Information Technology Governance: Lessons Learned from The Covid-19 Crisis
Manal Ahdadou1*, Abdellah Aajly1*, Mohamed Tahrouch1*
1 ENCG of Tangier, Abdelmalek Essaâdi University, Tangier, Morocco
*Corresponding Author: [email protected], [email protected], [email protected]
Accepted: 15 February 2022 | Published: 1 March 2022
DOI:https://doi.org/10.55057/ijbtm.2022.4.1.1
__________________________________________________________________________________________
Abstract: IT governance focuses on how to align Information Technology with the organization's goals and strategy so that the organization can deliver value from IT. During the Covid-19 crisis, many lessons and insights for ITG have come to light. As the new reality imposed by the ongoing pandemic forced businesses to continuously adopt new technologies, it has also highlighted their need for a stronger IT Governance framework to face the uncertainties and the risks that go hand in hand with IT. This paper aims to reflect on Covid- 19 implications for IT Governance. Lessons learned from this crisis can help us envision and adopt an improved Information Technology Governance approach that is even more resilient to deal with future disruptions.
Keywords: Information Technology, IT Governance, Covid-19, board of directors
___________________________________________________________________________
1. Introduction
The Covid-19 crisis has put technology in the spotlight. As the whole world was in quarantine, virtual meetings replaced office meetings, employees had to remote work, and devices were used to track the cases of Covid-19. All of this wouldn’t have been possible if governments, individuals, services, and businesses hadn’t correctly weighted information technologies.
Businesses have become extremely dependent upon information technology; hence, much heed was paid to IT Governance. IT governance is an element of corporate governance that can be briefly defined as the set of processes and structures that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.
Nevertheless, as technologies have become predominant for all organizations, they have also appeared to be a double-edged sword: competitive advantage and a key to survival, and a risk to manage as cyberattacks have continued to cost businesses more than ever. Hence, the need for a more resilient IT governance framework to adapt to the evolving strategic environment and manage IT-related risk has become unquestionable. We can safely say that the ongoing Covid-19 crisis has had its fair share in pointing out ITG “rooms for improvement”.
The paper is presented in two sections; the first section is an overview of IT Governance and its importance whereas the second section highlights the Covid-19 crisis implications for IT Governance.
2. IT Governance: An Overview
2.1. Definition of IT Governance:
IT Governance is an integral element of corporate governance and is of critical importance for all organizations in this digital era. The heightened interest in IT governance is largely driven by the recognition that enterprises have become increasingly dependent upon information technology (Beachboard et al., 2010, p:78). However, many definitions can be retained on the matter:
- Weill and Ross (2004, p:2) define IT Governance as “specifying the decision rights and accountability framework to encourage desirable behavior in using IT”.
- According to the Institute of Internal Auditors [IIA] (2010, p:5), "IT governance is a sub- discipline of organizational governance consisting of the leadership, organizational structures, policies, and processes that ensure that the enterprise’s information technology supports the organization’s strategies and objectives."
- From De Haes and Van Grembergen’s (2015, p: 2) perspective: “Enterprise governance of IT is an integral part of corporate governance exercised by the board and addresses the definition and implementation of processes, structures, and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments”.
These definitions are somewhat similar since they incorporate the fundamental principles of IT Governance:
- IT Governance is an integral part of corporate governance.
- IT Governance aims to align IT with the organization's goals and strategy.
- IT Governance is the responsibility of the leadership including the board of directors and executive management.
- IT Governance consists of a mix of structures, processes, and relational mechanisms.
2.2. Assessing the need for Information Technology Governance:
As aforementioned the more organizations become dependent upon IT, the more importance is accorded to IT Governance. With this pervasive dependence on IT, ITG is no longer an option for organizations, it is a necessity. With the continuously growing investments in technologies, organizations can no longer afford to have a weak IT governance framework. Without a robust IT governance framework, these IT investments can reduce business value and can decrease organization’s performance (Turel at al., 2017)
2.2.1. IT Governance and risk management:
Block et al (2012) stated that the top IT Management issue organizations face is Cyber- security/Privacy. These threats can cause financial losses, an increase in costs, decreasing in a firm's performance, and legal sanctions. IT Governance focuses on maintaining all the necessary controls over an enterprise’s IT on a regulatory and contractual level (Beachboard et al., 2010) for the enterprise to be able to minimize such risks and if occurred, minimize the consequences on both the financial and the legal level. IT Governance ensures that efficient practices to minimize IT-related risks are in place. In 2002, Young and Jordan (2002) have proposed an IT governance framework that communicates risks from the operational level to every other level through all decision-makers, including the corporate governance body (the board of directors) and beyond. Today, risk management and control are indivisible elements of IT Governance (Beachboard et al., 2010). Risk management and value delivery are
incorporated in the different Enterprise Governance of IT frameworks such as COBIT and ITIL, just to name the most common ones.
2.2.2. IT Governance and strategic alignment:
After cyber-security, the top IT Management issue organizations linked to IT failures is the misalignment of IT with the business strategy (Barrera et al, 2018; Kappelman et al., 2018;
Society for Information Management [SIM], 2019; SIM, 2020).
Aligning IT with the business strategy has become critical for companies. The Strategic Alignment Model was used to achieve this alignment (Luftman, 2015; Sibanda & Ramrathan, 2017). Nevertheless, the rapid and continuous growth of technology has made the model irrelevant for the digital era, as it is considered out of date and not flexible enough, if not too rigid, for today’s dynamic market (Sibanda & Ramrathan, 2017). At this point, much heed is paid to IT Governance as the ultimate solution since Information Technology Governance's focus is centered on enabling the organization to align its IT investments with its strategy and goals and hence deliver value from IT. IT governance ensures that IT supports the overall organization’s strategy as well as its ability to exploit opportunities and maximize benefits.
ITGI (2005a) listed 4 focused interrelated areas of ITG: Risk Management, Performance Measurement, IT Strategic Alignment, and IT Value Delivery. The difference between Strategic alignment and IT value delivery is that the former is the driver whereas the latter is the outcome; when ensuring IT/Business alignment, the ITG framework enables IT Value delivery. The strategic alignment focuses on harmony between IT and strategic objectives, which results in optimizing expenses and in proving the value of IT. (Abu-Musa, 2007)
2.2.3. IT Governance and compliance:
An organization is expected to show compliance with laws, regulations, international standards, and industry rules. Information Technology isn’t exempt from these controlling frameworks, as IT is expected to provide security for users and to meet regulatory and contractual requirements; industry regulations, government policies, security frameworks, clients and customers contractual terms to mention a few.
Effective IT governance ensures compliance. It improves the ingenuity of all company people in using Information Technology all while ensuring compliance (Weill & Woodham, 2002).
Abu-Musa (2007) linked a successful ITG framework to a “compliant information delivery”
stating that ITG creates value for businesses through ensuring the delivery of information that satisfies the required criteria of compliance. In this time of crisis, a strong IT Governance framework will enable the organization to meet the requirements of the new laws, regulations, and contractual obligations resulting from the changes in the business world.
2.2.4. IT Governance and performance:
At last but not least, IT Governance encourages desirable behavior (e.g prudent IT investing, business-driven IT decision making, seamless IT Management, Responsible use of IT) and ensures the implementation of mechanisms (e.g Executive Committee, IT Council, Architecture Committee) that are positively correlated with performance metrics (e.g ROA, Margin Growth, Productivity) leading the organization to achieve its performance goals.
(Weill & Woodham, 2002).
3. Covid-19: New Insights For It Governance
3.1. Covid-19:
The COVID-19 pandemic is a global pandemic of coronavirus disease 2019 (COVID-19) caused by Severe Acute Respiratory Syndrome (SARS). The virus was first identified in Wuhan, China in December 2019 before quickly spreading to other parts of China and around the world. The World Health Organization (WHO) declared a Public Health Emergency of International Concern on 30 January 2020, and a pandemic on 11 March 2020 (World Health Organization [WHO], 2020). As of 25 November 2021, there have been 258,830,438 confirmed cases of COVID-19, including 5,174,646 deaths, reported to WHO (WHO, 2021).
The pandemic has had immediate effects on the global business ecosystem since it imposed lockdowns in nations around the globe affecting all industries and services.
The Covid-19 pandemic has been putting more and more pressure on societies to accept and adopt new technologies (Javaid & Haleem, 2019; Zimmerling & Chen, 2021). The circumstances of the pandemic have made it clear that technologies are going to be part of “the new normal”; as education shifted to online classes, telemedicine became widely omnipresent, and remote work turned out to be the new reality. The measures societies, and the whole world, needed to implement and ended up implementing were all technologically backed. It’s not as if technologies weren’t adopted or accepted prior to the Covid-19 pandemic, but it is the latter that has caused extra pressure on technological innovation and adoption. Technologies enabled us to fight the pandemic and to maintain some sense of normalcy. For instance, governments forcing businesses, schools, and even some medical facilities to close down left society with no choice but to accelerate technology acceptance to maintain what it can of human connection (Flaxman et al., 2020; Hsiang et al, 2020; O’Leary, 2020; Spear et al, 2020; Zimmerling &
Chen, 2021).
3.2. New insights and challenges for ITG:
During and following the crisis, many businesses have been racing at an impressive speed to achieve improved efficiency by transforming their operations through enhanced technology utilization and adoption (Mather, 2020). The rapid uptake of technology has made the implementation of a sound ITG framework a must. The Information Systems Audit and Control Association [ISACA] (2020a), has encouraged organizations to adopt one of the available IT Governance frameworks according to the firm's vision and needs for the organization to be able to effectively and efficiently respond to the governance challenges posed by the COVID-19 pandemic. However, as the business world switched to a new technology-enhanced reality, a wave of business failures has taken over (Amankwah-Amoah et al., 2020) It is without a doubt that the ongoing crisis has brought to light some insights on IT Governance.
3.2.1. IT Risk Management should be reinforced:
IT Risk Management is part of any ITG framework. During Covid-19, cyber security has become a major concern for businesses. The Coronavirus pandemic has resulted in many restrictions dictated by governments encouraging employees to work from home. Hence, companies struggled with providing a “cyber-safe” remote working environment. (Deloitte, 2021). The latter isn’t backed by strong levels of protection and security as the usual “at office”
working environment. In April 2020 the National cyber Security Center of Switzerland has reported 350 Cyberattacks (compared to the norm 100-150) and linked it –primarily- to individuals working remotely (Jump in Cyberattacks, 2020). Criminals have been taking advantage of the transition in working conditions (Deloitte, 2021; ISACA, 2020b).
Cyberattacks can take different forms; phishing, pharming, extortion, malware, financial fraud,
hacking, etc. and can target any type of organization; from impersonating public authorities, to attacking healthcare organizations and threatening all types of businesses (Lallie et al., 2021) In May 2021, the Colonial Pipeline’s (the largest fuel pipeline in the US) billing system and its internal network were attacked. Eventually, the firm was requested to give in to ransomware hackers and pay 4.4 million us dollars in bitcoin. (Randles, 2021) In the same month, ACER had to pay 50 million US dollars to ransom ensuing in a cyberattack that resulted in leaking images and financial documents of the firm.
For the ITG framework to control the constantly evolving security attacks, it should enhance IT Risk Management by keeping up with the latest cybersecurity technologies. Kumar and Rao (2021) argue that it would be useful to have at least one director with experience and qualification in risk management. The board should also provide training to employees and different stakeholders so that each one of them would be able to avoid exposing the organization to a cyberattack or at least urgently respond if occurred. In such a way, accountability and roles regarding IT Risks Management would be effectively distributed inside the organization, and risks would be more successfully controlled.
3.2.2. The leadership should be on board:
IT Governance definitions underline the board of directors as a primary responsible and accountable for IT governance, however, a study conducted by De Haes and Van Grembergen (2006) from May 2003 to Mars 2005 found that IT governance is mainly an initiative of the IT department and that the IT steering committee is omnipresent whereas the board and the IT strategy committee are seldom engaged. There are three levels of IT governance: strategic level (boards of directors), management level (executive management: CIO, CEO…), and operational level (IT and Business Management) (De Haes& Van Grembergen, 2006). There are defined structures, roles, and responsibilities for each level. That's been said, the lack of the board of directors' engagement is common defiance that needs to be addressed and surmounted, or else the strategic level of IT governance will fail, leading the whole framework to fail.
As of today, it has been demonstrated that the way boards do business will be important to an organization's ability to emerge from the current crisis and move forward into a new age of economic recovery. The Deloitte report (Deloitte, 2020, p:2) states that: “Boards have a critical role to play in directing and overseeing the organizations that they serve and, while maintaining appropriate separation from Management, should support executive leadership and share the burden.” A failed ITG framework is itself a burden that can no longer be (and shouldn’t be) shouldered by the executive management, the business management, or the IT management with no oversight, guidance, or participation of the BoD. The report also emphasized the board’s increasing oversight role of technology and its governance as key to an effective governance framework for crisis reaction and recovery phases (Deloitte, 2020, p : 3) A similar incentive is found in the Gartner (2020, p:3) report where a board participant stated that “BoDs must take innovative approaches to their governance models by leveraging technologies and IT expertise to accommodate the impacts that the pandemic is thrusting upon their digital transformation agendas”. We conclude that the BoD should know its role in ITG as part of the Covid-19 response plan and ensure that all ITG decision-makers know theirs as well.
The engagement of the leadership in ITG also implies having the required level of understanding of both IT and ITG. For instance, the engagement of directors in ITG implies acquiring enough knowledge about IT to efficiently govern it as expected. Research conducted by Ako-Nai and Singh (2019) concluded that boards face challenges when governing IT mainly because of their limited understanding of strategic IT. The lack of IT knowledge and skills is
found amongst different leadership levels, the management included (Levstek et al., 2022).
This results in IT governance being the weakest element of corporate governance (Turel et al., 2017). Limited IT skills and competence are burdens to achieving the full engagement of leaders in ITG. Hence, leadership should have enough knowledge and expertise regarding IT and ITG and should be mobilizing their efforts to engage in every aspect of IT Governance.
Moreover, focusing on the aspect of "governance" in "IT Governance" may give the wrong idea that IT governance, similarly to corporate governance, is the full responsibility of the board of directors. As a result, other structures (e.g. CIO, IT executives…) may deem their participation in IT Governance unnecessary (Beachboard et al., 2010).
The lack of engagement of the ITG body has often been a hindrance and a burden for IT Governance effectiveness. However, if Covid-19 has proved anything, it must be that leaders are required to engage in decision-making and take serious actions, and it cannot be otherwise (Mather, 2020). Today, we expect leaders to guide the organization to fit in the new reality, and they need to adapt their governance structures and processes accordingly. (Mather, 2020) ITG, as a layer of corporate governance with its specific structures and processes, needs to undergo the necessary changes with the presence, engagement, and control of all leadership bodies.
3.2.3. A more flexible ITG framework is needed:
Research suggests that changing a governance structure more frequently than every 12 months is not recommended and that an IT/Business strategy should be revisited annually, however, it also supports that a change of strategy should be accompanied by a change in IT governance.
(Weill & Woodham, 2002; IT Governance Institute [ITGI], 2005a, 2005b).
If we go back to the origin of the term “governance”, we find that it derives from the Greek verb “kubernan”, which means to steer a ship- implying a continuous cycle of orienting and adjusting (De Haes & Van Grembergen, 2006; Fukuyama, 2016). If we link this definition to
“IT Governance”, it doesn’t take more than common sense to realize the need for IT to continuously align and adjust to the changing environment. Research has proved that there is no standardized or best IT governance framework simply because IT needs to respond to its particular environment (Lunardi et al., 2017), and hence IT Governance cannot be put in a “one size fits all” box.
Additionally, a rapidly changing environment mandates the organization to adjust its strategies accordingly alongside the IT Governance framework. As strategies, goals, and objectives keep changing, the ITG framework might end up changing more than it is “traditionally”
recommended. A steady long-termed IT Governance framework might end up being a deviation from what an organization needs nowadays. Given the velocity of the pandemic progression, leaders need to adapt and reassess their strategies as required (Mather, 2020).
Mather (2020, p:3) argued that “in a crisis, wasted time and delays can be damaging, and there is a need to act with urgency”. A more agile and flexible IT Governance framework will allow individuals to adapt to changes as per the prevailing circumstances. As on-time and on-point responsiveness has become key to success (Kumar et al., 2020, Zimmerling& Chen, 2021), a
“stiff” IT governance approach won’t be able to keep track of the evolving strategies or to endure through the unstable environment.
Moreover, this flexibility can be achieved with the help of what is referred to as a “Business Continuity Plan” (BCP). The BCP is part of the BCM (Business Continuity Management) that
can be obtained through the implementation of a Business Continuity Management system (BCMS). The purpose of a BCP is to help organizations adapt rapidly, continue their business operations, and maintain the availability of resources and information at an acceptable level for the organization in the event of a significant disruption such as an economic crisis (ISACA, 2020c). One key component for the BCP is handling IT disruptions while ensuring coherence between business processes, applications, and the IT infrastructure. BCP should be part of the ITG framework. In practice, it can be found in DSS04 (COBIT19) and ISO 22301.
3.2.4. Communication and relational mechanisms cannot be overlooked:
Even when the appropriate structures and processes are in place, the IT Governance framework cannot be complete nor successful if the right relational mechanisms are missing (Broadbent
& Weill, 1998; Callahan & Keyes, 2003; De Haes & Van Grembergen, 2015; Luftman, 2000).
Relational mechanisms ensure active collaboration and partnership regarding IT inside the organization (De Haes& Van Grembergen, 2009; De Haes& Van Grembergen, 2005; Weill &
Ross, 2004). They can be implemented through training, shared learning, peer learning, job rotation between the business and IT, etc.
Communication and relational mechanisms have always been an essential component of the ITG framework. However, the Covid-19 crisis accented their importance for ITG to endure in times of crisis. As IT has become the beating heart for all businesses, the culture of IT Governance should as well be supported and carefully spread. For these growing IT investments to deliver their value, we need all users to exploit and use the technology and non- executives to understand the vision behind ITG. The covid-19 pandemic has also driven and emphasized research into the importance of communication especially in the face of misinformation. (Zimmerling & Chen, 2021) Misinformation has widely spread during the pandemic threatening people’s lives. Hence, communication has proved to be a critical facet during a crisis for individuals, societies, and businesses (Mather, 2020; Zimmerling & Chen, 2021). When correctly adopted in the ITG framework, a reinforced communication approach will enable the organization to circumvent users’ resistance. The latter can be extremely threatening in times of crisis, where urgency prevails and the least of wasted time and delays can be damaging. For instance, as remote work took place and cyberattacks took over (taking into consideration that most of the attacks were decentralized), a well-established communication approach can help users understand how to manage IT-related risks and to ensure protection in the face of cybersecurity breaches, data privacy, and confidentiality issues all while staying connected and being productive. In such a manner, with the contribution of all stakeholders, the Information Technology Governance of the organization would have succeeded at effectively eliminating risks and managing them before occurred.
The lack of clarity between IT management and IT governance has also been an issue to a sound IT Governance framework implementation (Ako-Nai & Singh, 2019). Confusion and blurred boundaries result in delayed decision-making; which cannot be tolerated under disruptive circumstances when decisions are expected to be made in the best of delays.
Effective communication between the governance body and the management will help clarify the respective roles in governing IT for both decision-making levels. Thus, no obfuscation regarding who makes what decisions will take place. IDB (2020, p:3) has listed several actions for BoD to take in the face of the crisis that engage not only the board of directors but all the leadership members; quoting that through the crisis response/management plan the BoD should
“Communicate clearly, so all participants know their roles.”
When responding to a crisis, it is important to emphasize that culture matters. The latter could be done through proper communication, which can be reinforced through the BoD role in increasing transparency for communication to flow seamlessly across the organization (IDB, 2020, p: 2). It is without a doubt that, since IT has become crucial for organizations in times of crisis, the culture of IT and adequately the culture of ITG should be communicated properly and reinforced through the leadership.
4. Discussion and Conclusion
Successful firms are not the ones that just make better IT decisions than their competitors; they are the firms that make better IT decisions consistently (Weill & Woodham, 2002) especially under disruptive pressures and in crisis times. The Covid-19 crisis has shifted the business world, promising to permanently normalize the use of digital technologies. With organizations becoming more and more dependent upon IT, they systematically become more dependent upon and in need of a strong ITG model. Under the light of the circumstances of the pandemic and the lessons learned, the least we could expect of organizations is an improved ITG approach; to no longer tolerate the lack of engagement of the persons in charge of the governance of IT, to adopt a more agile approach of ITG for it to be more flexible and responsive, to reinforce IT risk management in the face of the rising threats and finally to enhance relational and communication mechanisms. Now is the time to redefine and improve the IT governance framework for it to effectively deal with current and future economic crises.
Funding Acknowledgment:
This work was supported by the National Center for Scientific and Technical Research (CNRST) (2UAE2021)
References
Abu-Musa, A. (2007). Exploring Information Technology Governance (ITG) in Developing Countries: An Empirical Study. The International Journal of Digital Accounting Research, Vol. 7, N. 13-14, pp. 71-120
Ako-Nai, A., & Singh, A. (2019). Information technology governance framework for improving organisational performance. SA Journal of Information Management. 21.
10.4102/sajim.v21i1.1010.
Barrera, S.M.B., Yoon, H., Kim, K. & Hwang, J. (2018). IT Governance Effectiveness and Its Influence on Innovation Product and Process. 2018 Portland International Conference on Management of Engineering and Technology (PICMET). doi:
10.23919/PICMET.2018.8481752
Beachboard, J.C., Probst,J. & Aytes, K. (2010). IT Governance and IT Management: Is there a difference that makes a difference? InSITE 2010: Informing Science + IT Education Conference. doi:10.28945/1234
Broadbent M. & Weill P. (1998). Leveraging the new infrastructure – How market leaders capitalize on Information Technology. Academy of Management Perspectives, 12(4), 137-138
Callahan J. & Keyes D. (2003). The evolution of IT Governance at NB Power. IN W. Van Grembergen (Ed.), Strategies for Information Technology Governance. Idea Group Publishing
De Haes,S. & Van Grembergen,W. (2006) Information Technology Governance Best Practices in Belgian Organizations, System Sciences. Available at:
https://www.researchgate.net/publication/4216402_Information_Technology_Governan
ce_Best_Practices_in_Belgian_Organisations
De Haes,S. & Van Grembergen,W. (2015). Enterprise Governance of Information Technology : Achieving Alignement and Value Futuring COBIT5 2nd Edition, Springer.
Deloitte (2020). The Board’s role in the COVID-19 crisis. Available at:
https://www2.deloitte.com/content/dam/Deloitte/za/Documents/about-deloitte/za-The- Boards-role-in-the-COVID-19-crisis.pdf
Deloitte (2021). Impact of COVID-19 on Cybersecurity. Available at:
https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html Flaxman, S., Mishra, S., Gandy, A., Unwin, H. J. T., Mellan, T. A., Coupland, H., Whittaker,
C., Zhu, H., Berah, T., Eaton, J. W., Monod, M., Perez-Guzman, P. N., Schmit, N., Cilloni, L., Ainslie, K. E. C., Baguelin, M., Boonyasiri, A., Boyd, O., Cattarino, L., … Imperial College COVID-19 Response Team. (2020). Estimating the effects of non-pharmaceutical interventions on COVID-19 in Europe. Nature, 584(7820), 257‑261.
https://doi.org/10.1038/s41586-020-2405-7
Fukuyama, F. (2016). Governance : What Do We Know, and How Do We Know It? Annual Review of Political Science, 19(1), 89‑105. https://doi.org/10.1146/annurev-polisci- 042214-044240
Gartner (2020, 30 September). Gartner Says 69% of Boards of Directors Accelerated Their Digital Business Initiatives Following COVID-19 Disruption. Gartner.
https://www.gartner.com/en/newsroom/press-releases/2020-09-30-gartner-says-sixty- nine-percent-of-boards-of-directors-accelerated-their-digital-business-initiatives- folloing-covid-19-disruptions
Hsiang, S., Allen, D., Annan-Phan, S. et al. The effect of large-scale anti-contagion policies on the COVID-19 pandemic. (2020). Nature. 584, pp: 262–267 https://doi.org/10.1038/s41586-020-2404-8
IDB (2020, 20 April). Corporate Governance: COVID-19 and the Board of Directors. IDB Invest. https://www.idbinvest.org/en/publications/corporate-governance-covid-19-and- board-directors
IIA (2010). Auditing It Governance. IPPF: International Professional Practices Framework.
Accessed on 25/11/2021. Available:
https://www.iia.nl/SiteFiles/GTAG%2017%20Auditing%20IT%20Governance.pdf ISACA ( 2020a, 7 December). The Role of IT Governance in Addressing Pandemic-Related
Cyberrisk. https://sf-sit.isaca.org/resources/news-and-trends/industry-news/2020/the- role-of-it-governance-in-addressing-pandemic-related-cyberrisk
ISACA (2020b, 16 December). The Role of IT Governance During COVID-19 and Beyond:
Keeping the Momentum. https://www.isaca.org/resources/isaca- journal/issues/2020/volume-6/the-role-of-it-governance-during-covid-19-and-beyond- keeping-the-momentum
ISACA (2020c, 12 August). IT Governance and the COVID-19 Pandemic.
https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/it-governance- and-the-covid19-pandemic
ITGI (2005a). Board Briefing on IT Governance, Information Technology Governance Institute. http://www.itgi.org/.
ITGI (2005b). Governance of the Extended Organization, Bridging Business and IT Strategies, Hoboken, NJ: John Wiley &Sons.
Javaid, M. & Haleem,A. (2019). Industry 4.0 applications in medical field: a brief review.
Current Medicine Research and Practice, pp: 102–109, https://doi.org/10.1016/j.cmrp.2019.04.001
Jump in cyber attacks during Covid-19 confinement: The number of cyber attacks reported in Switzerland during the height of the Covid-19 pandemic was up to three times higher than
normal.. June 7, 2020. Swissinfo.ch from https://www.swissinfo.ch/eng/jump-in-cyber- attacks-during-covid-19-confinement/45818794
Kappelman, L., Johnson, V., McLean, E., & Maurer, C. (2018). The 2017 SIM IT Issues and Trends Study, MISQ Exec, 17 (1), pp.53-88.
Kumar, M. S., Raut, D., Narwane, D., & Narkhede, D. (2020). Applications of industry 4.0 to overcome the COVID-19 operational challenges. Diabetes & metabolic syndrome, 14(5), 1283–1289. https://doi.org/10.1016/j.dsx.2020.07.010
Kumar, S., & Rao, P. (2021). Challenges are thrown in Corporate Governance during COVID 19. Academia Letters, Article 2949. https://doi.org/10.20935/AL2949
Lallie, H. S., Shepherd, L. A., Nurse, J. R. C., Erola, A., Epiphaniou, G., Maple, C., &
Bellekens, X. (2021). Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248.
doi:10.1016/j.cose.2021.102248
Levstek, A., Pucihar, A. & Hovelja, T. (2022). Towards an Adaptive Strategic IT Governance Model for SMEs. Journal of Theoretical and Applied Electronic Commerce Research, Vol 17, No 1, pp. 230-252.
Luftman, J. (2000). Assessing Business-IT Alignment Maturity. Communications of the Association for Information Systems, 4, pp-pp. https://doi.org/10.17705/1CAIS.00414 Luftman, J. (2015). Strategic Alignment Maturity. Handbook on Business Process
Management 2. Springer.
Lunardi, G.L., Macada, A.C.G., Becker, J.L. & Van Grembergen, W. (2017). Antecedents of IT governance effectiveness: An empiricalexamination in Brazilian firms. Journal of Information Systems.Vol. 31 No 1, pp. 41–57.
Mather, P. (2020). Leadership and governance in a crisis: some reflections on COVID-19.
Journal of Accounting & Organizational Change, Vol. 16 No. 4, pp. 579-585.
https://doi.org/10.1108/JAOC-08-2020-0123
O’Leary, D. E. (2020). Evolving Information Systems and Technology Research Issues for COVID-19 and Other Pandemics. Journal of Organizational Computing and Electronic Commerce, 30(1), 1‑8. https://doi.org/10.1080/10919392.2020.1755790
Randles Brett (27 May 2021). US Colonial Pipeline Attack - Consequences for the Security of
Critical Infrastructure in Europe. Dac Beachcroft.
https://www.dacbeachcroft.com/en/gb/articles/2021/may/us-colonial-pipeline-attack- consequences-for-the-security-of-critical-infrastructure-in-europe/
Sibanda, Mabutho & Ramrathan, Durrel. (2017). Influence of Information Technology on Organization Strategy. Foundations of Management. 9. 10.1515/fman-2017-0015.
SIM (2019). Issues, Investments, Concerns, & Practices of Organizations and their IT Executives, Comprehensive Report: Results and Observations from the SIM IT Trends Study. Society for Information Management. Available at:
https://trends.simnet.org/trends-study-archive
SIM (2020), Issues, Investments, Concerns, & Practices of Organizations and their IT Executives, 2019 Comprehensive Report: Results and Observations from the SIM IT Trends Study. Society for Information Management. Available at:
https://trends.simnet.org/trends-study-archive
Spear, R., Erdi, G., Parker, M. & Anastasiadis, M. (2020). Innovations in Citizen Response to Crises: Volunteerism & Social Mobilization During COVID-19. 12. Interface.
https://www.researchgate.net/publication/341607275_Innovations_in_Citizen_Response _to_Crises_Volunteerism_Social_Mobilization_During_COVID-19
Turel, O., Liu, P. & Bart, C. (2017). Board-level information technology governance effects on organizational performance: The roles ofstrategic alignment and authoritarian governance style. Information Systems Management. Vol 34 No 2, pp. 117–136.
Vijayan, J. (10 May 2010). Heartland breach expenses pegged at $140M -- so far.
Computerworld, Inc. https://www.computerworld.com/article/2518328/heartland- breach-expenses-pegged-at--140m----so-far.html
Weill, P & Woodham R. (2002). Don’t Just Lead, Govern: Implementing Effective IT Governance. CISR, WP no. 326.
Weill, P. & Ross J. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press.
Weill, P. (2004). Don't just lead, govern: How top-performing firms govern IT. MIS Quarterly Executive, Vol 3 N°1, pp.1-17.
Whitler, K. A. & Farris, P. (2017). The Impact of Cyber Attacks On Brand Image: Why Proactive Marketing Expertise Is Needed for Managing Data Breaches. Journal of Advertising Research. 57(1):3-9.
WHO (2020, 31 January). 2019-nCoV Outbreak Is an Emergency of International Concern.
World Health Organization. www.euro.who.int/en/health-
topics/healthemergencies/international-health-regulations/news/news/2020/2/2019-ncov- outbreak-is-anemergency-of-international-concern
WHO (2021, 26 November). Coronavirus Disease (COVID-2019) Dashboard. World Health Organization. https://covid19.who.int/
Young, Raymond & Jordan, Ernest. (2002). IT Governance and Risk Management: an integrated multi-stakeholder framework.
Zimmerling, A., & Chen, X. (2021). Innovation and possible long-term impact driven by COVID-19: Manufacturing, personal protective equipment and digital technologies.
Technology in Society, 65, 101541. doi:10.1016/j.techsoc.2021.101541
