Rethinking IT governance for SMEs
| Pages | 206-223 |
| Published date | 09 March 2012 |
| DOI | https://doi.org/10.1108/02635571211204263 |
| Date | 09 March 2012 |
| Author | Jan Devos,Hendrik Van Landeghem,Dirk Deschoolmeester |
| Subject Matter | Economics,Information & knowledge management,Management science & operations |
Rethinking IT governance
for SMEs
Jan Devos
ELIT Lab, University College West Flanders,
Ghent University Association, Kortrijk, Belgium
Hendrik Van Landeghem
Department of Industrial Management, Faculty of Engineering,
Ghent University, Zwijnaarde, Belgium, and
Dirk Deschoolmeester
Management and Information Systems,
Vlerick Leuven Gent Management School, Gent, Belgium
Abstract
Purpose – The purpose of this paper is to critically rethink the concepts and the theoretical
foundations of IT governance in small- and medium-sized enterprises (SMEs).
Design/methodology/approach – The paper is based on multiple case studies. In total, eight cases
of outsourced information system projects where failures occurred were selected. An outsourced
information system failure (OISF) is suggested as a failure of governance of the IT in a SME
environment. A structure for stating propositions derived from two competing theories is proposed
(Agency Theory and Theory of Trust).
Findings – The results reveal that trust is slightly more important than control issues such as
output-based contracts and structured controls in the governance of IT in SMEs.
Practical implications – The world of SMEs is significantly different from that of large companies,
and therefore, the concept of IT governance in SMEs needs reconsideration. For researchers and
practitioners, it would be more meaningful to focus on actual, working SMEs instead of on a version of
their activities derived from those of large companies.
Originality/value – The paper offers two contributions. First, it elaborates the limited research on
IT in SMEs and second, it brings theoretical foundations for their IT governance. The value of IT
governance in SMEs is explained.
Keywords Smallto medium-sized enterprises,Informationtechnology, Informationsystems, IS failures,
IT governance, Agencytheory, Trust
Paper type Research paper
Introduction
Small- and medium-sized enterprises (SMEs) play a significant role as engines of
economic and social development all over the world. Many scholars argue that a SME
cannot be seen through the lens of a large firm (Ballantine et al., 1998). Therefore, the
limited theories explaining information technology (IT) governance in large
organizations cannot be linearly extrapolated to SMEs, since we are dealing with a
completely different economic, cultural and managerial environment. Notwithstanding
the efforts to develop guidelines for governing IT in SMEs, such as the Cobit
QuickStart method, the results of applying these frameworks in SMEs are rather
disappointing (IT Governance Institute, 2007). Scholars and practitioners are too
grounded in their way of thinking, and maintain a simple vision of a SME as a scale
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0263-5577.htm
IMDS
112,2
206
Received 13 May 2011
Revised 17 August 2011
Accepted 18 August 2011
Industrial Management & Data
Systems
Vol. 112 No. 2, 2012
pp. 206-223
qEmerald Group Publishing Limited
0263-5577
DOI 10.1108/02635571211204263
model of a large firm (Raymond, 1985). There is also a lack of genuine SME-centred
theories that can lead to general inferences about how SMEs should govern their IT.
Riemenschneider et al. stated that, “[...] organizational theories and practices, such as
bureaucratic structure and organizational behaviour applicable to large organizations,
may not be valid in small ones” (Riemenschneider et al., 2003, p. 269).
SMEs seldom have a dedicated IT staff or a well-defined and formal information
systems (IS) function (Adam and O’Doherty, 2000). Owing to their small scale, and
hence a lack of in house IT skills, SMEs depend more on IT vendors than large
companies (Thong, 2001; Thong et al., 1997). However, outsourcing is not without risks
or problems. From a managerial point of view, we associate risk in IT outsourcing with
negative outcomes. One risk scenario that is of special interest for this research is the
occurrence of IS failures. IS failures can lead to disputes, which can be classified as
litigation and non-litigation. The focus of this work is the constructs of trust and
control in relation to outsourced IS projects in SME environments. This paper is based
upon on-going research on IT governance in SMEs and reports on some recent findings
based on a positivistic research strategy of multiple case studies, as well as on
investigation of IS failures in an outsourced SME environment.
In the following sections, we first provide overviews of the specific relationships
between SMEs and IT, outsourced information system failures (OISFs) and IT
governance. We elaborate on the theoretical foundations of trust and control in the fourth
section. The fifth section details the research methodology and design, and includes the
results of our testing of the propositions by the multiple case studies, our empirical
observations and a discussion of our findings. Finally, our conclusions are stated in the
sixth section, including the implications of our findings for future research and practice.
SMEs and IT
Research and literature have highlighted the problems of defining SMEs. Companies
differ in size, location, ownership structure, financial performance, maturity
and management style. It would be ideal to clearly define a SME before starting any
research on them, but this is not straightforward. There are many characteristics that
identify a SME besides size. The European Commission (2003) took an init iative to
define a SME in terms of microeconomic characteristics such as turnover (not exceeding
e50 million), annual balance sheet total (not exceeding e43 million) and headcount (fewer
than 250 persons).
In this research, we focus on SMEs with a headcount less than 200 employees,
family-owned businesses that are managed by family members, with a turnover less
than e20 million, mainly operating in a domestic market and having no IT department.
Although this group of SMEs is still very heterogeneous, many similarities in
implementing an IT project can be observed for this group.
Existing research on IT and SMEs is fragmented in terms of findings and conceptual
approaches (Harrison et al., 1997; Premkumar, 2003). However, we focus here on two
major findings: the role of the CEO as the principal decision maker in SMEs (Cragg, 2008;
Lefebvre et al., 1997; Thong et al., 1997), and the dependency of SMEs on external IT
expertise (Thong, 2001; Thong et al., 1997). Thong has shown that both findings are
related. “The results show that the most effective IS implementation environment is one
in which both top management support and external IS experts work as a team”
(Thong et al., 1997, p. 253). CEO-centric decision making suggests that SMEs require less
Rethinking IT
governance for
SMEs
207
To continue reading
Request your trial