Purpose -The purpose of this paper is to critically rethink the concepts and the theoretical foundations of IT governance in small and medium-sized enterprises (SMEs).Design/methodology/approach -The paper is based on multiple case studies. Eight cases of outsourced information system projects where failures occurred were selected. An outsourced information system failure (OISF) is suggested as a failure of governance of the IT in a SME environment. A structure for stating propositions derived from two competing theories is proposed (Agency Theory and Theory of Trust).
Findings -The results reveal that trust is slightly more important than control issues like output-based contracts and structured controls in the governance of IT in SMEs.Practical implications -The world of SMEs is significantly different from that of large companies, and therefore, the concept of IT governance in SMEs needs reconsideration. For researchers and practitioners, it would be more meaningful to focus on actual, working SMEs instead of on a version of their activities derived from those of large companies.Originality/value -The paper offers two contributions. First, it elaborates the limited research on IT in SMEs and second, it brings theoretical foundations for their IT governance. The value of IT governance in SMEs is explained.Keywords: small and medium-sized enterprise (SME), IS failures, IT governance, Agency Theory, trust, case study
Paper type: Research paper
RETHINKING IT GOVERNANCE FOR SMES
IntroductionSmall and medium-sized enterprises (SMEs) play a significant role as engines of economic and social development all over the world. Many scholars argue that a small and medium-sized enterprise cannot be seen through the lens of a large firm (Ballantine et al., 1998). Therefore, the limited theories explaining IT (Information Technology) governance in large organizations cannot be linearly extrapolated to SMEs, since we are dealing with a completely different economic, cultural and managerial environment. Notwithstanding the efforts to develop guidelines for governing IT in SMEs, such as the Cobit QuickStart method, the results of applying these frameworks in SMEs are rather disappointing (IT Governance Institute, 2007). Scholars and practitioners are too grounded in their way of thinking, and maintain a simple vision of a SME as a scale model of a large firm (Raymond, 1985). There is also a lack of genuine SME-centred theories that can lead to general inferences about how SMEs should govern their IT. Riemenschneider et al. stated that, "...organizational theories and practices, such as bureaucratic structure and organizational behaviour applicable to large organizations, may not be valid in small ones" (Riemenschneider et al., 2003: 269).
SMEs seldom have a dedicated IT staff or a well-defined and formal IS (Information Systems) function (Adam and O'Doherty, 2000). Due to their small scale, and hence a lack of in house IT skills, SMEs depend more on IT vendors than large companies (Thong, 2001;Thong et al., 1997). Howev...