Refine
Document Type
- Conference Proceeding (11)
- Article (4)
Language
- English (15) (remove)
Has Fulltext
- no (15)
Keywords
- Application Integration (1)
- Challenges (1)
- DSR (2)
- Decision Framework (1)
- Digitalization (1)
- ERP systems (1)
- End-user computing (1)
- Enterprise architecture (1)
- Enterprise systems (1)
- Expert interviews (1)
Institute
Business units are increasingly able to fuel the transformation that digitalization demands of organizations. Thereby, they can implement Shadow IT (SIT) without involving a central IT department to create flexible and innovative solutions. Self-reinforcing effects lead to an intertwinement of SIT with the organization. As a result, high complexities, redundancies, and sometimes even lock-ins occur. IT Integration suggests itself to meet these challenges. However, it can also eliminate the benefits that SIT presents. To help organizations in this area of conflict, we are conducting a literature review including a systematic search and an analysis from a systemic viewpoint using path dependency and switching costs. Our resulting conceptual framework for SIT integration drawbacks classifies the drawbacks into three dimensions. The first dimension consists of switching costs that account for the financial, procedural, and emotional drawbacks and the drawbacks from a loss of SIT benefits. The second dimension includes organizational, technical, and level-spanning criteria. The third dimension classifies the drawbacks into the global level, the local level, and the interaction between them. We contribute to the scientific discussion by introducing a systemic viewpoint to the research on shadow IT. Practitioners can use the presented criteria to collect evidence to reach an IT integration decision.
Organizations deploy a plethora of information technology (IT) systems. Various types of enterprise systems (ES) may coexist with the shadow IT systems (SITS) implemented by individual business units without the involvement of the IT department. The associated redundancy of SITS and ES suggests their integration. After integration, however, organization may find it challenging to retain the flexibility and innovation that the development of SITS offers the business. In this study, we conduct a literature review on IT systems integration. This review and the specific characteristics of SITS then serve to define SITS integration, derive guidelines for the integration decision, the phases preceding and following integration, and the integration process itself. SITS and ES integration can profit from existing knowledge of integration benefits, costs, and of the available technologies. Our study offers IT decision makers an insight into the specifics of SITS integration, and provides a basis for future SITS research.
Shadow information technology systems (SITS) coexist with formal enterprise systems in organisations. SITS pose risks but also increase flexibility of business units. Practice shows that SITS emerge, despite that Enterprise Architecture Management (EAM) aims at controling all IT systems in an organization. Studies acknowledge this problem in general. However, they neither show the specific influencing areas of SITS nor provide approaches to address them. To close this gap, we use a literature review to analyse examples of practical SITS and their interference with EAM concerns. Thus, we find that they hinder especially transparency, reduction of EA complexity and governance. Research has focused on achieving transparency, governing the evolution of the EA but lacks strategies for reducing complexity. This study contributes to research and practice by uncovering the main influencing areas of SITS on EAM, as well as by laying a foundation for future research on this topic.
Business units are increasingly able to fuel the transformation that digitalization demands of organizations. Thereby, they implement Shadow IT (SIT) to create flexible and innovative solutions. However, the individual implementation of SIT leads to high complexities and redundancies. Integration suggests itself to meet these challenges but can also eliminate the described benefits. In this emergent research, we develop propositions for a conceptual decision framework, that balances the benefits and drawbacks of an integration of SIT using a literature review as well as a multiple-case study. We thereby integrate the perspective of the overall organization as well as the specific business unit. We then pose six propositions regarding SIT integration that will serve to evaluate our conceptual framework in future research.
ERP systems integrate a major part of all business processes and organizations include them in their IT service management. Besides these formal systems, there are additional systems that are rather stand-alone and not included in the IT management tasks. These so-called ‘shadow systems’ also support business processes but hinder a high enterprise integration. Shadow systems appear during their explicit detection or during software maintenance projects such as enhancements or release changes of enterprise systems. Organizations then have to decide if and to what extent they integrate the identified shadow systems into their ERP systems. For this decision, organizations have to compare the capabilities of each identified shadow system with their ERP systems. Based on multiple-case studies, we provide a dependency approach to enable their comparison. We derive categories for different stages of the dependency and base insights into integration possibilities on these stages. Our results show that 64% of the shadow systems in our case studies are related to ERP systems. This means that they share parts or all of their data and/or functionality with the ERP system. Our research contributes to the field of integration as well as to the discussion about shadow systems.
The IT unit is not the only provider of information technology (IT) used in business processes. Aiming for increased performance, many business workgroups autonomously implement IT resources not covered by their organizational IT service management. This is called shadow IT. Risks and inefficiencies associated with this phenomenon challenge organizations. Organizations need to decide how to deal with identified shadow IT and if the business or the IT unit should be responsible for corresponding tasks and components. This study proposes design principles for a method to control identified shadow IT following action design research in four organizational settings. The procedure results in an allocation of IT task responsibilities between the business workgroups and the IT unit following risk considerations and transaction cost economics, leading to an IT service governance. This contributes to governance research regarding adaptive and efficient arrangements with reduced risks for business-located IT activities.
Research on Shadow IT is facing a conceptual dilemma in cases where previously “covert” systems developed by business entities are integrated in the organizational IT management. These systems become visible, are thus not “in the shadows” anymore, and subsequently do not fit to existing definitions of Shadow IT. Practice shows that some information systems share characteristics of Shadow IT but are created openly in alignment with the IT organization. This paper proposes the term “Business-managed IT” to describe “overt” information systems developed or managed by business entities and distinguishes it from Shadow IT by illustrating case vignettes. Accordingly, our contribution is to suggest a concept and its delineation against other concepts. In this way, IS researchers interested in IT originated from or maintained by business entities can construct theories with a wider scope of application that are at the same time more specific to practical problems. In addition, the terminology allows to value potentially innovative developments by business entities more adequately.
Shadow IT risk
(2015)
The digital transformation of business processes and the integration of IT systems leads to opportunities and risks for small and medium-sized enterprises (SMEs). Risks that can result in a lack of IT Governance, Risk and Compliance (IT-GRC). The purpose of this paper is to present the current state of the research project. With this, the Design Science Research approach based on Hevner is using. Based on the phase of Problem Identification and Objectives, this paper will deal with the development of an artefact and thus present the draft of the Design phase. The artefact will be developed by selecting relevant existing frameworks and standards and the identification of SME-specific conditions.
In several organizations, business workgroups autonomously implement information technology (IT) outside the purview of the IT department. Shadow IT, evolving as a type of workaround from nontransparent and unapproved end-user computing (EUC), is a term used to refer to this phenomenon, which challenges norms relative to IT controllability. This report describes shadow IT based on case studies of three companies and investigates its management. In 62% of cases, companies decided to reengineer detected instances or reallocate related subtasks to their IT department. Considerations of risks and transaction cost economics with regard to specificity, uncertainty, and scope explain these actions and the resulting coordination of IT responsibilities between the business workgroups and IT departments. This turns shadow IT into controlled business-managed IT activities and enhances EUC management. The results contribute to the governance of IT task responsibilities and provide a way to formalize the role of workarounds in business workgroups.
An IT-GRC approach in SME
(2022)
The digital transformation of business processes and the integration of IT systems leads to opportunities and risks for small and medium-sized enterprises (SMEs). Risks that can result in a lack of IT compliance. The purpose of this research-in-progress paper is to present the current state of a IT-Governance-Risk-Compliance (IT-GRC) research-project. First, the results of an already conducted literature research will be discussed, combined with qualitative interviews (expert survey) of persons close to IT compliance. In the context of this paper, a first design approach will be developed by selecting relevant existing frameworks and standards and the identification of SME-specific conditions. The first design is intended to contribute a further artefact conception of tailoring approaches and standards and the creation of a guidance.
Low-Code Development Platforms (LCDPs) enable non-information technology (IT) personnel to develop applications and workflows independently of the IT department. Consequently, these digital platforms help to overcome the growing need for software development. However, science and practice warn of several barriers that slow down or hinder the usage of LCDPs. This publication scientifically identifies, analyzes, and discusses challenges during implementation and application of LCDPs from both perspectives in a holistic manner. Therefore, we conduct an exploratory study (data from scientific literature, expert interviews, and practical studies) and assign the challenges to the socio-technical system model. The results show that the scientific and practical communities recognize common challenges (especially knowledge transfer) but also perceive differences related to technological (science) and social (practice) aspects. This paper proposes future research directions for academia, such as governance, culture change, and value evaluation of LCDPs. Additionally, practitioners can prepare for possible challenges when using LCPDs.
Market research institutes forecast a growing relevance of Low-Code Development Platforms (LCDPs) for organizations. Moreover, the rising number of scientific publications in recent years shows the increasing interest of the academic community. However, an overview of current research focuses and fruitful future research topics is missing. This paper conducts a first scientific literature review on LCDPs to close this gap. The socio-technical system (STS) model, which categorizes information systems into a social and a technical system, serves to analyze the identified 32 publications. Most of current research focuses on the technical system (technology or task). In contrast, only three publications explicitly target the social system (structure or people). Hence, this paper enables future research to address the identified research gaps. Additionally, practitioners gain awareness of technical and social aspects involved in the development, implementation, and application of LCDPs.
Nowadays, information technology (IT) is a strategic asset for organizations. As a result, the IT costs are rising and there is a need for transparency about their root causes. Cost drivers as an instrument in IT cost management enable a better transparency and understanding of costs. However, there is a lack of IT cost driver research with a focus on the strategic position of IT within organizations. The goal of this paper is to develop a comprehensive overview of strategic drivers of IT costs. The Delphi study leads to the identification and validation of 17 strategic drivers. Hence, this paper builds a base for cost driver analysis and contributes to a better understanding of the causes of costs. It facilitates future research regarding cost behavior and the business value of IT. Additionally, practitioners gain awareness of levers to influence IT costs and consequences of managerial decisions on their IT spend.
Research on Shadow IT is facing a conceptual dilemma in cases where previously "covert" systems developed by business entities (individual users, business workgroups, or business units) are integrated in the organizational IT management. These systems become visible, are therefore not "in the shadows" anymore, and subsequently do not fit to existing definitions of Shadow IT. Practice shows that some information systems share characteristics of Shadow IT, but are created openly in alignment with the IT department. This paper therefore proposes the term "Business-managed IT" to describe "overt" information systems developed or managed by business entities. We distinguish Business-managed IT from Shadow IT by illustrating case vignettes. Accordingly, our contribution is to suggest a concept and its delineation against other concepts. In this way, IS researchers interested in IT originated from or maintained by business entities can construct theories with a wider scope of application that are at the same time more specific to practical problems. In addition, value-laden terminology is complemented by a vocabulary that values potentially innovative developments by business entities more adequately. From a practical point of view, the distinction can be used to discuss the distribution of task responsibilities for information systems.