Diagnostic Model for IT Governance Assessment in Federal Public Universities
Open Data
Main Article Content
Vitor Muniz dos Santos
Louisi Francis Moura
Paula Regina Zarelli
Abstract
Objective: to develop and validate a diagnostic model for IT governance assessment in Brazilian federal public universities, considering specific factors of public administration related to performance measurement. Theoretical approach: based on corporate and IT governance theories applied to the public sector, integrated with factors that influence the design of performance measurement systems in public organizations. Methods: qualitative research based on a systematic literature review to identify essential IT governance characteristics and develop a conceptual model, followed by a comparative case study in three federal universities using systematic documentary analysis. Results: the diagnostic model revealed significant differences in IT governance maturity levels among institutions (UTFPR — 76.67%, UFABC — 63.33%, and UFBA — 0%) and identified the universal absence of volunteer practices, highlighting specific needs of the public sector. The assessment, based on public documents, may not fully reflect the actual practices of the institutions. Conclusion: the model proved effective for evaluating IT governance practices in public higher education institutions, emphasizing the importance of contextual adaptation and providing a practical tool for diagnosis and development of IT governance in the sector.
Downloads
Download data is not yet available.
Download data is not yet available.
Article Details
How to Cite
Santos, V. M. dos, Moura, L. F., & Zarelli, P. R. (2025). Diagnostic Model for IT Governance Assessment in Federal Public Universities. Journal of Contemporary Administration, 29(3), e240318. https://doi.org/10.1590/1982-7849rac2025240318.en
Section
Theoretical-empirical Articles
This work is licensed under a Creative Commons Attribution 4.0 International License.
Since mid-February of 2023, the authors retain the copyright relating to their article and grant the journal RAC, from ANPAD, the right of first publication, with the work simultaneously licensed under the Creative Commons Attribution 4.0 International license (CC BY 4.0), as stated in the article’s PDF document. This license provides that the article published can be shared (allows you to copy and redistribute the material in any medium or format) and adapted (allows you to remix, transform, and create from the material for any purpose, even commercial) by anyone.
After article acceptance, the authors must sign a Term of Authorization for Publication, which is sent to the authors by e-mail for electronic signature before publication.
References
Abu‐Musa, A. (2009). Exploring the importance and implementation of COBIT processes in Saudi organizations (Vol. 17). Emerald Group Publishing Limited. https://doi.org/10.1108/09685220910963974
Ali, S., & Green, P. (2007). IT governance mechanisms in public sector organisations: An Australian context. Journal of Global Information Management, 15(4), 41-63. https://doi.org/10.4018/jgim.2007100103
Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management, 36(6), 907-916. https://doi.org/10.1016/j.ijinfomgt.2016.05.017
Bastos, J. (2019). Governança pública: Possibilidades e limites da adoção por uma universidade federal. http://repositorio.furg.br/handle/1/10424
Bevir, M. (2011). The SAGE Handbook of Governance. SAGE Publications.
Bianchi, I., & Sousa, R. (2016). IT Governance Mechanisms in Higher Education. Procedia Computer Science, 100, 941-946. https://doi.org/10.1016/j.procs.2016.09.253
Brand, N., Beens, B., Vuuregge, E., & Batenburg, R. (2011). Engineering governance: Introducing a governance meta framework. International Journal of Corporate Governance, 2(2), 106-118. https://doi.org/10.1504/IJCG.2011.04115
Brown, A., & Grant, G. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15.
Brown, W. C. (2006). IT governance, architectural competency, and the Vasa. Information Management & Computer Security, 14(2), 140-154. https://doi.org/10.1108/09685220610655889
Campbell, J., McDonald, C., & Sethibe, T. (2010). Public and private sector IT governance: Identifying contextual differences. Australasian Journal of Information Systems, 16(2). https://doi.org/10.3127/ajis.v16i2.538
Cervone, H. (2017). Implementing IT governance: A primer for informaticians. Emerald Publishing. https://doi.org/10.1108/DLP-07-2017-0023
De Haes, S., & Van Grembergen, W. (2004). IT governance and its mechanisms. Information Systems Control Journal, 1, 27-33.
De Haes, S., & Van Grembergen, W. (2009a). Enterprise Governance of Information Technology. Springer US.
De Haes, S., & Van Grembergen, W. (2009b). Exploring the relationship between IT governance practices and business/IT alignment through extreme case analysis in Belgian mid‐to‐large size financial enterprises. Journal of Enterprise Information Management, 22(5), 615-637. https://doi.org/10.1108/17410390910993563
De Haes, S., & Van Grembergen, W. (2009c). An exploratory study into IT Governance Implementations and its Impact on Business/IT Alignmecnt. Information Systems Management, 26(2), 123-137. https://doi.org/10.1080/10580530902794786
Debreceny, R. (2013). Research on IT governance, risk, and value: Challenges and opportunities. Journal of Information Systems, 27(1), 129-135. https://doi.org/10.2308/isys-10339
Edirisinghe Vincent, N., & Pinsker, R. (2020). IT risk management: Interrelationships based on strategy implementation. International Journal of Accounting & Information Management, 28(3), 553-575. https://doi.org/10.1108/IJAIM-08-2019-0093
Erasmus, W., & Marnewick, C. (2021). An IT governance framework for IS portfolio management. International Journal of Managing Projects in Business, 14(3), 721-742. https://doi.org/10.1108/IJMPB-04-2020-0110
Harrisson, J. S., & Wicks, A. C. (2013). Stakeholder theory, value, and firm performance. Business Ethics Quarterly, 23(1), 97-124. http://doi.org/10.5840/beq20132314
Instituto Brasileiro de Governança Corporativa. (2015). Código das Melhores Práticas de Governança Corporativa (5 ed.). https://edisciplinas.usp.br/pluginfile.php/4382648/mod_resource/content/1/Livro_Codigo_Melhores_Praticas_GC.pdf
ISACA. (2018). COBIT 2019 framework: Governance and management objectives. https://netmarket.oss.aliyuncs.com/df5c71cb-f91a-4bf8-85a6-991e1c2c0a3e.pdf
ISACA. (2020). The Value of IT Governance. https://www.isaca.org/resources/news-and-trends/industry-news/2020/the-value-of-it-governance
IT Governance Institute. (2003). Board Briefing on IT Governance (2 ed.). Information Systems Audit and Control Association.
Khalil, S., & Belitski, M. (2020). Dynamic capabilities for firm performance under the information technology governance framework. European Business Review, 32(2), 129-157. https://doi.org/10.1108/EBR-05-2018-0102
Khan, H. (2011). A literature review of corporate governance. IPEDR, 25. https://www.researchgate.net/publication/267773286
Ko, D., & Fink, D. (2010). Information technology governance: an evaluation of the theory‐practice gap. Corporate Governance: The International Journal of Business in Society, 10(5), 662-674. https://doi.org/10.1108/14720701011085616
Kumar, V., & Pansari, A. (2016). Competitive advantage through engagement. Journal of marketing research, 53(4), 497-514. https://doi.org/10.1509/jmr.15.0044
Laita, A., & Belaissaoui, M. (2017). Information technology governance in public sector organizations. In J. Kacprzyk (Ed.), Advances in Intelligent Systems and Computing (Vol. 520, pp. 331-340). Springer.
Lindblom, C. E. (2002). The market system: What it is, how it works, and what to make of it. Yale University Press.
Lyke, B., & Jickling, M. (2002). WorldCom: The accounting scandal. Congressional Research Service Report for Congress, August, 29, 1-6.
McGrath, S., & Whitty, S. (2015). Redefining governance: From confusion to certainty and clarity. International Journal of Managing Projects in Business, 8(4), 755-787. https://doi.org/10.1108/IJMPB-10-2014-0071
McGrath, S., & Whitty, S. (2019). Governance terminology confusion in management and project management reference documents. Journal of Modern Project Management, 7(2), 146-171. https://journalmodernpm.com/manuscript/index.php/jmpm/article/view/JMPM02008/345
Mohamed, N., & Kaur a/p Gian Singh, J. (2012). A conceptual framework for information technology governance effectiveness in private organizations. Information Management & Computer Security, 20(2), 88-106. https://doi.org/10.1108/09685221211235616
Moura, L., Pinheiro de Lima, E., Deschamps, F., Van Aken, E., Gouvea da Costa, S., Treinta, F., & Cestari, J. (2019). Designing performance measurement systems in nonprofit and public administration organizations. International Journal of Productivity and Performance Management, 68(8), 1373-1410. https://doi.org/10.1108/IJPPM-06-2018-0236
Muniz dos Santos, V., & Moura, L. (Setembro, 2024). Características essenciais da Governança de TI: uma revisão sistemática de literatura. ADM Congresso Internacional de Administração. https://admpg.com.br/2024/anais/arquivos/07272024_140741_66a531cdc1aae.pdf
Muniz dos Santos, V., Moura, L. F., & Zarelli, P. (no prelo). Governança de TI e fatores de influência no desenho de sistemas de medição de desempenho: Modelo conceitual para Administração Pública.
Organisation for Economic Co-Operation and Development. (2015). G20/OECD Principles of Corporate Governance 2015. OECD Publishing. http://dx.doi.org/10.1787/9789264236882-en
Pang, M.-S. (2014). IT governance and business value in the public sector organizations — The role of elected representatives in IT governance and its impact on IT value in U.S. state governments. Decision Support Systems, 59, 274-285. https://doi.org/10.1016/j.dss.2013.12.006
Peterson, R. (2004). Crafting information technology governance. Information Systems Management, 21(4), 7-22. https://doi.org/10.1201/1078/44705.21.4.20040901/84183.2
Priyadarsini, A., & Kumar, A. (2022). A literature review on IT governance using systematicity and transparency framework. Digital Policy, Regulation and Governance, 24(3), 309-328. https://doi.org/10.1108/DPRG-09-2021-0114
Robinson, N. (2005). IT excellence starts with governance. Journal of Investment Compliance, 6(3), 45-49. https://doi.org/10.1108/15285810510659310
Rubino, M., & Vitolla, F. (2014). Internal control over financial reporting: Opportunities using the COBIT framework. Managerial Auditing Journal, 29(8), 736-771. https://doi.org/10.1108/MAJ-03-2014-1016
Rubino, M., Vitolla, F., & Garzoni, A. (2017). The impact of an IT governance framework on the internal control environment (Vol. 27). Emerald Publishing Limited. https://doi.org/10.1108/RMJ-03-2016-0007
Suchman, M. (1995). Managing Legitimacy: Strategic and Institutional Approaches. Academy of Management Review, 571-610.
Suomi, R., & Tähkäpää, J. (2008). Governance Structures for IT in the Health Care Industry. Em W. Van Grembergen (Ed.), Strategies for information technology governance (pp. 357-381). London: Idea Group Publishing.
Tonelli, A., Bermejo, P., Aparecida dos Santos, P., Zuppo, L., & Zambalde, A. (2017). It governance in the public sector: A conceptual model. Information Systems Frontiers, 19(3), 593-610. https://doi.org/10.1007/s10796-015-9614-x
Tost, L. P. (2011). An integrative model of legitimacy judgments. Academy of Management Review, 36(4), 686-710. https://psycnet.apa.org/record/2011-24778-005
Turel, O., Liu, P., & Bart, C. (2017). Board-level information technology governance effects on organizational performance: The roles of strategic alignment and authoritarian governance style. Information Systems Management, 34(2), 117-136. https://doi.org/10.1080/10580530.2017.1288523
Van Grembergen, W., & De Haes, S. (2008). Implementing Information Technology Governance: Models, Practices and Cases. IGI Global. https://doi.org/10.4018/978-1-59904-924-3
Vinten, G. (2002). The corporate governance lessons of Enron. Corporate Governance, 2(4), 4-9. https://doi.org/10.1108/14720700210447632
Weill, P., & Ross, J. (2004). IT governance: How top performers manage it decision rights for superior results. Harvard Business School Press.
World Bank. (1992). Governance and development. Oxford University Press. https://documents1.worldbank.org/curated/en/604951468739447676/pdf/multi-page.pdf
Ali, S., & Green, P. (2007). IT governance mechanisms in public sector organisations: An Australian context. Journal of Global Information Management, 15(4), 41-63. https://doi.org/10.4018/jgim.2007100103
Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management, 36(6), 907-916. https://doi.org/10.1016/j.ijinfomgt.2016.05.017
Bastos, J. (2019). Governança pública: Possibilidades e limites da adoção por uma universidade federal. http://repositorio.furg.br/handle/1/10424
Bevir, M. (2011). The SAGE Handbook of Governance. SAGE Publications.
Bianchi, I., & Sousa, R. (2016). IT Governance Mechanisms in Higher Education. Procedia Computer Science, 100, 941-946. https://doi.org/10.1016/j.procs.2016.09.253
Brand, N., Beens, B., Vuuregge, E., & Batenburg, R. (2011). Engineering governance: Introducing a governance meta framework. International Journal of Corporate Governance, 2(2), 106-118. https://doi.org/10.1504/IJCG.2011.04115
Brown, A., & Grant, G. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15.
Brown, W. C. (2006). IT governance, architectural competency, and the Vasa. Information Management & Computer Security, 14(2), 140-154. https://doi.org/10.1108/09685220610655889
Campbell, J., McDonald, C., & Sethibe, T. (2010). Public and private sector IT governance: Identifying contextual differences. Australasian Journal of Information Systems, 16(2). https://doi.org/10.3127/ajis.v16i2.538
Cervone, H. (2017). Implementing IT governance: A primer for informaticians. Emerald Publishing. https://doi.org/10.1108/DLP-07-2017-0023
De Haes, S., & Van Grembergen, W. (2004). IT governance and its mechanisms. Information Systems Control Journal, 1, 27-33.
De Haes, S., & Van Grembergen, W. (2009a). Enterprise Governance of Information Technology. Springer US.
De Haes, S., & Van Grembergen, W. (2009b). Exploring the relationship between IT governance practices and business/IT alignment through extreme case analysis in Belgian mid‐to‐large size financial enterprises. Journal of Enterprise Information Management, 22(5), 615-637. https://doi.org/10.1108/17410390910993563
De Haes, S., & Van Grembergen, W. (2009c). An exploratory study into IT Governance Implementations and its Impact on Business/IT Alignmecnt. Information Systems Management, 26(2), 123-137. https://doi.org/10.1080/10580530902794786
Debreceny, R. (2013). Research on IT governance, risk, and value: Challenges and opportunities. Journal of Information Systems, 27(1), 129-135. https://doi.org/10.2308/isys-10339
Edirisinghe Vincent, N., & Pinsker, R. (2020). IT risk management: Interrelationships based on strategy implementation. International Journal of Accounting & Information Management, 28(3), 553-575. https://doi.org/10.1108/IJAIM-08-2019-0093
Erasmus, W., & Marnewick, C. (2021). An IT governance framework for IS portfolio management. International Journal of Managing Projects in Business, 14(3), 721-742. https://doi.org/10.1108/IJMPB-04-2020-0110
Harrisson, J. S., & Wicks, A. C. (2013). Stakeholder theory, value, and firm performance. Business Ethics Quarterly, 23(1), 97-124. http://doi.org/10.5840/beq20132314
Instituto Brasileiro de Governança Corporativa. (2015). Código das Melhores Práticas de Governança Corporativa (5 ed.). https://edisciplinas.usp.br/pluginfile.php/4382648/mod_resource/content/1/Livro_Codigo_Melhores_Praticas_GC.pdf
ISACA. (2018). COBIT 2019 framework: Governance and management objectives. https://netmarket.oss.aliyuncs.com/df5c71cb-f91a-4bf8-85a6-991e1c2c0a3e.pdf
ISACA. (2020). The Value of IT Governance. https://www.isaca.org/resources/news-and-trends/industry-news/2020/the-value-of-it-governance
IT Governance Institute. (2003). Board Briefing on IT Governance (2 ed.). Information Systems Audit and Control Association.
Khalil, S., & Belitski, M. (2020). Dynamic capabilities for firm performance under the information technology governance framework. European Business Review, 32(2), 129-157. https://doi.org/10.1108/EBR-05-2018-0102
Khan, H. (2011). A literature review of corporate governance. IPEDR, 25. https://www.researchgate.net/publication/267773286
Ko, D., & Fink, D. (2010). Information technology governance: an evaluation of the theory‐practice gap. Corporate Governance: The International Journal of Business in Society, 10(5), 662-674. https://doi.org/10.1108/14720701011085616
Kumar, V., & Pansari, A. (2016). Competitive advantage through engagement. Journal of marketing research, 53(4), 497-514. https://doi.org/10.1509/jmr.15.0044
Laita, A., & Belaissaoui, M. (2017). Information technology governance in public sector organizations. In J. Kacprzyk (Ed.), Advances in Intelligent Systems and Computing (Vol. 520, pp. 331-340). Springer.
Lindblom, C. E. (2002). The market system: What it is, how it works, and what to make of it. Yale University Press.
Lyke, B., & Jickling, M. (2002). WorldCom: The accounting scandal. Congressional Research Service Report for Congress, August, 29, 1-6.
McGrath, S., & Whitty, S. (2015). Redefining governance: From confusion to certainty and clarity. International Journal of Managing Projects in Business, 8(4), 755-787. https://doi.org/10.1108/IJMPB-10-2014-0071
McGrath, S., & Whitty, S. (2019). Governance terminology confusion in management and project management reference documents. Journal of Modern Project Management, 7(2), 146-171. https://journalmodernpm.com/manuscript/index.php/jmpm/article/view/JMPM02008/345
Mohamed, N., & Kaur a/p Gian Singh, J. (2012). A conceptual framework for information technology governance effectiveness in private organizations. Information Management & Computer Security, 20(2), 88-106. https://doi.org/10.1108/09685221211235616
Moura, L., Pinheiro de Lima, E., Deschamps, F., Van Aken, E., Gouvea da Costa, S., Treinta, F., & Cestari, J. (2019). Designing performance measurement systems in nonprofit and public administration organizations. International Journal of Productivity and Performance Management, 68(8), 1373-1410. https://doi.org/10.1108/IJPPM-06-2018-0236
Muniz dos Santos, V., & Moura, L. (Setembro, 2024). Características essenciais da Governança de TI: uma revisão sistemática de literatura. ADM Congresso Internacional de Administração. https://admpg.com.br/2024/anais/arquivos/07272024_140741_66a531cdc1aae.pdf
Muniz dos Santos, V., Moura, L. F., & Zarelli, P. (no prelo). Governança de TI e fatores de influência no desenho de sistemas de medição de desempenho: Modelo conceitual para Administração Pública.
Organisation for Economic Co-Operation and Development. (2015). G20/OECD Principles of Corporate Governance 2015. OECD Publishing. http://dx.doi.org/10.1787/9789264236882-en
Pang, M.-S. (2014). IT governance and business value in the public sector organizations — The role of elected representatives in IT governance and its impact on IT value in U.S. state governments. Decision Support Systems, 59, 274-285. https://doi.org/10.1016/j.dss.2013.12.006
Peterson, R. (2004). Crafting information technology governance. Information Systems Management, 21(4), 7-22. https://doi.org/10.1201/1078/44705.21.4.20040901/84183.2
Priyadarsini, A., & Kumar, A. (2022). A literature review on IT governance using systematicity and transparency framework. Digital Policy, Regulation and Governance, 24(3), 309-328. https://doi.org/10.1108/DPRG-09-2021-0114
Robinson, N. (2005). IT excellence starts with governance. Journal of Investment Compliance, 6(3), 45-49. https://doi.org/10.1108/15285810510659310
Rubino, M., & Vitolla, F. (2014). Internal control over financial reporting: Opportunities using the COBIT framework. Managerial Auditing Journal, 29(8), 736-771. https://doi.org/10.1108/MAJ-03-2014-1016
Rubino, M., Vitolla, F., & Garzoni, A. (2017). The impact of an IT governance framework on the internal control environment (Vol. 27). Emerald Publishing Limited. https://doi.org/10.1108/RMJ-03-2016-0007
Suchman, M. (1995). Managing Legitimacy: Strategic and Institutional Approaches. Academy of Management Review, 571-610.
Suomi, R., & Tähkäpää, J. (2008). Governance Structures for IT in the Health Care Industry. Em W. Van Grembergen (Ed.), Strategies for information technology governance (pp. 357-381). London: Idea Group Publishing.
Tonelli, A., Bermejo, P., Aparecida dos Santos, P., Zuppo, L., & Zambalde, A. (2017). It governance in the public sector: A conceptual model. Information Systems Frontiers, 19(3), 593-610. https://doi.org/10.1007/s10796-015-9614-x
Tost, L. P. (2011). An integrative model of legitimacy judgments. Academy of Management Review, 36(4), 686-710. https://psycnet.apa.org/record/2011-24778-005
Turel, O., Liu, P., & Bart, C. (2017). Board-level information technology governance effects on organizational performance: The roles of strategic alignment and authoritarian governance style. Information Systems Management, 34(2), 117-136. https://doi.org/10.1080/10580530.2017.1288523
Van Grembergen, W., & De Haes, S. (2008). Implementing Information Technology Governance: Models, Practices and Cases. IGI Global. https://doi.org/10.4018/978-1-59904-924-3
Vinten, G. (2002). The corporate governance lessons of Enron. Corporate Governance, 2(4), 4-9. https://doi.org/10.1108/14720700210447632
Weill, P., & Ross, J. (2004). IT governance: How top performers manage it decision rights for superior results. Harvard Business School Press.
World Bank. (1992). Governance and development. Oxford University Press. https://documents1.worldbank.org/curated/en/604951468739447676/pdf/multi-page.pdf