GENERAL ARTICLES

 

Information technology governance model for a low resource institution with fragmented IT portfolio

 

 

T. Ngqondi^I; H. Mauwa^II

^ISchool of Computing and Mathematical Sciences, University of Mpumalanga, Nelspruit, South Africa, e-mail: thembisa.ngqondi@ump.ac.za / http://orcid.org/0000-0003-3371-3659
^IISchool of Computing and Mathematical Sciences, University of Mpumalanga, Nelspruit, South Africa, e-mail: hope.mauwa@ump.ac.za / http://orcid.org/0000-0003-3475-8859

 

 

---

ABSTRACT

The emergence of information technology governance in higher education has emerged as important for aligning information technology goals with that of institutions in order to achieve the mission and vision of institutions. Even though higher education institutions in South Africa have some form of information technology governance or information technology strategic committee in place, they are still struggling to operationalize their mandate effectively in order to achieve their objectives. The struggle is even more in settings that are low on resources and where the information technology portfolio is highly fragmented. In this article, an information technology governance model suitable for low resource settings and fragmented information technology portfolios is proposed to assist institutions having this type of setting achieve successful strategic information technology alignment. Case study research was used to: 1) understand information technology challenges that an institution with this type of setting faces and; 2) understand how other similar institutions have implemented their information technolgy governance. The findings from the case studies contributed to the development of an effective information technology governance model suited to these institutions with low resource settings and having fragmented information technology portifolios. Initial evaluation of the model using existing literature review, existing information technology governance frameworks and case studies used in the study indicate the validity of the model.

Keywords: IT Governance, strategic alignment, institution of higher learning, low resource, fragmented IT portfolio

---

 

 

INTRODUCTION

The current information technology (IT) landscape has made organisations not only in developed countries but also in developing countries completely dependent on IT for their decision making and effective functioning. The dependence on IT has created a need for unified and effective structures, standards and best-practices that ensure effectiveness in executing business processes using IT. One of the unified processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals is IT governance (ITG). ITG addresses the entire gamut of institutional demands/needs in its objectives as it focuses on a variety of institutional issues such as leadership, customer/client satisfaction, improved quality, lower costs, integrity and accountability (Bianchi and Sousa 2016). In terms of higher education institutions (HEIs), the fusion of ITG strategies with university strategies (mission, vision and objectives) has been identified as an effective vehicle in enabling the institutions of higher learning to deliver acceptable, cost effective, and reliable teaching and learning (Ahlan, Arshad and Ajayi 2014; Flowerday, Johl and Von Solms 2014, 144). Management in higher education (HE) are inclined to ITG with much interest to enhance decision making on complex IT issues affecting university governance and operations. However, there are some considerations emerging as challenges on how to work within an academic culture of inclusiveness and shared decision-making while effectively and efficiently aligning the existing IT structures with the institution (Krueger 2009; Al Qassimi and Rusu 2015). A study by Flowerday, Von Solms and Johl (2013, 627) on ITG process maturity levels in South African public HEIs found that the overall level of ITG process maturity is low and that the current levels of ITG process maturity do not relate to the critical role that IT plays in the HE sector. Literature shows that ITG in public HEIs has been neglected (Flowerday, Johl and Von Solms 2014, 145). Consequently, interventions addressing specific issues are needed in order to ensure that HEIs in South Africa improve their ITG processes. This study seeks to establish an ITG model suited to HEIs with low resource settings and where the IT portfolio is highly fragmented. To develop the model, a study was conducted at one of the institutions having a low resource setting and whose IT portfolio is fragmented to understand its IT challenges. Other case studies were also conducted in other similar institutions but having workable ITG models to learn from them.

Literature tells us a lot about the structures and practices of ITG, but not about governance in settings that are low on resources and where the IT portfolio is highly fragmented. In other words, there is something that the ITG literature has not dealt with enough yet. This study was proposed as part of feeling that gap.

The primary objective of this study was to develop an IGT model suitable for HEIs with low resource setting and having a fragmented IT portfolio. To achieve this primary objective, the following secondary objectives guided the study: 1) to understand common IT challenges that institutions with low resource settings and IT fragmented portfolios face; 2) to examine ITG structures and implementation at institutions having a similar setting and; 3) to find components necessary to develop an ITG model specific to institutions with low resource setting and fragmented IT portfolio.

The article is organised as follows: Section II review the literature on best-practice frameworks to examine the shortfalls; Section III discusses the theoretical approaches used in the study; Section IV describes the study results and analysis; Section V presents the proposed model; Section VI reports on the evalution conducted to validate the proposed model and; Section VII concludes the article.

 

RELATED RESEARCH

ITG best-practice frameworks are the critical control models that can be used to assist an institution in achieving effective ITG. There are several ITG best-practice frameworks on the market that can be used to guide an institution in establishing effective ITG, for example, Control Objectives for Information and Related Technology (COBIT) (ISACA 2012), Information Technology Infrastructure Library (ITIL) (AXELOS 2019), ISO/IEC 38500 (ISO 2015), King Report on Corporate Governance (King Committee on Corporate Governance 2016), just to mention a few. However, these best-practice frameworks are general and do not go into specifics of how they can be implemented. Moreover, most of these frameworks argue that the application of their practices depends on each organization context (Lunardi, Becker and Macada 2009; ISACA 2012), but they do not describe the different contexts and how the practices must be applied given different contexts (Pereira and Da Silva 2012, 1).

Some of the most used and known best-practice frameworks have received critisisms. Simonsson and Johnson (2006) argue about COBIT providing little support on the arrangement of decision rights within an enterprise although it focuses on the processes of organisation of IT within an enterprise and assessing and monitoring its performance (ISACA 2012). Morimoto (2009) explains that COBIT is a collection of good practices and processes for IT governance, which provides effective measures, indicators and activities for an enterprise. However, the author critisises it as too general-purpose, and as such, requires deep expert knowledge for the implementation of each application. Simonsson and Johnson (2006) state that ITIL provides useful best-practice in the field of service management and service delivery, but falls shot on the coverage of strategic impact of IT and the relation between IT and business. Although Pereira and Da Silva (2011, 259) state that ITIL is the most popular best-practice framework for managing Information Technology (IT) services, they argue that ITIL is complex such that its implementation is not only very difficult but there are also no recommendations and guidelines for it. As a result, ITIL implementations are usually long, expensive and risky (Pereira and Da Silva 2011, 259). Xue, Liang and Boulton (2008) and Van Grembergen and De Haes (2005, 35) explain that ITG implementation is influenced by external and internal factors.

However, these best-practice frameworks fail to reveal a clear and concise identification of these factors (Pereira and Da Silva 2012, 3).

The challenges with the best-practice frameworks explained in the praragraphs above influence many organisations to adapt existing frameworks to come up with their own frameworks that suit their specific organisation needs (Broussard and Tero 2007). This is not surprising since most best-practice frameworks state that there is no single IT organizational structure or governance arrangement (Pereira and Da Silva 2012, 3). IT needs to respond to the unique environments within which it exists (Lunardi et al. 2009; ISACA 2012). Since the existing best-practice frameworks do not make any reference to their possible implementation in low resource settings and where the IT portfolio is fragmented and there is no existing literature that talks about this, hence this study to try fill up that gap.

 

THEORETICAL APPROACH

This section captures and describes the philosophical assumption chosen for the study, the research design and methodologies used in the study including the research approach and data collection and analysis methods. The section also discusses the case studies used in this study.

In this study, common philosophical assumptions such as interpretivism, positivism and critical were reviewed and the interpretivism paradigm was identified as the best philosophical assumption underpinning this study because the study adheres to the common set of principles advocated by interpretive research; naturalistic inquiry, researcher as instrument, interpretive analysis, use of expressive language, temporal nature and hermeneutic circle (Wellington and Szczerbinski 2007). The use of the theory as guidance for the design and collection of data has been applied in this research study.

Interpretive approach emphasizes qualitative analysis over quantitative analysis and is based on naturalistic approach of data collection such as interviews and observations (Wellington and Szczerbinski 2007). Qualitative research design was adopted for this research because the study was looking at procedures and how relevant structures of an institution makes sense of its ITG and further suggests how the ITG can be improved.

Creswell (2009) indicates that the qualitative research approach has various strategies of inquiry, including case research, narrative research, ethnographies, etc. These strategies vary according to the nature of the inquiry. Case study research was used in which three cases were explored. Yin (2017) and Baxter and Jack (2008, 544) further highlight that case studies can be classified into different categories such as descriptive, explanatory and exploratory. The explanatory case study was adopted for this research because purposive samples were used to collect data and the research answers mainly the why and how research questions in which explanatory case studies excel.

Data collection is a key activity in the implementation of a research strategy, and must be carefully planned in order to be able to provide the required information. The evidence for this research was gathered by applying different types of data collection methods known as a triangulation approach. Using the relationship between research design and particular data collection methods as demonstrated by De Vaus and De Vaus (2001), interviews, questionnaires, observation, briefing sessions, expert opinion and document analysis were adopted and implemented as data collection methods for this research.

Data analysis involves working to uncover patterns and trends in data sets. According to Onwuegbuzie and Leech (2007, 238), most research questions in qualitative approach studies lead to different classes of data analysis namely within-cases, cross-cases and holistic-case analysis. In this study, within-case and cross-case analysis were employed. Each case was analysed to identify themes of ITG. The themes from within a case were compared across multiple cases in cross-case analysis. Creswell's data analysis process in qualitative research (Creswell 2009), as illustrated in Figure 1, was used during the data analysis process.

 

 

The relationships between the research paradigm and the research methodologies used in this study are illustrated in form of the Research Onion process (Saunders, Lewis and Thornhill 2009) in Figure 2.

 

 

Case study investigation

To develop an effective ITG model suitable for HEIs with low resource settings and having a fragmented IT portfolios, it was important to do a case study of an institution having a more or less similar setting to examine the challenges it faces regarding the governance of its IT systems and infrastructure. Therefore, UNIVERSITY X was chosen because it had a low resource setting and fragmented IT portfolio, originating from the institutions that merged to form the University as a result of the restructuring process that was initiated by the South African government in 2002. UNIVERSITY X was established from the union of three institutions, which were identified as poor in almost every vital aspect that defines the viable and autonomous characteristics of an institution of higher learning. UNIVERSITY X was also chosen based on the challenges that author1 experienced during the time that the author worked there. Note that UNIVERSITY X is a coded name to hide the actual name of the University for the sake of confidentiality.

It was also essential to understand the IT trends and structures that support ITG in other institutions with fragmented IT portfolios such as multi-campus institutions. Therefore, investigations were conducted in one national university and one international university with established ITG frameworks that were functioning effectively in their environment. The University of Groningen (RUG) in the Netherlands and Stellenbosch University (SU) in South African were chosen as the other case studies. Apart from having a highly rated ITG, RUG was chosen because it was working in collaboration with the institution where author1 was working and SU was chosen because it is one of the well-established universities in South Africa in terms of having reliable Information and Communication Technology (ICT) infrastructure (Council for Higher Education 2016).

Profile of UNIVERSITY X

UNIVERSITY X is one of the universities that was established through mergers initiated by the South African government in 2002. UNIVERSITY X consists of five campuses or delivery sites. IT has four faculties and teaching and learning activities for different faculties are spread across different campuses. The distances between satellite campuses and the main campus vary but they are mostly over 100 km.

Profile of RUG

RUG is one of the oldest universities in the Netherlands and is located in the city of Groningen. RUG was founded in 1614 and consists of nine faculties and is recognised as a high-level research university. The distance between campuses and faculties is within a reasonable distance of 30 km apart with approximately 27 700 student enrolment. It is a member of the Excellent Group of the best universities in Europe and rated highly in the Global University rankings (QS World University Rankings 2018). The university collaborates closely with local and international universities. RUG, in collaboration with the other universities, championed a project called Wireless Groningen, which was the first citywide network in the world (Wallege, Poppema, Pijlman and Bruggeman 2009).

Profile of SU

SU is situated in Stellenbosch, South Africa's oldest town after Cape Town. Stellenbosch is located about 50 km from Cape Town. Teaching at SU is divided between the main campus in Stellenbosch, the Tygerberg campus where the Faculty of Health Sciences is situated, the Bellville Park campus where the SU Business School (SUB) is situated, and the Saldanha campus which houses the Faculty of Military Science at the Military Academy of the South African National Defense Force. The distance between these campuses is approximately 40 km apart. SU was founded in 1866 and is one of the top African universities, rated among the top international universities in the world. According to the HEQC Audit Report (Council on Higher Education South Africa 2007), SU ICT was identified as having a robust ICT infrastructure. All major ICT expansion had been coordinated under the umbrella of the e-Campus Initiative. The Leiden Ranking indicates that SU occupies the second world position, which is 361, overall among South African universities (QS World University Rankings 2018).

Data gathering

Overall state of governance of IT systems at UNIVERSITY X was obtained through different data gathering techniques such as observation, document analysis and briefing sessions. The observation was used as the initial tool to identify different challenges regarding the University's IT systems and infrastructure. Having identified IT-related challenges in one campus, where author1 was working, a further observation was extended to the other campuses. Common challenges were identified in all the campuses, which confirmed that IT system challenges were prevalent across all the university campuses.

Five documents were examined; two draft documents from central ICT, two Government Gazette documents by the DHET and one turnaround strategy by the Administrator Technical Team. The documents indicated the then current ICT plan for the University. Leading IT-related challenges at UNIVERSITY X were captured in a draft ICT Strategic Plan 2010-2015, ICT Charter and the Assessor Report. The documents addressing the appointment of the administrator and the turnaround framework were more responsive to the challenges outlined in the other three documents and the observation conducted by author1. The three documents other than the draft ICT Strategic Plan and ICT Charter were generic to all challenges and strategies of the University and did not detail everything on IT-related issues but captured information at a very high level. Briefing sessions with the IT Technical Administrator Expert and the Director of ICT Services were also conducted. The purpose was to elicit more information on IT-related issues at the University and assist in planning a schedule for follow-up interviews with different stakeholders. The Administrator Technical IT Expert and the ICT Director agreed on many IT-related issues during their briefing sessions, even though the sessions were scheduled separately. They both agreed that:

• The University did not have an ITG structure although there was a draft ITG charter that outlined the proposed committees to oversee and manage the ITG of the University, this document had never been implemented since its inception.

• The draft ITG Charter had gaps in structuring ITG.

• The draft ITG charter could not be considered as valid and effective for the University hence the need for the development of a new strategic ITG document as indicated in the turnaround framework document.

The following summurises the IT-related challenges that were identified:

• Campuses had no effective physical computer and software security in their labs and offices, and break-ins occurred frequently.

• The computer software fulfilling the administration, research, teaching and learning mandate in computer labs and offices was outdated.

• The computer hardware was outdated and out of warranty, and in the laboratories where there were new computers, did not function due to a power problem and could not connect to the server.

• Some campus computer laboratories were not connected to the server and computers worked as stand-alone computers.

• Some administration and academic systems in different campuses operated on different legacy servers and systems were therefore not integrated.

• ICT support services were still decentralised and operated according to the legacy universities.

• The ICT Strategy did not have sufficient input from the relevant university stakeholders.

• Some ICT related functions overlapped and were not clearly defined among the responsible departments, creating problems in service delivery.

• Communication in ICT and other departments was a challenge at the University.

• There was a lack of qualified IT staff in the central ICT department.

• The ICT governance document did not cater for stakeholders at the operational level.

In the other two case studies, a purposive sampling technique was used to select the participants based on their roles in their institution's ITG structure. The participants included the Deans of faculties, Directors and Heads of administration, information and communication technology, facilities and library. These also included the different portfolios of ITG forum representatives, senior students and staff members from the ICT support desk. The participants' portfolio names varied from one institution to the other. However, all performed the same tasks. The total number of participants for this study was 30, with 16 from the international university, and 12 from the national university. Table 1 shows the participants' portfolios from the two universities.

 

 

Questionnaires, briefing sessions, document analysis, interviews and observations were used as the data gathering techniques at both universities. A briefing session was developed to capture some answers on the generic IT systems and policy documents of the universities. At RUG, the briefing session was conducted with the IT Director, and at SU, the briefing session was carried out with one director responsible for the ITG issues at the university as well as the IT support manager. These briefing sessions further captured and explained the way IT was structured and defined by different IT committees at the universities. Two main strategic university documents were analysed at RUG, namely the University of Groningen Strategic Plan 2010-2015 and the Multi-Annual Plan ICT 2010-2014. At SU, document analysis was handled differently. In the briefing session at SU, the SU Draft ITG Framework document was presented and used as a basis for carrying out the briefing session. Other three documents sourced from the university website were also analysed; two documents were reports for 2008 and 2012 by the Executive Director of Operations and Finance and the other document was a background summary of the e-campus project. Physical observation of the universities' infrastructures was conducted and the main items that were observed were computer laboratories set-up and access, physical access to buildings, and access to the university network. Interviews at both universities were designed based on the findings from the briefing sessions and document analysis. The findings from the two data gathering techniques assisted author1 who conducted the studies to select a relevant group of people for the interviewing sessions.

 

STUDY RESULTS AND ANALYSIS

To better understand the results, a thematic analysis approach was used, where common themes and meanings were obtained and coded into small chunks (Onwuegbuzie and Leech 2007). The themes were based on the five principles of COBIT 5 (ISACA 2012). Findings of the current state of the ITG at RUG and SU are presented in Table 2.

The findings at RUG highlighted that its ITG framework was well structured, and in practice, it worked well for the university although it was not developed based on international IT best-practices but had been developed from experience. The model had been rated 3 - acceptable (in the rating scale of 1 - ineffective, average - 2, acceptable - 3, effective - 4 and highly effective - 5) by 97 per cent of the participants and rated 4 - effective by 3 per cent of the participants. It had been suggested that this model would work more effectively if the faculties appointed demand managers with an IT qualification, reduce resistance to change by some members of the university, increase the level of awareness and training programmes for the university community and also improve the level of communication within the different units. Though RUG ITG had areas that needed attention for improvement, the findings indicate that it had started very well and could be used as a base for other universities that do not have any ITG structure at all.

The ITG Framework at SU was rated between 3 and 4 by 100 per cent of the participants in the rating scale of 1 - ineffective, average - 2, acceptable - 3, effective - 4 and highly effective - 5. The ITG Framework at SU was confirmed to be effective though it had been recently reviewed as new to the university community. Since the framework was defined as new, findings indicated that it had not yet been effectively communicated to the whole university community. Some of the fora had failed to convene, and some needed attention because these were large and could not function effectively. Despite the limitation of the framework, the interviewed candidates recognised it as useful and that good ITG practices at the university had been established. Communication had been identified as a significant challenge at SU, especially at the operational level. ICT users within the university tended to ignore messages and generally, they could not respond to requests when an input was sourced from them. The other challenge at the operational level was the inconsistency in establishing ITG fora that defined the academic needs in different faculties.

Comparison of ITG areas of interest

To summarise and understand the findings of the studies at the universities, critical components of ITG areas of interest were identified from the findings. These comprised the basis of comparison between the studied universities to highlight where their ITG structures were strong and weak. The comparison of the critical components of the universities' ITG structures is shown in Table 3.

The critical components of the ITG structures identified informed the main ITG goals that were useful in developing the proposed ITG model. Each of the goals was checked for availability and usability at each of the universities. As seen from the table, the findings at SU and RUG present many similarities in their IT structural arrangement such as the IT department organogram, IT committees and the commitment of the universities stakeholders from various levels.

Findings explained in this section were necessary for the development of the proposed ITG Model for institutions with low resource settings and fragmented IT portfolios such as UNIVERSITY X. Several ideas and IT benefits that were noted at SU and RUG were used to develop the proposed ITG model.

 

PROPOSED ITG MODEL

A generic idea for the proposed ITG model process is shown in Figure 3. It encompasses current IT structure at a representative low resource institution, findings from the other two case studies and future ICT changes.

 

 

 

 

The proposed ITG model needs to address the challenges highlighted in Figure 5. The primary goals of the ITG model were framed around addressing these challenges, and are listed as follows:

 

 

• To align an institution's direction with its strategic plan and its business priorities;

• To create a snapshot of ICT systems and services on campus that is efficient, meaningful, effective and innovative, and;

• To share awareness of the decision-making process that determines where ICT resources are applied.

These goals would be accomplished by fostering a dynamic and direct partnership between an institution and its surrounding community, ensuring comprehensive and integrated ICT oversight and providing oversight led by senior-level members of the institution community who are responsible for and directly accountable to their respective units or departments.

Using the goals of the ITG model as guidelines, an ITG model that was informed by various IT best-practices, standards and inputs from the benchmarked universities was proposed in Figure 4. In the figure, UNIVERSITY X represents any low resource institution with IT fragmented portfolio and also in Figure 5. The ITG model shows the areas that were addressed within the ICT structure. Various functionalities that were included in the model identified the critical areas that ITG addresses. The model shows that all the functionality interacts with an institution's ICT Forum and that there is a bilateral communication between all functionality and an institution's ICT forum. The model was modified to illustrate an advanced and more specific version of the ITG model, which is shown in Figure 5. The proposed ITG model version two in Figure 5 shows that the external forces and ICT trends determine the ICT awareness campaigns.

These awareness campaigns are run by the ICT awareness team in collaboration with ICT special committee and the presence of an ICT strategy advisory forum. In addition, there is a committee responsible for the sourcing and procurement of ICT resources represented by the ICT administration, planning and budgeting team, which works closely with the ICT projects advisory team. The departments, academic and administration, and faculty board advisers are also proposed and these are responsible for communicating their special ICT needs and for ensuring that the ICT committees receive the necessary university support. The ICT campus coordinators are also identified to present and communicate the ICT special needs for different campuses. The ICT steering committee is central to almost all the ICT committees at the university. Its primary role is to advise and communicate with each committee's needs to the executive management of the university. The special ICT committee handles all the technical ICT issues for further recommendations.

 

SUMMARY OF MODEL EVALUATION REPORT

The validity of the model was evaluated through different types of evaluation such as expert evaluation, evaluation through literature review and benchmarking. The expert input was carried out after the first draft of the model was developed. The experts were sourced from UNIVERSITY X since by the time of the study, a team of experts were deployed to assist the University to improve its operations. The model was measured against the experts input and the documents addressing the University IT systems challenges. Findings from the other case studies and best IT standards and models were also engaged to test the validity of the model.

As much as the findings of the model evaluation indicated that the final conclusion of adopting this model will require the implementation of the model to test its strengths and weaknesses, the findings such as those of Fernandez and Llorens (2009) highlighted that more than 65 per cent of the framework captured the strengths of the model.

 

CONCLUSION

This article examined the best-practice frameworks for ITG implementation and noted that they talk about structures and practices of ITG in general; they do not describe the different contexts and how the practices must be applied. Since the existing best-practice frameworks do not make any reference to their possible implementation in different settings and there is no existing literature that talks about ITG implementation in low resource settings and where the IT portfolio is fragmented, an ITG model suitable for HEIs with this type of setting was proposed to assist them to achieve successful strategic information technology alignment. Case study research was used to understand information technology challenges that an institution with this type of setting faces and to understand how other similar institutions have implemented their ITG models. The findings from the case studies contributed to the development of an effective ITG model, informed by the best national and international ITG practices. The model can be used as guiding tool in establishing new ITG structures and also modify and improve the existing ITG structure of HEIs having low resources and fragmented IT portfolios.

 

REFERENCES

Ahlan, A. R., Y. Arshad and B. A. Ajayi. 2014. IT governance in a Malaysian public Institute of higher learning and intelligent decision making support system solution. In Engineering and management of IT-based service systems, 19-33. Springer, Berlin, Heidelberg.         [ Links ]

Al Qassimi, N. and L. Rusu. 2015. IT governance in a public organization in a developing country: A case study of a governmental organization. Procedia Computer Science 64: 450-456.         [ Links ]

AXELOS. 2019. Welcome to ITIL 4. https://www.axelos.com/itil-update (Accessed 13 March 2019).         [ Links ]

Baxter, P. and S. Jack. 2008. Qualitative case study methodology: Study design and implementation for novice researchers. The Qualitative Report 13(4): 544-559.         [ Links ]

Bianchi, I. S. and R. D. Sousa. 2016. IT Governance mechanisms in higher education. Procedia Computer Science 100: 941-946.         [ Links ]

Broussard, F. W. and V. Tero. 2007. Configuration and change management for IT compliance and risk management: The tripwire approach. White Paper. IDC.         [ Links ]

Council on Higher Education South Africa. 2007. HEQC Institutional Audit Manual. http://www.che.ac.za/mediaandpublications/accreditation-and-national-reviews/heqc-institutional-audits-manual-2007 (Accessed 12 August 2014).         [ Links ]

Council for Higher Education (CHE). 2016. South African Higher Education Reviewed Two decades of democracy. http://www.che.ac.za/media-and-publications/monitoring-and-evaluation/south-African-higher-education-reviewed-two-decad-0 (Accessed 12 August 2014).         [ Links ]

Creswell, J. W. 2009. Research designs: Qualitative, quantitative, and mixed methods approaches. Callifornia: Sage.         [ Links ]

De Vaus, D. A. and D. de Vaus. 2001. Research design in social research. Sage.         [ Links ]

Fernandez, A. and F. Llorens. 2009. An IT governance framework for universities in Spain. In Proceedings of the EUNIS 2009 Conference, 1-13.         [ Links ]

Flowerday, S., R. Von Solms and C. Johl. 2013. Information technology governance process maturity in Higher Education Institutions in South Africa. South African Journal of Higher Education 27(3): 627-644.         [ Links ]

Flowerday, S., C. Johl and R. Von Solms. 2014. IT governance in the context of HE governance in South Africa. South African Journal of Higher Education 28(1): 128-148.         [ Links ]

ISACA. 2012. COBIT 5: A business framework for the governance and management of enterprise IT. Isaca.         [ Links ]

ISO. 2015. ISO/IEC 38500:2015 Information Technology - Governance of IT for the organization. https://www.iso.org/standard/62816.html (Accessed 17 August 2018).         [ Links ]

King Committee on Corporate Governance and M. E. King. 2016. King IV Report on Corporate Governance for South Africa 2016. Institute of Directors in Southern Africa.         [ Links ]

Krueger, D. A. 2009. Decentralized IT governance and policy in higher education. Research Bulletin 2009(5).         [ Links ]

Lunardi, G. L., J. L. Becker and A. C. G. Maçada. 2009. The financial impact of IT governance mechanisms' adoption: An empirical analysis with Brazilian firms. In 2009 42nd Hawaii International Conference on System Sciences, 1-10. IEEE.         [ Links ]

Morimoto, S. 2009. Application of COBIT to security management in information systems development. In 2009 Fourth International Conference on Frontier of Computer Science and Technology, 625-630. IEEE.         [ Links ]

Onwuegbuzie, A. J. and N. L. Leech. 2007. Sampling designs in qualitative research: Making the sampling process more public. The Qualitative Report 12(2): 238-254.         [ Links ]

Pereira, R. and M. M. da Silva. 2011. A maturity model for implementing ITIL V3 in practice. In 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops, 259268. IEEE.         [ Links ]

Pereira, R. and M. M. da Silva. 2012. IT governance implementation: The determinant factors. Communications of the IBIMA, 1-3.         [ Links ]

QS World University Rankings. 2018. Who rules?. https://www.topuniversities.com/university-rankings/world-university-rankings/2018 (Accessed 18 November 2018).         [ Links ]

Saunders, M., P. Lewis and A. Thornhill. 2009. Research methods for business students. Pearson education.         [ Links ]

Simonsson, M. and P. Johnson. 2006. Defining IT governance - a consolidation of literature. In The 18th conference on advanced information systems engineering (Vol. 6).         [ Links ]

Van Grembergen, W. and S. De Haes. 2005. Measuring and improving IT governance through the balanced scorecard. Information Systems Control Journal 2(1): 35-42.         [ Links ]

Wallege, J., S. Poppema, H. Pijlman and L. Bruggeman. 2009. The Groningen Agreement 2.0: Investing together in knowledge and innovation. Groningen, North Western Europe.         [ Links ]

Wellington, J. and M. Szczerbinski. 2007. Research methods for the social sciences. AandC Black.         [ Links ]

Xue, Y., H. Liang and W. R. Boulton. 2008. Information technology governance in information technology investment decision processes: The impact of investment characteristics, external environment, and internal context. Mis Quarterly, 67-96.         [ Links ]

Yin, R. K. 2017. Case study research and applications: Design and methods. Sage publications.         [ Links ]