the level of operations, including IT management in a practical sense (Haes & Grembergen, 2009 ). Institute ( 2003 ) indicates that developing an IT project charter is the duty of the board of corporate directors and top management. Gómez et al. ( 2017 ) argue that one of the board’s responsibilities is to anticipate and monitor IT deployment strategies to increase business value by providing faster resolutions and higher-quality product delivery. They also show that ITG is flawed and externalised if there is no effective board involvement and if the board believes that ITG is not a major aspect of corporate governance.

Haes and Grembergen ( 2005 ) highlight that ITG exists at several heretical levels within an organisation. It is situated at the strategic, management, and operational levels. These levels respectively represent the board of directors, C-suite, senior management, operational IT, and business management, where they involve, develop, and implement ITG strategy. According to Moeller ( 2013 ), developing high-level courses of action and conducting a comprehensive examination of overall corporate behaviour in light of ITG are the board’s and audit committee’s primary roles for setting the tone at the top. Risk mitigation, disclosure, and accountability all fall under information security (IS). Posthumus and Solms ( 2004 ) argue that the senior executive and the board of directors have a corporate management responsibility to deal with (IS). Hamdan et al. ( 2018 ) suggested a paradigm for interlocking boards and ITG in Jordan. According to the findings, ITG is a critical practice in the development and structuring of the board, i.e., it is important to connect the board of directors with competent managers with practical expertise in information systems. In another context, according to Lunardi et al. ( 2014 ) paper, there are indicators that ITG policies can help firms manage and utilise technology compared to those who do not employ them. Consequently, the subsequent hypothesis has been formulated:

H 0 2. There is no significant impact of CGC on ITG during the Covid-19 pandemic .

Corporate governance characteristics, IT governance, and business continuity

Covid-19 has put forward unique challenges in different aspects of life (Aqeel et al., 2021 ; Maqsood et al., 2021 ; Rahmat et al., 2018 ; Zhou et al., 2022 ). Since the break out of the deadly virus, Covid-19 spreads fear among people at the social level. Therefore, it is critical to implement appropriate mental and physical health prevention measures, particularly in less developed countries. Accordingly, social media could play a significant role in this regard (Abbas et al., 2019 ; Yu et al., 2022 ). People who were quarantined due to the spread of the disease could meet online (Yu et al., 2022 ). This is not limited to communication needs but also educational needs (Azadi et al., 2021 ; Maqsood et al., 2021 ; Rahmat et al., 2018 ; Yao et al., 2022 ). Moreover, business activities (Aqeel et al., 2021 ; Yu et al., 2022 ; Zhou et al., 2022 ) and the overall smoothness of life have raised the importance of technology to satisfy these needs.

A number of prior studies have assessed CGC throughout the viral pestilence (Covid19) (Elmarzouky et al., 2021 ; Jebran, Chen ( 2020 ); Koutoupis et al., 2021 ; Li et al., 2021 ; Xuguang et al., 2021 ; Zattoni and Pugliese, 2021 ). However, these studies did not investigate the relationship between CGC and ITG, especially during the pandemic. Several studies also focused on the importance of IT management in governance frameworks. For example, Korac‐Kakabadse and Kakabadse ( 2001 ) indicated that ITG is a significant component of governance characteristics that aims to establish associations and alignment among business processes. ITG is thus a significant element of an organisations’ corporate governance model because it introduces critical strategic plan measures that focus on IT strategy alignment. As ITG is initiated by corporate governance, the relationship between the two becomes clear (Dittmeier, 2011 ).

One of the most commonly used frameworks of ITG is the “Control Objectives for Information and Related Technology” (COBIT) framework (Simonsson et al., 2010 ; Lunardi et al., 2014 ). The COBIT framework considers the executive board, the chief executive director, and a few other elements as essential intra-stakeholders. Further, it emphasises the necessity of ITG and the effect of a dynamic and autonomous board of directors as a crucial aspect of the Committee of Sponsoring Organizations (COSCO) control environment (Moeller, 2013 ).

The board of directors’ size, insiders’ ratio, and board members’ experience in IT significantly influence the extent of the board’s involvement in IT governance (Jewer & McKay, 2012 ). Nevertheless, Huff et al. ( 2006 ), Bart and Turel ( 2010 ), and Andriole ( 2009 ) indicate that boardrooms have less expertise in IT governance in most cases. According to Peterson ( 2004 ), IT governance has to comprise an IT organisation structure, a ‘Chief Information Officer, an IT strategy committee, and an IT steering committee.’ Haes and Grembergen ( 2009 ) note that the IT governance structure should include an IT strategy committee at the board level to guarantee that IT is a regular agenda item for the board of directors. Furthermore, to assess the value and risk of IT, the board of directors would need to include IT expertise and experience, as well as an independent IT audit committee. The promotion, direction, and management of IT governance procedures are within the purview of the IT governance officer. At the executive or senior management level, the IT ‘steering committee’ should be accessible to determine the business priorities for IT investments. Importantly, Haes and Grembergen ( 2005 ) examined IT governance through interviews and reports. They claim that consultants, rather than board members, steer IT governance issues. As a result, the following hypothesis has been proposed:

H 0 3. There is no significant moderation effect of ITG on the relationship between CGC and BCM during the Covid-19 pandemic .

Research framework

Figure 1 illustrates the research framework.

figure 1

The research framework comprises three main variables: CGC, BCM, and ITG. CGCs are considered independent variables measured by board size, board independence, board diligence, audit committee independence, audit committee diligence, board committees, and external audit. BCM is treated as the independent variable, and ITG is a moderating variable.

Data and sample

The current study’s target research population includes all Jordanian businesses from different sectors operating in Jordan. We targeted different categories, including board members, senior executives, auditors, and IT assistants of various generations. The data for the study was collected through a snowball sampling procedure. Different researchers confirm that the snowballing sampling method is effective and appropriate for multivariate data processing and estimating the results (Agyekum et al., 2021 ; Chan, 2020 ; Faugere and Stul, 2021 ; Noy, 2008 ; Wang et al., 2019 ; Wright and Stein, 2004 ). At the initial stage, we explored the required minimum sample size to estimate the results. Many studies provide formulas and rules of thumb to calculate the sample size required to estimate the results (Bollen, 1989 ; Christopher Westland, 2010 ; Long et al., 1990 ). Following these studies and based on PLS path modelling and the number of latent and observed variables, we calculated the minimum sample size using free online statistical software. The sample is calculated based on an anticipated effect size of 0.3, a desired statistical power level of 0.8, nine latent variables, and 37 observed variables with a probability level of 1%. This gives a minimum sample size of 184 respondents. In addition, we used G-Power software to determine the required minimum sample, which yielded a minimum sample size of 160 respondents.

However, the study collected 232 surveys through an online questionnaire survey via Google Docs using convenience sampling. The online survey was administered through several social media platforms (e.g., Facebook, WhatsApp, and e-mails) to increase the possibility of data collection. All questions were made mandatory to avoid incomplete forms or missing data. In the same context, the survey is based on closed-ended questions (Westland, 2014 ), where all items were made with respondent-friendly statements to increase the response rate and avoid poor-quality responses (Tarran, 2010 ). Moreover, the response rate is enhanced by sending a short letter to targeted respondents through distribution platforms. Moreover, brevity is also used, which yielded an increase of 20% in the response rate.

Therefore, 232 surveys were collected and considered the final sample for the present study. Table 1 provides the sampling and sample adequacy. The results show that the final sample is 232. As the Kaiser-Meyer-Olkin Measure of Sampling Adequacy” value is greater than 0.7, this sample is considered statistically adequate for estimating the results. Further, this test shows high significance at the level of 1% ( P -value = 0.000, <0.01), indicating the suitability and adequacy of the sample. Further, the fitness of the factor analysis is indicated by Bartlett’s test, which has a value of 7956.149. Consistently, the degree of freedom is 741, indicating an appropriate estimation of factor analysis.

Research instrument

The present study utilises an online questionnaire survey distributed to board members, senior executives, auditors, and IT assistants from various sectors of Jordanian organisations. The questionnaire survey consists of thirty-nine items based on a thorough literature review. A 5-point Likert scale ranging from 1 (strongly disagree) to 5 (strongly agree) was utilised to measure and assess the respondents’ perceptions. The questionnaire was divided into nine dimensions. Table 2 below provides the measurement scales along with the operational definitions of the variables.

Sample demographic analysis

Table 3 shows the demographic characteristics of the participants. The findings show that gender distribution has 59 percent for males and 41 percent for females. A sizable proportion of respondents (72%) were under the age of 40 (37% and 35% from the under-40 age groups, respectively). In addition, 52% of the participants held an undergraduate degree, whereas only 45% held a higher education degree (24% were PG holders and 21% were Ph.D. holders). The results also show that while 41 percent of the respondents had less than five years of experience, 27 percent had six to ten years. Similarly, the results indicate that 22% of the respondents had eleven to fifteen years of working experience, compared to 10% with more than fifteen years of working experience.

Measurement model

Several studies have addressed the choice of PLS estimation based on its pros (Al-Hattami et al., 2021 ; Balta et al., 2020 ; Banerjee, 2022 ; Chin, 2010 ; Rostamzadeh et al., 2021 ; Shanmugapriya and Subramanian, 2016 ; Westland, 2014 ; Al-Hattami, 2022 ; Al-Hattami, 2023 ; Zafar et al., 2022 ). PLS modelling is commonly used among researchers due to several advantages (Hair et al., 2013 ; Henseler and Sarstedt, 2013 ). For example, PLS path modelling can be used to estimate associations between latent variables with a variety of indicators, even with a small sample size. The PLS path modelling approach uses ordinary least squares regressions to estimate sample sizes for various components of the focused path model. As a result, sample size requirements are scarcely affected by the complexity of the overall model.

SEM-PLS is an appropriate technique for assessing complicated models that attempt to anticipate associations between research variables (Memon et al., 2017 ). PLS-SEM can be used to forecast and evaluate key target constructions as well as identify key driver constructs. The reasons for using PLS-SEM include data characteristics such as small sample size and non-normal data. Hair et al. ( 2019 ) suggest that there are multiple reasons for PLS estimation: (a) small sample size; (b) models with formatively specified constructs; (c) PLS-SEM is preferable over regression analysis when estimating mediation; (d) researchers should use the two-stage approach to moderator analysis; (e) it is not necessary to estimate a PLS model’s goodness-of-fit.

Accordingly, the present study uses Smart PLS3 software to conduct confirmatory factor analysis, validity, reliability, and structural equation modelling for hypotheses testing. This approach is motivated by similar prior studies (Alsmairat et al., 2018 ; Awawdeh et al. ( 2021 ); Elgharbawy and Abdel-Kader, 2016 ; Thaker et al., 2022 ; Wang et al., 2022 ; Wijethilake, 2017 ; Zafar et al., 2022 ). For a more rigorous estimation of the results, SPSS software version 23 was used to conduct exploratory factor analysis and reliability analysis of the measurement model. This is also motivated by Balta et al. ( 2020 ), who conducted a study using both SPSS and PLS. The current study also used SPSS to filter the data and assess several assumptions and issues, including residuals, outliers, normality, and multicollinearity.

Exploratory factor analysis (EFA)

The results in Table 4 provide EFA results. EFA using SPSS 23 was conducted to determine whether the data was sufficient to assess a latent variable network model. The results provide the factor loading values for each indicator, which are greater than 0.40. Further, the results present the total variance, which shows the eigenvalues for the yielded latent variables. Moreover, the findings provide reliability values based on Cronbach’s alpha values. Some items were deleted throughout the exploratory factor analysis due to low factor loadings (0.40) or cross-loadings. Reliability analysis (i.e., Cronbach’s alpha) of the extracted factors was also conducted to ensure that each observed variable has a value greater than 0.70 (Akter et al., 2013 ).

Confirmatory factor analysis

Table 5 demonstrates the results of confirmatory factor analysis using PLS. The results provide the mean values and standard deviation for each item used to measure each construct. Further, the results give the measurement model in the form of factor loadings, Cronbach’s alpha, composite reliability (CR), and average variance extracted (AVE). Compared to EFA results, it is clear that two items have been deleted: BSIZE5 and BDEL5. The factor loading for these items was <0.40.

Based on the findings, it can be deduced that the factor loadings of the items have coefficients between 0.55 and 0.88. These values are higher than the acceptable criterion value (0.60) suggested by Chin ( 2010 ). CR values range between 0.82 and 0.92. These values indicate how well each construct’s components reflect the latent construct.

Figure 2 shows the values of CA, Roh_A, AVE, and CR. Figure 3 provides the constructs’ confirmatory factor analysis (CFA).

figure 2

This figure shows the values of CA, Roh_A, AVE, and CR. All values are higher than the criterion values, exceeding the lowest value line.

figure 3

This figure provides the constructs’ confirmatory factor analysis (CFA). The CFA has been estimated based on the conceptual framework presented in Fig. 1 . It delivers the values of the factor loading, validity, and reliability of constructs.

The findings in Table 6 provide the results of discriminant validity. The results reveal high correlation values corresponding to the same construct, indicating that the items used to measure the construct are suitable and represent the same construct. This is evident as the correlation values of each construct with other constructs provide low correlations, which are less than the self-correlation values of the construct (Fornell and Larcker, 1981 ).

Structural model

Figure 4 displays the study variables’ hypothesised or predicted structural approach.

figure 4

This figure displays the study variables’ hypothesised or predicted structural approach. It provides a direct effect model for the influence of the explanatory variables represented by CGC and ITG on the BC predicted variable.

Table 7 provides the estimates for the direct effect. The results in Panel A show that CGCs have an insignificant impact on BC except for ACIND. The results reveal that BSIZE, BIND, BDEL, ACIND, BCOM, and AUDIT exhibited an insignificant effect on BC at any significance level ( P  < 1%, 5%, and 10%) during the Covid-19 pandemic. While board size, board committees, and external audit exhibit statistically significant negative effects, board independence, board diligence, and audit committee diligence show a positive impact. Nonetheless, the evidence reveals that ACIND has a statistically significant positive impact on BC at 1% ( β  = 0.988; P -value < 0.01). Notably, the empirical findings show that ITG has a statistically significant effect on BC at 5% ( β  = 0.012; P -value < 0.05). The adjusted R 2 is 0.68, meaning the CGC and ITG constitute about 68% of BC. Therefore, H01, which states that “there is no significant effect of CGC on BC,” is rejected in terms of audit committee independence; however, it is accepted concerning BSIZE, BIND, BDEL, ACDEL, AUDIT, and BCOM.

Panel B results for the IT governance model show that board size has a statistically significant positive effect on IT governance at the 1% level ( β  = 3.812; P -value < 0.01). The results also show that board independence has a statistically significant positive effect on IT governance at 1% ( β  = 2.769; P -value < 0.01). However, the findings indicate that board diligence has an insignificant negative effect on IT governance ( β  = −1.233; P -value > 0.10). Further, they reveal that audit committee characteristics represented by audit committee independence and diligence have a statistically significant positive effect on IT governance at the level of 5% ( P -value < 0.01). In the same context, the results show that board committees have an insignificant positive effect on IT governance ( β  = 1.133; P -value > 0.10). Furthermore, the findings indicate that external audit has a statistically significant positive effect on IT governance at 1% ( β  = 3.184; P -value < 0.01). The adjusted R 2 has a 0.88 score, indicating that CGC explains about 88% of the variability of IT governance. Hence, H 0 2, which states “there is no significant effect of CGC on IT governance,” is rejected in terms of board size, board independence, audit committee independence, audit committee diligence, and external audit”. However, it is accepted in the context of board diligence and board committees.

The moderating effect of ITG

Figure 5 presents structural equation modelling for the moderating effect of IT governance on the relationship between governance mechanisms and BC.

figure 5

This figure presents structural equation modelling for the moderating effect of IT governance on the relationship between governance mechanisms and BC. IT governance has been considered a moderating variable that moderates the relationship between CGC and BC.

Table 8 shows the moderating impact of IT governance results on the association between governance attributes and BC. The results in Panel A are consistent with the findings provided in Table 7 , Panel A. The study reveals that CGCs have an insignificant impact on BC except for audit committee independence, which exhibits a statistically significant impact on BC. The study findings also show that IT governance has a statistically significant effect on BC at the level of 5% ( β  = 0.010; P -value < 0.05). In addition, Panel B reveals findings similar to those presented in Table 7 and Panel B. The results found that board size, board independence, and external audit have a statistically significant positive effect on IT governance at 1% ( P -value < 0.01). Further, the findings reveal that audit committee characteristics represented by audit committee independence and diligence have a statistically significant positive effect on IT governance at the level of 5% ( P -value < 0.01). However, the results indicate that board diligence and board committees exhibit an insignificant negative effect on IT governance ( P -value > 0.10).

In terms of the moderating effect of IT governance on the relationship between governance mechanisms and BC, Panel C’s findings indicate that IT governance significantly moderates the effect of board size on BC ( P -value < 0.01). However, this moderating effect is negative ( β  = −0.019), indicating that board size negatively moderates the IT governance’s effect on BC. This could be due to the large board size, which may negatively affect the impact of IT governance on BC. The outcomes further outline that board independence has a statistically positive ( β  = 0.001; P -value < 0.01) moderating impact on the relationship between IT governance and BC. This indicates that board independence has a positive monitoring role that significantly strengthens the bearing of IT governance on BC. The respondents perceived that board independence plays a significant and effective monitoring role in IT governance, contributing to a better BCM.

The research found that board diligence significantly and positively ( β  = 0.010) moderates the effect of IT governance on BC. However, this effect is weak at 10% ( P -value < 0.10). This could be attributed to the fact that board meetings strengthen the efficiency of IT governance. However, the respondents perceive that board meetings do not strongly moderate BC. This could be because all companies conducted their meetings virtually during Covid-19, which negatively affected the role of board diligence in the relationship between IT governance and BC. The outcomes also reveal that audit committee independence and diligence have a statistically significant positive moderating impact on the relationship between IT governance and BC. At the same time, audit committee independence has a significant impact at a 1% level ( P -value < 0.01), and diligence has a statistically significant effect at the level of 5% ( P -value < 0.05). This implies that audit committees have a positive monitoring role that strengthens the relationship between IT governance and BC.

The findings clarify that board committees have a statistically insignificant ( P -value > 0.10) moderating impact on the relationship between IT governance and BC. The negative coefficient ( β  = −0.019) indicates that this effect is negative but statistically insignificant. Finally, external audit exhibits a statistically significant positive moderating effect of 5% ( β  = 0.001, P -value < 0.05) on the relationship between IT governance and BC. This leads to rejecting H03, which states that “there is no significant moderating effect of IT governance on the relationship between CGC and BC.” Therefore, H03 is partially rejected in terms of board size, board independence, board diligence, audit committee independence, audit committee diligence, and external audit; however, it is accepted in the context of board committees.

Discussion and implications

Summary of findings.

The purpose of this study was to look into the impact of governance characteristics and IT governance on continuity management during Covid-19. The study also examined the moderating role of IT governance in the relationship between governance characteristics and BCM. A quantitative approach was used by utilising a survey questionnaire. A total of 232 questionnaire surveys were received from the board of directors, top and middle management executives, external auditors, IT experts, and some other respondents in Jordan. The study used an online questionnaire survey based on a 5-point Likert scale as the research instrument to collect the data. Finally, factor analysis and structural equation modelling were used to estimate the results.

The outcomes revealed that CGCs have an insignificant impact on BC except for audit committee independence, which exhibits a statistically significant effect on BC. The results also revealed that IT governance has a statistically significant effect on BC. The study found that board size, board independence, and external audit have a statistically significant positive impact on IT governance. Furthermore, the findings revealed that audit committee characteristics, represented by audit committee independence and diligence, have a statistically significant positive effect on IT governance. However, board diligence and board committees exhibited an insignificant negative effect on IT governance.

Regarding the moderating impact of IT governance on the relationship between governance mechanisms and BC, the results reported that IT governance significantly moderates the effect of board size on BC. However, this moderating effect is negative, indicating that board size moderates the effect of IT governance on BC negatively. The outcomes also show that board independence has a statistically significant positive moderating impact on the relationship between IT governance and BC. The results found that board diligence significantly and positively moderates the effect of IT governance on BC. However, this effect is weak at 10% ( P -value < 0.10). In the same context, the study shows that audit committee independence and diligence have a statistically significant positive moderating impact on the relationship between IT governance and BC. Furthermore, the findings show that IT governance does not moderate the relationship between board committees and the BC. Finally, external audit exhibits a statistically significant positive moderating effect on the relationship between IT governance and BC.

The research at hand provides insight into the role of IT governance in BCM during crises. It offers a unique contribution as it investigates the relationship between CGC, IT governance, and BCM during the Covid-19 era in an emerging country. The study provides empirical evidence from an emerging country on the relationship between CGC, IT governance, and BCM. Moreover, the present study makes a unique and novel contribution to investigating a critical issue encountered by all businesses during Covid-19, that affected business operations. To the researchers’ knowledge, this is the first study on the role of IT governors in the relationship between corporate governance attributes and BCM. Therefore, the present study also contributes to the strand of literature and bridges a serious gap. Very few studies and limited research have been conducted on IT governance and BCM. Accordingly, the present study is beneficial and highly important for board members of corporate organisations, stakeholders, regulators, practitioners, and academicians. The study is based on empirical evidence from a developing country. Accordingly, the results of this study have wider practical applications for some other developing nations. It offers insights into using technology-based business during crises for better business continuity.

Practical implications

Manufacturing industries are facing numerous challenges as a result of the Covid-19 pandemic and changing market demands (Pansare et al., 2022 ). The Covid-19 pandemic has significantly impacted most manufacturing systems, affecting the supply chain of medicine and other products (Moosavi et al., 2022 ). Furthermore, the manufacturing industries are struggling to improve performance and re-establish the supply chain in the post-Covid-19 period. To improve performance, current market demands and the post-Covid-19 situation necessitate integrating IT strategies and technological capabilities (Pansare et al., 2022 ).

The results of the present study report that all CGCs, except for audit committee independence, have an insignificant effect on BC. They also indicate that IT governance has a statistically significant effect on BC. Further, the results found that board size, board independence, audit committee independence, audit committee diligence, and external audit have a statistically significant positive effect on IT governance. However, the results show that board diligence exhibits an insignificant negative impact on IT governance. Overall, the results show that board involvement in IT governance was inefficient during the crisis in Jordan. Consistently, Moeller ( 2013 ) indicates that as a fundamental component of the Committee of Sponsoring Organizations (COSCO) control environment, the COBIT framework emphasises the importance of IT governance and the role of an effective and independent board. Thus, board members need to enhance their involvement in IT governance to improve preparedness for any crisis and improve business operations. In this regard, companies, especially board members, are suggested to incorporate both business and technological elements into their BCM process. Moreover, a detailed BC specifying IT systems and infrastructures should be created.

Several studies also emphasise the board’s responsibilities and involvement in monitoring and developing IT governance strategy (e.g., Gómez et al., 2017 ; Posthumus & Solms, 2004 ; Hamdan et al., 2018 ; Moeller, 2013 ). In addition, many studies report that information technology, including IT governance, is considered one of the prominent elements of a BC plan (Lindström et al., 2010 ; Korac-Kakabadse & Kakabadse, 2001 ; Dittmeier, 2011 ; Haes & Grembergen, 2009 ; Peterson, 2004 ). They indicate that IT governance is a significant element of an organisation’s corporate governance model because it introduces critical measures for strategic plans focusing on IT strategy alignment.

The results of the current study exhibit that CGCs have an insignificant effect on BC; however, they indicate a significant effect on IT governance. This could be because several enterprises began adopting IT governance to achieve better alignment in business operations (Haes & Grembergen, 2009 ). Further, IT governance has been identified as a critical concern for businesses. Companies’ growing interest in the subject is justified by the changing role and relevance of IT within organisations and the need to ensure that it is properly managed. IT governance employs corporate governance concepts to drive and control IT strategically (Lunardi et al., 2014 ). Therefore, IT governance is high on the agenda nowadays, and many organisations are incorporating its practices into their day-to-day operations (Haes & Grembergen, 2009 , Lunardi et al., 2014 ). Accordingly, business organisations should enhance their IT governance mechanisms as a practical implication. Moreover, board and audit committee members should have capacity programmes that enhance their expertise in IT governance. IT resources should be integrated with other organisational resources in the IT governance of business organisations to provide a competitive advantage (Zhang et al., 2016 ). This is necessary as a pandemic reaction (Ferreira et al., 2021 ).

Regarding the moderating effect of IT governance on the relationship between governance mechanisms and BC, the results reported that IT governance significantly moderates the effect of board size, board independence, board diligence, audit committee independence, audit committee diligence, and external audit on BC. However, IT governance does not moderate the relationship between board committees and BC. The current study results are consistent with Lindström et al. ( 2010 ), who indicate that IT is one of the key drivers of BC. Further, Tosh et al. ( 2014 ) revealed that IT played a significant role in BC planning during the pandemic. Numerous studies have consistently indicated that a BC plan should be designed and implemented to avoid the unintended consequences of disruptive events (e.g., Sahebjamnia et al., 2015 ; Botha & Solms, 2004 ; Cerullo & Cerullo, 2004 ). Similarly, IT governance is necessary to ensure the continuity and recovery of an organisation’s business operations to a predetermined acceptable level after a disruptive event (Tammineedi, 2010 ; Lindström et al., 2010 ; Clifton, 2000 ; Botha & Solms, 2004 ; Cerullo & Cerullo, 2004 ).

Accordingly, business organisations should identify possible risks and establish a framework for building response and resilience as part of their business continuity. Business organisations should frame their BC plans as a process of sustaining their business operations and maintaining their continuity following a disruptive event that can impede their goals (Aleksandrova et al., 2018 ). Any minor disruption can cause irreversible harm to a company’s reputation and public image (Botha & Solms, 2004 ). Accordingly, a well-designed and efficient pre-crisis BC plan should be designed and implemented (Sahebjamnia et al., 2015 ). Hence, the results of the current study suggest that BC plan methodology should be developed and implemented to avoid the undesirable consequences of disruptive events (Botha & Solms, 2004 ; Cerullo & Cerullo, 2004 ). To this end, the results highlight that to create a detailed BC plan, different business divisions should integrate their tasks with the support of IT application teams (Tammineedi, 2010 ). This is needed to ensure the continuity and recovery of a company’s business operations to a predetermined acceptable level following a disruptive event (Sahebjamnia et al., 2015 ; Cerullo & Cerullo, 2004 ).

According to the findings, advanced IT governance practices receive the most weight, emphasising their importance in organisations. The Covid-19 pandemic has posed new challenges for many organisations. The current results show that changing an organisation’s needs complicates matters. As a result, using advanced technologies can help organisations stay competitive in this situation. The developed framework can help practitioners and managers overcome the challenges posed by the pandemic and remain competitive in the market during the difficult post-Covid-19 period (Pansare et al., 2022 ).

Also, based on the current study results, several managerial and practical implications are offered to companies’ board members, regulators, managers, and investors. Companies should have an effective and efficient IT governance structure and strategy. Members of the board, audit committees, other board committees, and external auditors should all be actively involved in IT governance and process. They should also establish an organisational IT governance structure and procedures that ensure explicit and strategic BC. IT governance should be at the top and a major focus of the board’s and audit committee’s agendas. Further, the effective participation of board and audit committee members could be secured by increasing board independence and expertise, which leads to effective monitoring and involvement of board members in IT governance. Board evaluation and training in IT governance issues are essential to avoid business disruption and achieve better BCM.

In times of emergency and economic crises, the behaviour of business organisations is critical. In crisis survival, firms’ resources, dynamic abilities, innovation, and practical strategies aid in combating the negative effects of the pandemic (Liu et al., 2021 ). Firms must be able to survive unprecedented threats, increase market exposure, and thrive on emerging opportunities in today’s volatile and fast-paced competitive business environment. Thus, IT plays a critical role in the success of modern organisations by influencing how they create and capture value (Mikalef et al., 2021 ). As a result, businesses have developed new strategies for surviving the Covid-19 pandemic. This is motivated by organisations striving for long-term viability through competitive activities (Liu et al., 2021 ).

Therefore, the Covid-19 economic crisis presented challenges and opportunities for marketing innovation and digitalisation to capitalise on business opportunities with competitive products to survive the crisis (Wang et al., 2020 ). Competitive firms enable business activities and provide opportunities to meet customer and business environment requirements that existed before the crisis but have increased during the Covid-19 era, such as additional services and digital solutions (Ilinova et al., 2021 ; Al-Hattami, 2021 ). As a result, the role of business firms’ innovativeness, resources at hand, business networks, and dynamic capabilities in producing the best products to compete in the business competition ultimately improves firm performance. These influential factors aid firms in surviving during emergencies and global crises (Liu et al., 2021 ).

Hence, effective IT governance would enable the implementation of decision-making structures and the efficient use of these resources to assist managers in achieving their strategic goals while minimising efforts and investments in IT (Frogeri et al., 2020 ). IT governance strengthens organizations’ resilience to potential economic and environmental shocks. Organisations, in particular, should improve their corporate governance in order to increase their resilience and survival in such a risky environment (Awwad & El Khoury, 2021 ). Business organisations hire high-tech employees to help with technological innovations that aid business success, organisational competitive advantage, and long-term survival. Consequently, this necessitates the implementation of new ideas generated by high-tech employees (Li et al., 2022 ).

Limitations and directions for future research

Despite its numerous merits, this study contains several drawbacks. To begin, due to the length restriction of the questionnaire, the study was limited to a few corporate governance aspects. Thus, researchers are encouraged to investigate the other aspects of corporate governance that have not been considered here. Second, one major limitation this research encountered was collecting the data. Owing to the lockdown and Covid-19 restrictions, the study could not focus on particular sampling units. Third, this study is based on an emerging country, Jordan. Future research may investigate the same issues based on a comparison between some countries. Another limitation of this study is that it was conducted during Covid-19. A possible suggestion for future studies is to compare the findings with the post-Covid-19 situation. Finally, the current study is limited to a general sample drawn from different sectors. Future studies could compare several samples from different sectors.

Data availability

The data is available on request.

Abbas J, Aqeel M, Abbas J, Shaher B, Jaffar A, Sundas J, Zhang W (2019) The moderating role of social support for marital adjustment, depression, anxiety, and stress: evidence from Pakistani working and nonworking women. J Affect Disord 244:231–238. https://doi.org/10.1016/j.jad.2018.07.071

Article   PubMed   Google Scholar  

Agyekum K, Goodier C, Oppon JA (2021) Key drivers for green building project financing in Ghana. Eng Constr Archit Manag 29(8):3023–3050. https://doi.org/10.1108/ECAM-02-2021-0131

Article   Google Scholar  

Akter S, D’Ambra J, Ray P (2013) Development and validation of an instrument to measure user perceived service quality of MHealth. Inform Manag 50(4):181–195

Al Halbusi H, Al-Sulaiti K, Abbas J, Al-Sulaiti I (2022) Assessing factors influencing technology adoption for online purchasing amid COVID-19 in Qatar: moderating role of word of mouth. Front Environ Sci 10(July):1–17. https://doi.org/10.3389/fenvs.2022.942527

Al Maqtari FA, Farhan NH, Al-Hattami HM, Khalid AS (2020) Impact of country-level corporate governance on entrepreneurial conditions. Cogent Bus Manag 7(1):1797261. https://doi.org/10.1080/23311975.2020.1797261

Aleksandrova SV, Aleksandrov MN, Vasiliev VA (2018, September). Business continuity management system. In: 2018 IEEE International Conference” Quality Management, Transport and Information Security, Information Technologies”(IT&QM&IS). IEEE. pp. 14–17

Al-Hattami HM (2021) Determinants of intention to continue usage of online shopping under a pandemic: COVID-19. Cogent Bus Manag 8(1):1936368. https://doi.org/10.1080/23311975.2021.1936368

Al-Hattami HM (2022) Impact of AIS success on decision-making effectiveness among SMEs in less developed countries. Inform Technol Dev 1–21. https://doi.org/10.1080/02681102.2022.2073325

Al-Hattami HM (2023) Understanding perceptions of academics toward technology acceptance in accounting education. Heliyon 9(1):e13141. https://doi.org/10.1016/j.heliyon.2023.e13141

Article   PubMed   PubMed Central   Google Scholar  

Al-Hattami HM, Kabra JD (2022). The influence of accounting information system on management control effectiveness: The perspective of SMEs in Yemen. Inform Dev 02666669221087184. https://doi.org/10.1177/02666669221087184

Al-Hattami HM, Abdullah AAH, Khamis AAA (2021) Determinants of intention to continue using internet banking: Indian context. Innov Mark 17(1):40–52

Al-Hattami HM, Senan NAM, Al-Hakimi MA, Azharuddin S (2022) An empirical examination of AIS success at the organizational level in the era of COVID-19 pandemic. Glob Knowl Mem Commun (ahead-of-print). https://doi.org/10.1108/GKMC-04-2022-0094

Almaqtari FA, Al-Hattami HM, Al-Nuzaili KM, Al-Bukhrani MA (2020) Corporate governance in India: a systematic review and synthesis for future research. Cogent Bus Manag 7(1):1803579. https://doi.org/10.1080/23311975.2020.1803579

Almaqtari FA, Farhan NH, Yahya AT, Al-Dalaien BOA, Shamim M (2022) The mediating effect of IT governance between corporate governance mechanisms, business continuity, and transparency & disclosure: An empirical study of Covid-19 Pandemic in Jordan. Inf Secur J Glob Perspect 32(1):39–57

Almaqtari FA, Shamim M, Al-Hattami HM, Aqlan SA (2020) Corporate governance in India and some selected Gulf countries. Int J Manag Financial Account 12(2):165–185

Google Scholar  

Alshebami AS, Rengarajan V (2020) An imperative need for a new social order in microfinance community-Towards ushering in a resilient eco-system in the battle against corona pandemic. Int J Res 8(08):107–123

Alsmairat YY, Yusoff WS, Salleh MFM (2018) The effect of the reliance on internal audit work and ethical rules on perceived audit quality: evidence from Jordan. Int J Econ Manag 12(2):511–522. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85059521838&partnerID=40&md5=a2858bb792c8ca0a0692c127bf06fc47

Al-Thuneibat AA, Al-Angari HA, Al-Saad SA (2016) The effect of corporate governance mechanisms on earnings management: evidence from Saudi Arabia. Rev Int Bus Strategy 26(1):1–45

Al-Zwyalif IM (2013) IT governance and its impact on the usefulness of accounting information reported in financial statements. Int J Bus Soc Sci 4(2):83–94

Andriole SJ (2009) Boards of directors and technology governance: the surprising state of the practice. Commun AIS 24(22):373–94

Aqeel M, Abbas J, Raza S, Aman J (2021) Portraying the multifaceted interplay between sexual harassment, job stress, social support and employee’s turnover intension amid COVID-19: a multilevel moderating model. J Bus Econ 6(2):1–17

Aqeel M, Rehna T, Shuja KH, Abbas J (2022). Comparison of students’ mental wellbeing, anxiety, depression, and quality of life during COVID-19’s full and partial (smart) lockdowns: a follow-up study at a 5-month interval. Front Psychiatry, 13(April). https://doi.org/10.3389/fpsyt.2022.835585

Aragão JPS, Fontana ME (2022) Outsourcing strategies in public services under budgetary constraints: analysing perceptions of public managers. Public Organ Rev 22(1):61–77. https://doi.org/10.1007/s11115-021-00517-5

Awawdeh AE, Ananzeh M, El-khateeb AI, Aljumah A (2021) Role of green financing and corporate social responsibility (CSR) in technological innovation and corporate environmental performance: a COVID-19 perspective. China Finan Rev Int 12(2):297–316

Awwad B, El Khoury R (2021) Information technology governance and bank performance: evidence from Palestine. J Decis Syst 00(00):1–24. https://doi.org/10.1080/12460125.2021.2005860

Article   CAS   Google Scholar  

Azadi NA, Ziapour A, Lebni JY, Irandoost SF, Abbas J, Chaboksavar F (2021) The effect of education based on health belief model on promoting preventive behaviors of hypertensive disease in staff of the Iran University of Medical Sciences. Arch Public Health 79(1):1–8. https://doi.org/10.1186/s13690-021-00594-4

Balta N, Mâță L, Gómez CH, Tzafilkou K (2020) Students’ perception and acceptance of web-based technologies: a multi-group PLS analysis in Romania and Spain. Educ Inf Technol 25(5):4437–4458

Banerjee T (2022) Supplier satisfaction as a mediating effect on delivery and service: a PLS-SEM approach in India during COVID-19 pandemic. SN Comput Sci 3(2):1–11

Article   MathSciNet   Google Scholar  

Bart C, Turel O (2010) IT and the board of directors: An empirical investigation into the “governance questions” Canadian board members ask about IT. J Inf Syst 24(2):147–172

Barua S (2020) Understanding coronanomics: the economic implications of the coronavirus (COVID-19) pandemic. SSRN Electr J (April): 1–44

Bee Bee C, Verner J (2011) 257 Communications in Computer and Information Science Software Engineering, Business Continuity, and Education. http://www.scopus.com/inward/record.url?eid=2-s2.0-83755167818&partnerID=tZOtx3y1

Bollen KA (1989) Structural equations with latent variables (vol. 210). John Wiley & Sons

Botha J, Von Solms R (2004) A cyclic approach to business continuity planning. Inf Manag Comput Secur 12(4):328–337

Buheji M (2020) Sharing economy and communities attitudes after covid-19 pandemic-review of possible socio-economic opportunities. Am J Econ 10(6):395–406

Bunjongmanomai S, Homanee S, Chantabutr S, Ratanatanyong S (2020, November) The hybrid strategy of business continuity management for offshore facilities–a case study. In: Abu Dhabi International Petroleum Exhibition & Conference. OnePetro

Carroll N, Conboy K (2020) Normalising the “new normal”: Changing tech-driven work practices under pandemic time pressure. Int J Inf Manag 55:102186. https://doi.org/10.1016/j.ijinfomgt.2020.102186

Cerullo V, Cerullo MJ (2004) Business continuity planning: a comprehensive approach. Inf Syst Manag 21(3):70–78

Chan JT (2020) Snowball sampling and sample selection in a social network. In: The Econometrics of Networks. Emerald Publishing Limited

Chin, WW (2010). How to write up and report PLS analyses. In: Handbook of partial least squares. Springer, Berlin, Heidelberg. pp. 655–690

Cifuentes-Faura J (2020) COVID-19 and infodemics: how to solve this problem. Int J Media Inf Liter 5(2):145–152

Cifuentes-Faura J (2021a) Analysis of containment measures and economic policies arising from COVID-19 in the European Union. Int Rev Appl Econ 35(2):242–255

Cifuentes-Faura J (2021b) COVID-19 and the opportunity to create a sustainable world through economic and political decisions. World J Sci Technol Sustain Dev 18(4):417–421

Clifton RW (2000) Business continuity planning.” Occupational health & safety (Waco. Tex.) 69(10):254–261

Dittmeier CA (2011) Internal auditing: chiave per la corporate governance. 2nd edn. ed. Milan Egea

Dong F, Liu HL, Dai N, Yang M, Liu JP (2021) A living systematic review of the psychological problems in people suffering from COVID-19. J Affect Disord 292:172–188

Article   CAS   PubMed   PubMed Central   Google Scholar  

Donthu N, Gustafsson A (2020) Effects of COVID-19 on business and research. J Bus Res 117:284–289

Dwivedi YK, Hughes DL, Coombs C, Constantiou I, Duan Y, Edwards JS, Upadhyay N (2020) Impact of COVID-19 pandemic on information management research and practice: transforming education, work and life. Int J Inf Manag 55:102211. https://doi.org/10.1016/j.ijinfomgt.2020.102211

Elgharbawy A, Abdel-Kader M (2016) Corporate governance (Bingley) does compliance with corporate governance code hinder corporate entrepreneurship? Evidence from the UK. Emerald Group Publishing Ltd

Elmarzouky M, Albitar K, Hussainey K (2021) Covid-19 and performance disclosure: does governance matter. Int J Account Inf Manag 29(5):776–792. https://doi.org/10.1108/ijaim-04-2021-0086

Engidaw AE (2022) Small businesses and their challenges during COVID-19 pandemic in developing countries: in the case of Ethiopia. J Innov Entrepreneurship 11(1):1–14

Ewertowski T (2022) A standard-based concept of the integration of the corporate recovery management systems: coping with adversity and uncertainty during a pandemic. Sustainability 14(3):1254. https://doi.org/10.3390/su14031254

Fabeil NF, Pazim KH, Langgat J (2020) The impact of Covid-19 pandemic crisis on micro-enterprises: entrepreneurs' perspective on business continuity and recovery strategy. J Econ Bus 3(2):837–844

Farhan NH, Tabash MI, Almaqtari FA, Yahya AT (2020) Board composition and firms’ profitability: empirical evidence from pharmaceutical industry in India. J Int Stud 13(3):180–194. https://doi.org/10.14254/2071-8330.2020/13-3/12

Farzadfar F, Naghavi M, Sepanlou SG, Moghaddam SS, Dangel WJ, Weaver ND, Mahdavi MM (2022) Health system performance in Iran: a systematic analysis for the Global Burden of Disease Study 2019. Lancet 399(10335):1625–1645. https://doi.org/10.1016/S0140-6736(21)02751-3

Faugere C, Stul O (2021) Harmful events and misconducts in financial organizations: human biases and root causes. Res Int Bus Finan 56:101382

Ferreira R, Pereira R, Bianchi IS, da Silva MM (2021) Decision factors for remote work adoption: advantages, disadvantages, driving forces and challenges. J Open Innov Technol Market Complex 7(1):70. https://doi.org/10.3390/joitmc7010070

Fornell C, Larcker DF (1981) Evaluating structural equation models with unobservable variables and measurement error. J Market Res 18(1):39–50

Frogeri RF, Pardini DJ, Cunha GR (2020) Information technology governance in a higher education institution: an IT professionals’ perception analysis. Int J Human Capital Inf Technol Profession 11(1):31–46

Geng J, Haq SU, Abbas J, Ye H, Shahbaz P, Abbas A, Cai Y (2022) Survival in pandemic times: managing energy efficiency, food diversity, and sustainable practices of nutrient intake amid COVID-19 crisis. Front Environ Sci 10(July):1–16. https://doi.org/10.3389/fenvs.2022.945774

Gibb F, Buchanan S (2006) A framework for business continuity management. Int J Inf Manag 26(2):128–141

Gómez B, Bermejo B, Juiz C (2017) IT governance and its implementation based on a detailed framework of it governance (dFogIT) in public enterprises. In: Information Technology Governance in Public Organizations. Springer, Cham. pp. 133–155

Goromaru H, Kokogawa T, Ueda Y, Fukaya S (2021) Study of new normal business continuity to improve resilience against uncertain threat. J Disast Res 16(1):31–39. https://doi.org/10.20965/jdr.2021.p0031

Haes SD, Grembergen,WV (2005, January) IT governance structures, processes and relational mechanisms: achieving IT/business alignment in a major Belgian financial group. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences. IEEE. pp. 237b-237b

Haes SD, Grembergen WV (2009) An exploratory study into IT governance implementations and its impact on business/IT alignment. Inf Syst Manag 26(2):123–137

Hair JF, Ringle CM, Sarstedt M (2013) Partial least squares structural equation modeling: rigorous applications, better results and higher acceptance. Long Range Plann 46(1-2):1–12

Hair JF, Sarstedt M, Ringle CM (2019) Rethinking some of the rethinking of partial least squares. Eur J Market 53(4):566–84

Hamdan A, Musleh Al-Sartawi A, Khamis R, Anaswah M, Hassan A (2018, October). Board interlocking and IT governance: Proposed conceptual model. In: European, Mediterranean, and Middle Eastern Conference on Information Systems. Springer, Cham. pp. 457–463

Haouam D (2020) IT governance impact on financial reporting quality using COBIT framework. Glob J Comput Scie Theor Res 10(1):1–10

Hazaa YMH, Almaqtari FA, Al-Swidi A (2021) Factors influencing crisis management: a systematic review and synthesis for future research. Cogent Bus Manag 8(1):1878979. https://doi.org/10.1080/23311975.2021.1878979

Henseler J, Sarstedt M (2013) Goodness-of-fit indices for partial least squares path modeling. Comput Stat 28(2):565–580

Article   MathSciNet   MATH   Google Scholar  

Herbane B, Elliott D, Swartz EM (2004) Business continuity management: time for a strategic role. Long Range Plann 37(5):435–457. https://doi.org/10.1016/j.lrp.2004.07.011

Hossain MM, Tasnim S, Sultana A, Faizah F, Mazumder H, Zou L, Ma P (2020) Epidemiology of mental health problems in COVID-19: a review. F1000Research 9(636):1–16

Huff SL, Maher PM, Munro MC (2006) Information technology and the board of directors: Is there an IT attention deficit? MIS Q Exec 5(2):55–68

Ilinova A, Dmitrieva D, Kraslawski A (2021) Influence of COVID-19 pandemic on fertilizer companies: the role of competitive advantages. Resour Policy 71:102019

Ino E, Watanabe K (2022) Diversification of business risks due to social changes with COVID-19. J Disast Res 17(1):152–158. https://doi.org/10.20965/jdr.2022.p0152

Institute, IT Governance (2003) Board Briefing on IT Governance (2nd edn). Institute, IT Governance

Järveläinen J (2012) Information security and business continuity management in interorganizational IT relationships. Inf Manag Comput Secur 20(5):332–349

Järveläinen J (2013) IT incidents and business impacts: validating a framework for continuity management in information systems. Int J Inf Manag 33(3):583–590. https://doi.org/10.1016/j.ijinfomgt.2013.03.001

Jebran K, Chen S (2020). Can we learn lessons from the past? COVID-19 crisis and corporate governance. Int J Financ Econ https://doi.org/10.1002/ijfe.2428

Jewer J, McKay KN (2012) Antecedents and consequences of board IT governance: institutional and strategic choice perspectives. J Association for Inf Syst 13(7):581–617

Jiakui C, Abbas J, Najam H, Liu J, Abbas J (2023) Green technological innovation, green finance, and financial development and their role in green total factor productivity: empirical insights from China. J Clean Prod 382:135131. https://doi.org/10.1016/j.jclepro.2022.135131

Kaur A, Kumar A, Luthra S (2022) Business continuity through customer engagement in sustainable supply chain management: outlining the enablers to manage disruption. Environ Sci Pollut Res 29(10):14999–15017. https://pubmed.ncbi.nlm.nih.gov/34625896

Kaushik M, Guleria N (2020) The impact of pandemic COVID-19 in workplace. Eur J Bus Manag 12(15):1–10

Kebede, Tewodros Aragie et al. (2021) Impact of COVID-19 Pandemic on Enterprises in Italy. J Contemp Res Bus Admin Econ Sci 1:ISSN: 2777-739

Korac‐Kakabadse N, Kakabadse A (2001) IS/IT governance: need for an integrated model. Corp Gov 1(4):9–11

Kosieradzka A, Smagowicz J, Szwed C (2022) Ensuring the business continuity of production companies in conditions of COVID-19 pandemic in Poland–Applied measures analysis. Int J Disast Risk Reduct 72:102863, https://pubmed.ncbi.nlm.nih.gov/35223422

Koutoupis A, Kyriakogkonas P, Pazarskis M, Davidopoulos L (2021) Corporate governance and COVID-19: a literature review. Corp Gov Int J Bus Soc 21(6):969–982. https://doi.org/10.1108/cg-10-2020-0447

Le TT, Nguyen VK (2022) Effects of quick response to COVID-19 with change in corporate governance principles on SMEs’ business continuity: evidence in Vietnam. Corp Gov Int J Bus Soc 22(5):1112–1132. https://doi.org/10.1108/cg-09-2021-0334

Li M, Hamawandy NM, Wahid F, Rjoub H, Bao Z (2021) Renewable energy resources investment and green finance: evidence from China. Resour Policy 74:102402. https://doi.org/10.1016/j.resourpol.2021.102402

Li Y, Al-Sulaiti K, Dongling W, Abbas J, Al-Sulaiti I (2022) Tax avoidance culture and employees’ behavior affect sustainable business performance: the moderating role of corporate social responsibility. Front Environ Sci 10. https://doi.org/10.3389/fenvs.2022.964410

Lindström J, Samuelsson S, Hägerfors A (2010) Business continuity planning methodology. Disast Prevent Manag Int J 19(2):243–255

Liu Q, Qu X, Wang D, Abbas J, Mubeen R (2021) Product market competition and firm performance: business survival through innovation and entrepreneurial orientation Amid COVID-19 financial crisis. Front Psychol 12:790923. https://doi.org/10.3389/fpsyg.2021.790923

Liu Q, Qu X, Wang D, Abbas J, Mubeen R (2022) Product market competition and firm performance: business survival through innovation and entrepreneurial orientation amid COVID-19 financial crisis. Front Psychol 12:790923

Long JS (1990) EQS: structural equations program, Version 3.0. J Marketi Res 27(3):372

Lunardi GL, Becker JL, Maçada ACG, Dolci PC (2014) The impact of adopting IT governance on financial performance: an empirical analysis among Brazilian firms. Int J Accounti Inf Syst 15(1):66–81. https://doi.org/10.1016/j.accinf.2013.02.001

Maqsood A, Abbas J, Rehman G, Mubeen R (2021) The paradigm shift for educational system continuance in the advent of COVID-19 pandemic: mental health challenges and reflections. Curr Res Behav Sci 2(December 2020):100011. https://doi.org/10.1016/j.crbeha.2020.100011

Meechang K, Leelawat N, Tang J, Ino E, Kodaka A, Chintanapakdee C, Watanabe K (2021) Affecting factors on perceived usefulness of area-business continuity management: a perspective from employees in industrial areas in Thailand. In: IOP Conference Series: Earth and Environmental Science (Vol. 630, No. 1, p. 012016). IOP Publishing

Memon MA et al. (2017) A review of the methodological misconceptions and guidelines related to the application of structural equation modeling: a Malaysian Scenario. J Appl Struct Equat Model 1(June):i–xiii

ADS   Google Scholar  

Mikalef P, Pateli A, van de Wetering R (2021) IT architecture flexibility and IT governance decentralisation as drivers of IT-enabled dynamic capabilities and competitive performance: the moderating effect of the external environment. Eur J Inf Syst 30(5):512–540. https://doi.org/10.1080/0960085X.2020.1808541

Moeller RR (2013) Executive’s guide to IT governance: improving systems processes with service management, COBIT, and ITIL (Vol. 637). John Wiley & Sons

Moosavi J, Fathollahi-Fard AM, Dulebenets MA (2022) Supply chain disruption during the COVID-19 pandemic: recognizing potential disruption management strategies. Int J Disast Risk Reduct 75:102983. https://doi.org/10.1016/j.ijdrr.2022.102983 . September 2021

Mushtaque Khuram, Ahsan Kamran, Umer Ahmer (2014) IT governance in banking sector: VAL IT and RISK. Sci Int 26(3):1259–1264

Nalukenge I, Tauringana V, Ntayi JM (2017) Corporate governance and internal controls over financial reporting in Ugandan MFIs. J Account Emerg Econ 7(3):294–317

NeJhaddadgar N, Ziapour A, Zakkipour G, Abbas J, Abolfathi M, Shabani M (2022) Effectiveness of telephone-based screening and triage during COVID-19 outbreak in the promoted primary healthcare system: a case study in Ardabil province, Iran. J Public Health (Germany) 30(5):1301–1306. https://doi.org/10.1007/s10389-020-01407-8

Noy C (2008) Sampling knowledge: the hermeneutics of snowball sampling in qualitative research. Int J Soc Res Methodol 11(4):327–344

Nueangnong V, Hasan Subih AAS, Al-Hattami HM (2020) The 2020’s world deadliest pandemic: corona virus (COVID-19) and International Medical Law (IML). Cogent Soc Sci 6(1):1818936. https://doi.org/10.1080/23311886.2020.1818936

Ostadi B, Seifi MM, Husseinzadeh Kashan A (2021) A multi-objective model for resource allocation in disaster situations to enhance the organizational resilience and maximize the value of business continuity with considering events interactions. Proc Institut Mechan Eng, Part O: J Risk Reliability 235(5):814–830. https://doi.org/10.1177/1748006x21991027

Pansare R, Yadav G, Nagare MR (2022) Integrating operational excellence strategies with Industry 4.0 technologies through reconfigurable manufacturing system practices. TQM J. https://doi.org/10.1108/TQM-06-2022-0184

Pathak B, Ashok M, Tan YL (2020) Value co-destruction: exploring the role of actors’ opportunism in the B2B context. Int J Info Manag 52:102093

Peterson R (2004) Information Strategies and Tactics for Information Technology Governance. In: Van Grembergen W (ed.), Strategies for Information Technology Governance. Information Management Research Center, Instituto de Empres, Spain. pp. 37–80

Posthumus S, Solms RV (2004) A framework for the governance of information security. Comput Secur 23(8):638–46

Rahmat TE, Raza S, Zahid H, Abbas J, Sobri FAM, Sidiki SN (2018) Nexus between integrating technology readiness 2.0 index and students’ e‑library services adoption amid the COVID‑19 challenges: Implications based on the theory of planned behavior. J Educ Health Promot 11(January):1–9. https://doi.org/10.4103/jehp.jehp

Rebmann T, Wang J, Swick Z, Reddick D, delRosario Jr JL (2013) Business continuity and pandemic preparedness: US health care versus non-health care agencies. Am J Infect Control 41(4):e27–e33. https://doi.org/10.1016/j.ajic.2012.09.010

Robertson R, Beaven A, Coolbear T, Hill J, Kirk T, McCullough G, Venter P (2022) Multi-faceted and holistic risk management for business-critical food-safety events causing major disruption to both small and large businesses–an illustrative model. Food Control 134:108714

Rostamzadeh S, Saremi M, Vosoughi S, Bradtmiller B, Janani L, Farshad AA, Taheri F (2021) Analysis of hand-forearm anthropometric components in assessing handgrip and pinch strengths of school-aged children and adolescents: a partial least squares (PLS) approach. BMC Pediatrics 21(1):1–12

Sahebjamnia N, Torabi SA, Mansouri SA (2015) Integrated business continuity and disaster recovery planning: towards organizational resilience. Eur J Oper Res 242(1):261–273. https://doi.org/10.1016/j.ejor.2014.09.055

Shanmugapriya S, Subramanian K (2016) Developing a PLS path model to investigate the factors influencing safety performance improvement in construction organizations. KSCE J Civil Engi 20(4):1138–1150

Simonsson M, Johnson P, Ekstedt M (2010) The effect of IT governance maturity on IT governance performance. Inform Syst Manag 27(1):10–24

Singh AK, Jain AK (2022) Business continuity during adversity and strategies to revive certain sectors. Int J Sociotechnol Knowl Dev (IJSKD) 14(2):17–40. https://doi.org/10.4018/ijskd.2022040102

Su Z, Cheshmehzangi A, Bentley BL, McDonnell D, Šegalo S, Ahmad J, da Veiga CP (2022) Technology-based interventions for health challenges older women face amid COVID-19: a systematic review protocol. Syst Rev 11(1):271. https://doi.org/10.1186/s13643-022-02150-9

Tammineedi RL (2010) Business continuity management: a standards-based approach. Info Secur J Glob Perspect 19(1):36–50

Tarran B (2010) Respondent engagement and survey length: the long and the short of it. Research Live

Thaker HMT, Thaker MAMT, Khaliq A, Pitchay AA, Hussain HI (2022) Behavioural intention and adoption of internet banking among clients’ of Islamic banks in Malaysia: an analysis using UTAUT2. J Islam Mark 13(5):1171–97

Tosh PK, Feldman H, Christian MD, Devereaux AV, Kissoon N, Dichter JR (2014) Business and continuity of operations: care of the critically ill and injured during pandemics and disasters: CHEST consensus statement. Chest 146(4):e103S–e117S

Vugec DS, Spremić M, Bach MP (2017) IT governance adoption in banking and insurance sector: longitudinal case study of COBIT use. Int J Qual Res 11(3):691–716

Wahab IHA, Arief A (2015, October) An integrative framework of COBIT and TOGAF for designing IT governance in local government. In: 2015 2nd International Conference on Information Technology, Computer, and Electrical Engineering (ICITACEE). IEEE. pp. 36–40

Wan SH, Chan YH (2008, April). Adoption of business continuity planning processes in IT service management. In: 2008 3rd IEEE/IFIP International Workshop on Business-driven IT Management. IEEE. pp. 21–30

Wang S, Shang G, Zhang S (2019) Corporate governance and evolution of trust in entrepreneurial networks: a case study of NVC Lighting Holding Ltd. Chin Manag Stud 13(4):939–66

Wang Y, Hong A, Li X, Gao J (2020) Marketing innovations during a global crisis: a study of China firms’ response to COVID-19. J Bus Res 116:214–220. https://doi.org/10.1016/j.jbusres.2020.05.029

Wang Z, Shahid MS, Binh An N, Shahzad M, Abdul-Samad Z (2022) Does green finance facilitate firms in achieving corporate social responsibility goals. Econ Res Ekonomska Istraživanja 0(0):1–20. https://doi.org/10.1080/1331677X.2022.2027259

Westland JC (2010) Lower bounds on sample size in structural equation modeling. Electron Commer Res Appl 9(6):476–487

Westland JC (2014) Statistical power and sample size in PLS path analysis. SSRN Electron J 1–12. https://doi.org/10.2139/ssrn.2488982

Wijethilake C (2017) Proactive sustainability strategy and corporate sustainability performance: the mediating effect of sustainability control systems. J Environ Manag 196:569–582. https://doi.org/10.1016/j.jenvman.2017.03.057

Wright R, Stein M (2004) Snowball sampling. Encyclopedia Soc Measurement 10(2):495–500

Xuguang Z, Ahmad MI, Ueng J, Ramaswamy V (2021) Board attributes and corporate philanthropy behavior during COVID‐19: a case from China. J Corp Account Financ 32(3):61–67. https://doi.org/10.1002/jcaf.22499

Yao J, Ziapour A, Abbas J, Toraji R, NeJhaddadgar N (2022) Assessing puberty-related health needs among 10–15-year-old boys: a cross-sectional study approach. Arch Pediatr 29(4):307–311. https://doi.org/10.1016/j.arcped.2021.11.018

Youssef J, Diab S (2021) Does quality of governance contribute to the heterogeneity in happiness levels across MENA countries. J Bus Socio-Econ Dev 1(1):87–101. https://doi.org/10.1108/jbsed-03-2021-0027

Yu S, Abbas J, Draghici A, Negulescu OH, Ain NU (2022) Social media application as a new paradigm for business communication: the role of COVID-19 knowledge, social distancing, and preventive attitudes. Front Psychol 13(May):1–17. https://doi.org/10.3389/fpsyg.2022.903082

Zafar MZ, Shi X, Yang H, Abbas J, Chen J (2022) The impact of interpretive packaged food labels on consumer purchase intention: the comparative analysis of efficacy and inefficiency of food labels. Int J Environ Res Public Health 19(22):15098. https://doi.org/10.3390/ijerph192215098

Zattoni A, Pugliese A (2021) Corporate governance research in the wake of a systemic crisis: lessons and opportunities from the COVID‐19 pandemic. J Manag Stud 58(5):1405–1410. https://doi.org/10.1111/joms.12693

Zhang P, Zhao K, Kumar RL (2016) Impact of IT governance and IT capability on firm performance. Inform Syst Manag 33(4):357–373. https://doi.org/10.1080/10580530.2016.1220218

Zhou Y, Draghici A, Abbas J, Mubeen R, Boatca ME, Salam MA (2022) Social media efficacy in crisis management: effectiveness of non-pharmaceutical interventions to manage COVID-19 challenges. Front Psychiatry 12(February):1–16. https://doi.org/10.3389/fpsyt.2021.626134

Zhuang D, Abbas J, Al‐Sulaiti K, Fahlevi M, Aljuaid M, Saniuk S (2022) Land‐use and food security in energy transition: role of food supply. Front Sustai Food Syst 6:510. https://doi.org/10.3389/fsufs.2022.1053031

Zsidisin GA, Melnyk SA, Ragatz GL (2005) An institutional theory perspective of business continuity planning for purchasing and supply management. Int J Product Res 43(16):3401–3420

Download references


The authors extend their appreciation to the Arab Open University for Funding this work through funding No. (AOURG-2023-004).

Author information

Authors and affiliations.

Faculty of Business, Economics and Social Development, Universiti Malaysia Terengganu, Kuala Nerus, Terengganu, 21030, Malaysia

Faozi A. Almaqtari & Tamer Elsheikh

Faculty of business studies, Arab Open University, Riyadh, Saudi Arabia

Najib H. S. Farhan

Department of Accounting, Faculty of Commerce and Economic, Hodeidah University, Al Hudaydah, Yemen

Hamood Mohammed Al-Hattami

Faculty of Commerce, Kafrelsheikh University, Kafr El Sheikh, Egypt

Tamer Elsheikh

You can also search for this author in PubMed   Google Scholar

Corresponding authors

Correspondence to Najib H. S. Farhan or Hamood Mohammed Al-Hattami .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Ethical approval

This article is not involved with any individual or specific organization. This article does not contain any studies with human participants performed by any of the authors.

Informed consent

Consent was not deemed necessary for this study, as the data collected using the anonymous identity of the respondent. All sources used in this study have been considered and cited.

Additional information

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Almaqtari, F.A., Farhan, N.H.S., Al-Hattami, H.M. et al. The moderating role of information technology governance in the relationship between board characteristics and continuity management during the Covid-19 pandemic in an emerging economy. Humanit Soc Sci Commun 10 , 96 (2023). https://doi.org/10.1057/s41599-023-01552-x

Download citation

Received : 15 August 2022

Accepted : 31 January 2023

Published : 10 March 2023

DOI : https://doi.org/10.1057/s41599-023-01552-x

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quick links

  • Explore articles by subject
  • Guide to authors
  • Editorial policies

case studies for it governance

Generative AI will first be successfully scaled in business operations

Curt Mueller

February 5, 2024 Generative AI (gen AI) had an exciting year in 2023. This year, claims of its transformative potential will be tested as organizations attempt to scale gen-AI-powered activities. The aim will be to make gen AI part of the fabric and architecture of business operations in a way that measurably moves the dial on business performance. We estimate that gen AI could offer savings opportunities of $1.4 trillion to $2.6 trillion across operations functions, including customer service, R&D, manufacturing, supply chain, and procurement, alongside its impact on the back office .

This will be harder than much of the coverage of gen AI—so far—may have led some to believe. Amid the declarations and promises, we offer some practical ideas for putting gen AI to work in your business.

AI’s potential spans the 4Cs

Gen AI applications span several archetypes of capabilities that reside, at least partially, in the scope of operations functions. These include the 4Cs:

  • Concision. New capabilities in concision have equipped gen AI to interpret large corpuses of unstructured data to identify and summarize relevant answers in service and analysis contexts.
  • Creative content. Gen AI’s potential handling of creative content can enable the rapid tailoring of complex and structured documents to specific needs and contexts.
  • Customer engagement. Out-of-the-box copilots powered by gen AI can guide customers through their personalized journeys in the realm of customer engagement.
  • Coding and software. New capabilities in coding and software promise swifter migration from legacy systems at scale.

Persuasive examples already exist. The customer support function of a South American telecommunications company used conversational AI to prioritize its higher-value clients while promoting self-service. By automating a proportion of its contact activity and consolidating redundant platforms, the company reduced operational expenditures by roughly $80 million. Elsewhere, a gen-AI-powered learning platform led to onboarding surveys reporting improved onboarding experience by some 35 percent. Another business reduced financial planning and analysis costs by more than $6 million through use of a sophisticated gen-AI-powered research assistant that automatically pulls information from multiple sources, synthesizes knowledge, and presents it for human verification.

Operations: The realm of tangible testing

Operations functions are an attractive area for introducing gen AI, because these functions typically have well-established measurement and reporting processes, which make it easier to see the impact of decisions such as how much time a supervisor saves or how much more efficient a particular stage of process has become. Smart businesses will experiment with gen AI in operations, analyze the results, and then carefully apply what they have learned to more complex scenarios. Despite some of the lofty claims made in 2023, most businesses will experience no silver bullet or lightning strike but instead testing, learning, and iterative progress.

For example, at manufacturing plants where shift reports are routinely handed over between shifts, gen AI has the potential to reduce delivery time for these reports by 50 to 70 percent. Organizations can apply gen AI to such workaday but business-performance-enhancing tasks. Those that do so will have live case studies from which to learn and on which to build. Then they can apply the resulting knowledge and know-how to refinements in inventory, scheduling, and the use of raw materials.

Avoiding ‘pilot purgatory’

As in past digital transformations, the best practices for introducing generative AI will involve setting up governance structures; drafting, updating, and socializing transformation road maps; and establishing an indefatigable communications strategy. Creating value from gen AI requires tackling operational readiness challenges as much as grappling with new technologies. This is the familiar terrain of capability building and change management: developing new capabilities in IT and tech, managing risk and reputation, and monitoring regulatory matters. It is critical here to have a strong relationship between operations leaders and tech leaders, as is true for any successful change program.

Companies can benefit from addressing the deployment of gen AI as a transformation, not merely a technological advance. This calls for focusing on the business challenge, not the technology itself. In other words, companies identify the exact business challenge gen AI could address and then verify that a more efficient solution cannot already come from traditional AI, internal rules, or organizational shifts. Deploying gen AI for its own sake will not yield tangible business results and could even become a fruitless distraction.

Building the right team

Quick-win use cases deliver value and excitement, and they prevent efforts from becoming “just another IT project.” Lighthouse use cases foster trust and alleviate organizational concerns while paving the way for more advanced gen AI applications. They also provide the business with a secure space in which to learn and formulate the right questions.

A core team with the right complementary skill set to steer gen AI pilot projects should have expertise in business operations, technology, and change management. Again, the key stages will be familiar to many: clarifying stakeholders’ roles and responsibilities, identifying and elevating domain experts. And as with any major change in ways of working, the chances of success are vastly greater when project leaders involve the front line early and often. When projects are derailed, the most common reason is by a failure of the project leaders to take people with them, and gen-AI-powered projects will be no different.

Involving the right people

Any venture that aims to scale gen AI will involve legal, privacy, and governance issues . Those responsible for addressing these issues need to be on board, and the company should tap their expertise to inform the road map for scaling gen AI. A significant introduction of gen AI is likely to require new controls, training modules, and more. For more examples of current and possible applications for GenAI, and the inherent risks, listen to our recent podcast here.

When it comes to talent, most organizations will likely benefit from upskilling existing tech roles to include emerging gen AI skills, such as prompt engineering. Developing separate roles may be less of a priority, though external hiring in key areas may be necessary. Knowing when to hire and when to train internally for gen AI success is a value creating decision-making skill that leaders will need to master at pace.

Familiar questions

Though companies’ answers will differ, the business questions remain the same: How will a gen AI transformation get us to market faster or enhance productivity and efficiency? What new set of capabilities do we need within the workforce to make the most of the opportunity? How do we measure gen AI’s return on investment?

As companies begin experimenting with use cases, answers to these questions will begin to emerge in the very near future, and many of the success measures already exist. Over the coming years, we will see whether the excitement in 2023 was overdone or gen AI becomes a critical, game-changing tool of the magnitude of, say, data analytics. In the meantime, businesses and their leaders have work to do and choices to make as they test ideas and search for value through the smart application of these new technologies.

Connect with our Operations Practice

  • Please enable javascript in your browser settings and refresh the page to continue.
  • Technology Research /
  • Strategy & Governance /
  • IT Strategy

IT Strategy - Case Studies

  • Strategy & Governance 8
  • Value & Performance 5
  • Infrastructure & Operations 6
  • Enterprise Architecture 10
  • Applications 10
  • Project & Portfolio Management 8
  • Data & Business Intelligence 3
  • Vendor Management 8

Types of Content

  • Job Descriptions 10
  • Templates & Policies 59
  • Case Studies 5
  • Blueprints 22
  • Storyboards 37

case studies for it governance

Please confirm the appointment time and click Schedule.

Your call is being booked. A representative will be available to assist you if needed.

  • Skip to main content
  • Keyboard shortcuts for audio player

Shots - Health News

  • Your Health
  • Treatments & Tests
  • Health Inc.
  • Public Health

Reproductive rights in America

Research at the heart of a federal case against the abortion pill has been retracted.

Selena Simmons-Duffin

Selena Simmons-Duffin

case studies for it governance

The Supreme Court will hear the case against the abortion pill mifepristone on March 26. It's part of a two-drug regimen with misoprostol for abortions in the first 10 weeks of pregnancy. Anna Moneymaker/Getty Images hide caption

The Supreme Court will hear the case against the abortion pill mifepristone on March 26. It's part of a two-drug regimen with misoprostol for abortions in the first 10 weeks of pregnancy.

A scientific paper that raised concerns about the safety of the abortion pill mifepristone was retracted by its publisher this week. The study was cited three times by a federal judge who ruled against mifepristone last spring. That case, which could limit access to mifepristone throughout the country, will soon be heard in the Supreme Court.

The now retracted study used Medicaid claims data to track E.R. visits by patients in the month after having an abortion. The study found a much higher rate of complications than similar studies that have examined abortion safety.

Sage, the publisher of the journal, retracted the study on Monday along with two other papers, explaining in a statement that "expert reviewers found that the studies demonstrate a lack of scientific rigor that invalidates or renders unreliable the authors' conclusions."

It also noted that most of the authors on the paper worked for the Charlotte Lozier Institute, the research arm of anti-abortion lobbying group Susan B. Anthony Pro-Life America, and that one of the original peer reviewers had also worked for the Lozier Institute.

The Sage journal, Health Services Research and Managerial Epidemiology , published all three research articles, which are still available online along with the retraction notice. In an email to NPR, a spokesperson for Sage wrote that the process leading to the retractions "was thorough, fair, and careful."

The lead author on the paper, James Studnicki, fiercely defends his work. "Sage is targeting us because we have been successful for a long period of time," he says on a video posted online this week . He asserts that the retraction has "nothing to do with real science and has everything to do with a political assassination of science."

He says that because the study's findings have been cited in legal cases like the one challenging the abortion pill, "we have become visible – people are quoting us. And for that reason, we are dangerous, and for that reason, they want to cancel our work," Studnicki says in the video.

In an email to NPR, a spokesperson for the Charlotte Lozier Institute said that they "will be taking appropriate legal action."

Role in abortion pill legal case

Anti-abortion rights groups, including a group of doctors, sued the federal Food and Drug Administration in 2022 over the approval of mifepristone, which is part of a two-drug regimen used in most medication abortions. The pill has been on the market for over 20 years, and is used in more than half abortions nationally. The FDA stands by its research that finds adverse events from mifepristone are extremely rare.

Judge Matthew Kacsmaryk, the district court judge who initially ruled on the case, pointed to the now-retracted study to support the idea that the anti-abortion rights physicians suing the FDA had the right to do so. "The associations' members have standing because they allege adverse events from chemical abortion drugs can overwhelm the medical system and place 'enormous pressure and stress' on doctors during emergencies and complications," he wrote in his decision, citing Studnicki. He ruled that mifepristone should be pulled from the market nationwide, although his decision never took effect.

case studies for it governance

Matthew Kacsmaryk at his confirmation hearing for the federal bench in 2017. AP hide caption

Matthew Kacsmaryk at his confirmation hearing for the federal bench in 2017.

Kacsmaryk is a Trump appointee who was a vocal abortion opponent before becoming a federal judge.

"I don't think he would view the retraction as delegitimizing the research," says Mary Ziegler , a law professor and expert on the legal history of abortion at U.C. Davis. "There's been so much polarization about what the reality of abortion is on the right that I'm not sure how much a retraction would affect his reasoning."

Ziegler also doubts the retractions will alter much in the Supreme Court case, given its conservative majority. "We've already seen, when it comes to abortion, that the court has a propensity to look at the views of experts that support the results it wants," she says. The decision that overturned Roe v. Wade is an example, she says. "The majority [opinion] relied pretty much exclusively on scholars with some ties to pro-life activism and didn't really cite anybody else even or really even acknowledge that there was a majority scholarly position or even that there was meaningful disagreement on the subject."

In the mifepristone case, "there's a lot of supposition and speculation" in the argument about who has standing to sue, she explains. "There's a probability that people will take mifepristone and then there's a probability that they'll get complications and then there's a probability that they'll get treatment in the E.R. and then there's a probability that they'll encounter physicians with certain objections to mifepristone. So the question is, if this [retraction] knocks out one leg of the stool, does that somehow affect how the court is going to view standing? I imagine not."

It's impossible to know who will win the Supreme Court case, but Ziegler thinks that this retraction probably won't sway the outcome either way. "If the court is skeptical of standing because of all these aforementioned weaknesses, this is just more fuel to that fire," she says. "It's not as if this were an airtight case for standing and this was a potentially game-changing development."

Oral arguments for the case, Alliance for Hippocratic Medicine v. FDA , are scheduled for March 26 at the Supreme Court. A decision is expected by summer. Mifepristone remains available while the legal process continues.

  • Abortion policy
  • abortion pill
  • judge matthew kacsmaryk
  • mifepristone
  • retractions
  • Abortion rights
  • Supreme Court
  • MyAucklandUni
  • Student Services Online
  • Class search
  • Student email
  • Change my password
  • MyCDES+ (job board)
  • Course outlines
  • Learning essentials
  • Libraries and Learning Services
  • Forms, policies and guidelines
  • New students
  • Enrol in courses
  • Campus card
  • Postgraduate students
  • Summer school
  • AskAuckland
  • Student Hubs
  • Student IT Hub
  • Student Health and Counselling
  • Harassment, bullying, sexual assault and other violence
  • Complaints and incidents
  • Career Development and Employability Services (CDES)
  • Ratonga Hauātanga Tauira | Student Disability Services (SDS)
  • Rainbow support
  • Covid-19 information for our community
  • Emergency information
  • Report concerns, incidents and hazards
  • Health and safety topics
  • Staff email
  • Staff intranet
  • ResearchHub
  • PeopleSoft HR
  • Forms register
  • Careers at the University
  • Education Office
  • Early childhood centres
  • University Calendar
  • Opportunities
  • Update your details
  • Make a donation
  • Publications
  • Photo galleries
  • Video and audio
  • Career services
  • Virtual Book Club
  • Library services
  • Alumni benefits
  • Office contact details
  • Alumni and friends on social media
  • No events scheduled for today You have no more events scheduled for today
  • Next event:
  • Show {0} earlier events Show {0} earlier event
  • Event_Time Event_Name Event_Description
  • My Library Account
  • Change Password
  • Edit Profile
  • My GPA Grade Point Average About your GPA GPA not available Why can't I see my GPA?
  • My Progress
  • Points Required Completed points My Progress Progress not available All done!
  • Student hubs
  • Health and counselling
  • All support
  • Health, safety and well-being

Breadcrumbs List.

  • News and opinion

99 million people included in largest global vaccine safety study

19 February 2024

Health and medicine , Faculty of Medical and Health Sciences

The Global Vaccine Data Network, hosted at the University of Auckland, utilises vast data sets to detect potential vaccine safety signals

Global Vaccine Data Network co-director Dr Helen Petousis-Harris: Latest study uses vast data sets to ensure vaccine safety.

The Global Vaccine Data Network (GVDN) assessed 13 neurological, blood, and heart related medical conditions to see if there was a greater risk of them occurring after receiving a Covid-19 vaccine in the latest of eight studies in the Global COVID Vaccine Safety (GCoVS) Project.

Recently published in the journal Vaccine , this observed versus expected rates study included 99 million people (over 23 million person-years of follow-up) from 10 collaborator sites across eight countries. The study identified the pre-established safety signals for myocarditis (inflammation of the heart muscle) and pericarditis (inflammation of the thin sac covering the heart) after mRNA vaccines, and Guillain-Barré syndrome (muscle weakness and changed sensation (feeling)), and cerebral venous sinus thrombosis (type of blood clot in the brain) after viral vector vaccines.

Possible safety signals for transverse myelitis (inflammation of part of the spinal cord) after viral vector vaccines and acute disseminated encephalomyelitis (inflammation and swelling in the brain and spinal cord) after viral vector and mRNA vaccines were identified.

So far, these findings were further investigated by the GVDN site in Victoria, Australia. Their study and results are described in the accompanying paper. Results are available for public review on GVDN’s interactive data dashboards .

Observed versus expected analyses are used to detect potential vaccine safety signals. These studies look at all people who received a vaccine and examine if there is a greater risk for developing a medical condition in various time periods after getting a vaccine compared with a period before the vaccine became available.

Lead author Kristýna Faksová of the Department of Epidemiology Research, Statens Serum Institut, Copenhagen, Denmark, remarked that use of a common protocol and aggregation of the data through the GVDN makes studies like this possible. “The size of the population in this study increased the possibility of identifying rare potential vaccine safety signals,” she explains. “Single sites or regions are unlikely to have a large enough population to detect very rare signals.”

By making the data dashboards publicly available, we are able to support greater transparency, and stronger communications to the health sector and public.

Associate Professor Helen Petousis-Harris Co-Director, Global Vaccine Data Network hosted at University of Auckland

GVDN Co-Director Dr Steven Black said, “GVDN supports a coordinated global effort to assess vaccine safety and effectiveness so that vaccine questions can be addressed in a more rapid, efficient, and cost-effective manner. We have a number of studies underway to build upon our understanding of vaccines and how we understand vaccine safety using big data.”

GVDN Co-Director Dr. Helen Petousis-Harris said, “By making the data dashboards publicly available, we are able to support greater transparency, and stronger communications to the health sector and public.”

The GCoVS Project was made possible with support by the Centers for Disease Control and Prevention (CDC) of the U.S. Department of Health and Human Services (HHS) to allow the comparison of the safety of vaccines across diverse global populations.

About the Global Data Vaccine Network

Established in 2019 and with data sourced from millions of individuals across six continents, the GVDN collaborates with renowned research institutions, policy makers, and vaccine related organisations to establish a harmonised and evidence-based approach to vaccine safety and effectiveness.

The GVDN is supported by the Global Coordinating Centre based at Auckland UniServices Ltd, a not-for-profit, stand-alone company that provides support to researchers and is wholly owned by the University of Auckland. Aiming to gain a comprehensive understanding of vaccine safety and effectiveness profiles, the GVDN strives to create a safer immunisation landscape that empowers decision making for the global community. For further information, visit globalvaccinedatanetwork.org.

Disclaimer: This news release summarises the key findings of the GVDN observed versus expected study. To view the full publication in Vaccine, visit doi.org/10.1016/j.vaccine.2024.01.100.

This project is supported by the Centers for Disease Control and Prevention (CDC) of the U.S. Department of Health and Human Services (HHS) as part of a financial assistance award totalling US$10,108,491 with 100 percent funded by CDC/HHS. The contents are those of the author and do not necessarily represent the official views of, nor an endorsement by, CDC/HHS, or the U.S. Government. For more information, please visit cdc.gov

Media enquiries: gvdn@auckland.ac.nz and communications@uniservices.co.nz

  • About the New York Fed
  • Bank Leadership
  • Diversity and Inclusion
  • Communities We Serve
  • Board of Directors
  • Disclosures
  • Ethics and Conflicts of Interest
  • Annual Financial Statements
  • News & Events
  • Advisory Groups
  • Vendor Information
  • Holiday Schedule

At the New York Fed, our mission is to make the U.S. economy stronger and the financial system more stable for all segments of society. We do this by executing monetary policy, providing financial services, supervising banks and conducting research and providing expertise on issues that impact the nation and communities we serve.

New York Innovation Center

Introducing the New York Innovation Center: Delivering a central bank innovation execution

Information Requests

Do you have a request for information and records? Learn how to submit it.

Gold Vault

Learn about the history of the New York Fed and central banking in the United States through articles, speeches, photos and video.

  • Markets & Policy Implementation
  • Reference Rates
  • Effective Federal Funds Rate
  • Overnight Bank Funding Rate
  • Secured Overnight Financing Rate
  • SOFR Averages & Index
  • Broad General Collateral Rate
  • Tri-Party General Collateral Rate
  • Desk Operations
  • Treasury Securities
  • Agency Mortgage-Backed Securities
  • Reverse Repos
  • Securities Lending
  • Central Bank Liquidity Swaps
  • System Open Market Account Holdings
  • Primary Dealer Statistics
  • Historical Transaction Data
  • Monetary Policy Implementation
  • Agency Commercial Mortgage-Backed Securities
  • Agency Debt Securities
  • Repos & Reverse Repos
  • Discount Window
  • Treasury Debt Auctions & Buybacks as Fiscal Agent
  • Foreign Exchange
  • Foreign Reserves Management
  • Central Bank Swap Arrangements
  • Statements & Operating Policies
  • Survey of Primary Dealers
  • Survey of Market Participants
  • Annual Reports
  • Primary Dealers
  • Standing Repo Facility Counterparties
  • Reverse Repo Counterparties
  • Foreign Exchange Counterparties
  • Foreign Reserves Management Counterparties
  • Operational Readiness
  • Central Bank & International Account Services
  • Programs Archive
  • Economic Research
  • Consumer Expectations & Behavior
  • Survey of Consumer Expectations
  • Household Debt & Credit Report
  • Home Price Changes
  • Growth & Inflation
  • Equitable Growth Indicators
  • Multivariate Core Trend Inflation
  • New York Fed DSGE Model
  • New York Fed Staff Nowcast
  • R-star: Natural Rate of Interest
  • Labor Market
  • Labor Market for Recent College Graduates
  • Financial Stability
  • Corporate Bond Market Distress Index
  • Outlook-at-Risk
  • Treasury Term Premia
  • Yield Curve as a Leading Indicator
  • Banking Research Data Sets
  • Quarterly Trends for Consolidated U.S. Banking Organizations
  • Empire State Manufacturing Survey
  • Business Leaders Survey
  • Supplemental Survey Report
  • Regional Employment Trends
  • Early Benchmarked Employment Data
  • Global Economic Indicators
  • Global Supply Chain Pressure Index
  • Staff Economists
  • Visiting Scholars
  • Resident Scholars
  • Liberty Street Economics
  • Staff Reports
  • Economic Policy Review
  • Applied Macroeconomics & Econometrics Center (AMEC)
  • Center for Microeconomic Data (CMD)
  • Economic Indicators Calendar
  • Financial Institution Supervision
  • Regulations
  • Reporting Forms
  • Correspondence
  • Bank Applications
  • Community Reinvestment Act Exams
  • Frauds and Scams

As part of our core mission, we supervise and regulate financial institutions in the Second District. Our primary objective is to maintain a safe and competitive U.S. and global banking system.

The Governance & Culture Reform

The Governance & Culture Reform hub is designed to foster discussion about corporate governance and the reform of culture and behavior in the financial services industry.

Need to file a report with the New York Fed?

Need to file a report with the New York Fed? Here are all of the forms, instructions and other information related to regulatory and statistical reporting in one spot.

Frauds and Scams

The New York Fed works to protect consumers as well as provides information and resources on how to avoid and report specific scams.

  • Financial Services & Infrastructure
  • Services For Financial Institutions
  • Payment Services
  • Payment System Oversight
  • International Services, Seminars & Training
  • Tri-Party Repo Infrastructure Reform
  • Managing Foreign Exchange
  • Money Market Funds
  • Over-The-Counter Derivatives

The Federal Reserve Bank of New York works to promote sound and well-functioning financial systems and markets through its provision of industry and payment services, advancement of infrastructure reform in key markets and training and educational support to international institutions.

Payment Services

The New York Fed provides a wide range of payment services for financial institutions and the U.S. government.

Specialized Courses

The New York Fed offers the Central Banking Seminar and several specialized courses for central bankers and financial supervisors.

Tri-party Infrastructure Reform

The New York Fed has been working with tri-party repo market participants to make changes to improve the resiliency of the market to financial stress.

  • Community Development & Education
  • Household Financial Well-being
  • Fed Communities
  • Fed Listens
  • Fed Small Business
  • Workforce Development
  • Other Community Development Work
  • High School Fed Challenge
  • College Fed Challenge
  • Teacher Professional Development
  • Classroom Visits
  • Museum & Learning Center Visits
  • Educational Comic Books
  • Economist Spotlight Series
  • Lesson Plans and Resources
  • Economic Education Calendar

Our Community Development Strategy

We are connecting emerging solutions with funding in three areas—health, household financial stability, and climate—to improve life for underserved communities. Learn more by reading our strategy.

Economic Inequality & Equitable Growth

The Economic Inequality & Equitable Growth hub is a collection of research, analysis and convenings to help better understand economic inequality.

Government and Culture Reform

New York Fed to Release Case Study on Pension Fund Investments in Affordable Apartments

NEW YORK—The Federal Reserve Bank of New York will release “Alternative Investments in Community Development: A Case Study of Pension Fund Investments in Multifamily Affordable Housing” on February 29, 2024, at 10 AM.

The case study focuses on investment commitments that pension funds surveyed by the New York Fed made in affordable housing for a five-and-a-half-year period ending in June 2023. It details the funds’ plans to invest more in affordable rentals over the next two years, and the proportion of the funds’ overall real estate holdings currently invested in affordable housing. The case study also explores the proportion of the funds’ investments in affordable rentals made through closed-end funds versus open-end funds, a distinction that may play a role in determining whether apartments stay affordable in the future.

The case study was developed as part of the New York Fed's Community Development efforts, which have three areas of focus: health , household financial well-being , and climate risk .


  • Request a Speaker
  • International Seminars & Training
  • Governance & Culture Reform
  • Data Visualization
  • Economic Research Tracker
  • Markets Data APIs
  • Terms of Use

Federal Reserve Bank Seal


  1. Combine principles and objectives by IT governance framework

    case studies for it governance

  2. IT Governance

    case studies for it governance

  3. Combine principles and objectives by IT governance framework

    case studies for it governance

  4. IT Governance: Definitions, Frameworks and Planning

    case studies for it governance

  5. Health IT Governance Case Study

    case studies for it governance

  6. IT Governance, Risk and Compliance

    case studies for it governance


  1. Development of corporate governance in USA

  2. Case Studies

  3. Case Studies

  4. Case Studies

  5. Governance and Technology

  6. #upsc #prelims #discussion #ias


  1. 75+ IT Governance Case Studies

    The "IT Governance Case Studies" category is an insightful resource for CIOs, IT executives, and technology leaders. It offers a curated collection of case studies that showcase real-world examples of successful IT governance implementation.

  2. Case Study: Technology Modernization, Digital Transformation ...

    The Challenge: Assessing the Current State One cannot create a strategy without knowing the current state. The Agency's interim CIO's first step was, therefore, to establish the organization's current state to determine its state of readiness for the required digital transformation.

  3. Case Study

    Suite 500. Boston, Massachusetts 02116. 617-861-0061. [email protected]. Jill Gearhart. Jill Gearhart, Director Client Services, has over 20 years of Account Management experience in technology service areas across IT Consulting & Staffing, Cloud, Datacenter, Networking & Communications.

  4. IT Governance

    VoiceVault Our case studies tell the story of how our expert consultants have helped companies to achieve industry best practice, compliance, and certification. We have helped hundreds of organizations worldwide to comply with the requirements of standards' frameworks - gaining business benefits through this process.

  5. IT Governance, Risk & Compliance

    A... IT Strategy Case Study of a Midwestern Community College The IT department of a multi-location community college located in the US mid-west had become siloed, operating independently from the needs of the organization it... Risk Management Case Study of a Global Chemical Manufacturing Firm

  6. Enhancing IT governance practices: A model and case study of an

    These case studies should also attempt to examine a variety of levels of governance effectiveness. Second, this case study documents a change of landscape of the IT marketplace over the past few years. Today, external partners serve a very active role in many organizations' IT governance arrangements.

  7. Case Study

    Read our fincanical services case study that lends insight into an IT governance project review we recently completed. Learn more about Harvard Partners' IT review and assessment capabilities. ... IT Governance, and Program Management. Prior to Harvard Partners, Matt spent 17 years with Wellington Management Company, LLP. As an Associate ...

  8. What is IT governance? A formal way to align IT & business strategy

    1. What is IT governance? Essentially, IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable...

  9. IT governance to fit your context: two U.S. case studies

    This paper presents case studies of two U.S. states with centralized and federated IT governance structures. Drawing on a research project at the Center for Technology in Government that included ...

  10. COBIT Case Studies

    COBIT Case Studies These testimonials are excerpted from case studies of COBIT. They demonstrate its benefits, common applications and uses. To submit a COBIT case study, email [email protected]. European Network of Transmission System Operators for Electricity (ENTSO-E) 11 April 2016

  11. A Matrixed Approach to Designing IT Governance

    Our study of almost 300 enterprises around the world suggests that IT governance is a mystery to key decision makers at most companies. On average, just one in three senior managers knows how IT is governed at his company. (See "About the Research.") In this case, ignorance is definitely not bliss.

  12. IT Governance Free Downloadable Case Studies

    Consultancy case studies. £10 for your feedback. Apply for a corporate account. Become an IT Governance partner. Speak to a consultancy expert. Free cyber security assessment. Security Testing. Tools. Shop toolkits.

  13. Governance: Articles, Research, & Case Studies on Governance- HBS

    Governance New research on governance from Harvard Business School faculty on issues including governance policy, Boards and other governing institutions and the influence of shareholders and government regulators. Page 1 of 256 Results → 17 Jan 2024 Research & Ideas Are Companies Getting Away with 'Cheap Talk' on Climate Goals? by Tim Gray

  14. Improving the governance of information technology: Insights from the

    Drawing on actor-network theory (ANT) and building on an interpretive case study of rich archival data, this paper examines how the focal actor's (i.e. the U.S. government's) beliefs influence the choice of Internet governance form.

  15. IT Governance

    Lanware Tribal Wirefast BNETS Today Translations Eagle PCI DSS consultancy case studies IT Governance are an approved Qualified Security Assessor (QSA) company which reinforces our range of Payment Card Industry Data Security Standard (PCI DSS) services. Download a case study to see how we have helped organisations with PCI DSS compliance.

  16. The moderating role of information technology governance in the

    The main aim of the current study is to investigate the relationship between governance characteristics, information technology governance, and continuity management during Covid-19 in an emerging ...

  17. IT Governance in Practice: Six Case Studies

    $37.50 Current Special Offers Abstract In order to obtain an understanding on how large organizations implement IT governance in a pragmatic way, six pilot cases were selected from different sectors.

  18. Case Studies

    IT Governance has a strong history of working with organisations in the public sector. The case studies below demonstrate how our consultants have helped organisations meet the NHS's N3 and IG Toolkit requirements. Pervasive Health

  19. Principles For Enterprise AI Governance

    For example, a recent study conducted by some surgeons at Brown University found that popular AI text-to-image generators generated images of surgeons as white males. Similar studies have shown ...

  20. Getting started with gen AI in Operations

    Those that do so will have live case studies from which to learn and on which to build. Then they can apply the resulting knowledge and know-how to refinements in inventory, scheduling, and the use of raw materials. ... Any venture that aims to scale gen AI will involve legal, privacy, and governance issues. Those responsible for addressing ...

  21. Do case studies on how the govt. works, FM tells BITS Pilani students

    "It should be an interesting case study how a 'minimum government and maximum governance' model which we have taken up from 2014 has enabled us to be receptive to public suggestions and met ...

  22. IT Strategy

    A... IT Strategy Case Study of a Midwestern Community College The IT department of a multi-location community college located in the US mid-west had become siloed, operating independently from the needs of the organization it... IT Strategy Case Study of a Large Manufacturing Company

  23. The abortion pill case on its way to the Supreme Court cites a

    That case, which could limit access to mifepristone throughout the country, will soon be heard in the Supreme Court. The now retracted study used Medicaid claims data to track E.R. visits by ...

  24. 99 million people included in largest global vaccine safety study

    The study identified the pre-established safety signals for myocarditis (inflammation of the heart muscle) and pericarditis (inflammation of the thin sac covering the heart) after mRNA vaccines, and Guillain-Barré syndrome (muscle weakness and changed sensation (feeling)), and cerebral venous sinus thrombosis (type of blood clot in the brain ...

  25. Children's Minnesota strategies to improve patient experience featured

    The kid experts at Children's Minnesota are devoted to providing an exceptional care experience for our patients and their families. Two departments' efforts to successfully identify opportunities to enhance the patient family experience were highlighted in a case study by NRC Health, a company that conducts patient experience surveys.. The Infectious Diseases clinic recognized a gap in ...

  26. New York Fed to Release Case Study on Pension Fund Investments in

    The Governance & Culture Reform hub is designed to foster discussion about corporate governance and the reform of culture and behavior in the financial services industry. ... The case study also explores the proportion of the funds' investments in affordable rentals made through closed-end funds versus open-end funds, a distinction that may ...