Abstract
Cloud computing is used to a greater extent in today’s organizations and enables organizations to obtain on-demand network access to IT services. When cloud computing is adopted in an organization, the IT governance becomes more challenging, because organizations need to address business and IT-related processes as well as managing risks and maintaining the relationship with cloud computing vendors. This research aims at finding how cloud computing service model specifically Software as a Service (SaaS) influence IT governance structures, processes and relational mechanisms in a public organization. For this purpose a case study was conducted in a Swedish municipality and the data was collected through interviews with IT managers and from internal documents of municipality and was analyzed using thematic analysis. The results of this study shows that SaaS influences the IT governance structure by improving roles and responsibilities definition and speeds up the decision-making processes. Moreover, the communication with the vendors is more efficient due to the use of SaaS.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
- Cloud computing
- IT governance
- Software as a service
- Structures
- Processes
- Relational mechanisms
- Municipality
- Sweden
1 Introduction
Cloud computing is an evolution of IT outsourcing that is changing how organizations utilize, manage and deliver services over the Internet [1]. According to Mell & Grance [2, p. 2] “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. For many organizations cloud computing has become a mainstream and strategic choice for differentiation among others [1].
IT governance or Enterprise governance of IT is defined as “an integral part of enterprise governance exercised by the board and address the definition and implementation of processes, structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments” [3, p.3]. In opinion of Weill & Ross [4] enterprises with effective IT governance generate higher returns on their IT investments and also enhance their competitiveness”. Moreover, according to Turedi & Zhu [5, p. 530] “organizations must institute effective IT governance mechanisms to maximally create business value from their IT investment”.
IT plays a very important role in private organizations and is part of the business strategy, but has a lot to offer to public organizations as well that can benefit the most by using IT to achieve organizations strategies and improve their services [6]. Hoch & Payan [7] have noticed that IT governance is a critical capability for the leaders in the public sector that are looking to create IT value. Therefore, public organizations are very concern to improve their services that will require a focus on their efforts on having an effective IT governance in their organization [6]. In response to the increased cost of IT investments there is a need to effective IT governance otherwise an ineffective IT governance can lead to negative IT experiences, such as business losses, weakened competitive positions, higher cost of IT than expected with lower quality that will lead to enterprise inefficiency because of poor quality IT deliverables.
Cloud services in some form are used by approximately 74% of enterprises, which have grown 26% since 2009 [8]. According to Forrester Research “the public cloud market - cloud apps (software-as-a-service [SaaS]); cloud development and data platforms (platform-as-a-service [PaaS]); and cloud infrastructure (infrastructure-as-a-service [IaaS]) - will reach $411 billion by 2022” [9]. The benefits of cloud computing are mainly reduced IT costs, scalability, business continuity, collaboration efficiency, access to automatic updates [10]. However, when organizations are adopting cloud computing, IT governance becomes more complex and challenging for these organizations. This is because organizations need to address business and IT-related processes while maintaining the relationship, assess, and manage risks with the cloud-computing vendors [11]. In opinion of Jafarijoo & Joshi [12, p.2] “IT governance mechanisms have a positive and significant direct effect on cloud computing business value, thus influencing organizational performance”. On the other hand, concerning research in the IT governance in public sector organizations there is still a need of more research in this area [13,14,15,16]. This because the majority of research studies concerning IT governance were conducted in the private sector organizations [16]. As we know, there are differences between the private and public sector organizations, where private organizations aim to generate financial returns and profits, while public organizations aim to improve public services and transparency. Nevertheless, according to Prasad et al. [17] and Vithayathil [18] there are a few research studies concerning how cloud computing is influencing IT governance. To address this problem this study has looked to investigate how cloud computing service model like Software as a Service (SaaS) is influencing IT governance in a public organization in Sweden, and the following research question has been defined: “How does Software as a Service influence IT governance in a Swedish municipality?”. The next sections of the paper include the research background, research methodology, results and conclusions.
2 Research Background
2.1 Cloud Computing Service Models
Cloud computing is used by the organizations to gain on-demand network access to a shared pool of managed and scalable IT resource services, such as applications, storage and servers [19]. The cloud computing service model, defined by Mell & Grance [1] is composed of three service models (Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)).
IaaS model provides virtualized computing resources such as servers, storage and networks for consumers to run arbitrary software, including applications and operating systems [1] and can be used to construct new cloud software environments [20]. Consumers have control over the operating systems, storage and deployed applications but does not have to manage or control the underlying cloud infrastructure [1]. The most common form of service model IaaS are virtual machines that enables consumers a new flexibility in configuring their settings while protecting the physical infrastructure of the provider’s data center [20].
PaaS model implies that a consumer can deploy applications onto the cloud infrastructure using programming languages, libraries, services and tools that are supported by the provider. The consumer does not have to buy or manage the underlying cloud infrastructure but has control over the deployed applications [1]. Usually, the consumers of PaaS are cloud application developers that are deploying their applications onto the cloud. The PaaS vendors supplies the developers with programming-language environment to facilitate the interaction between the environments and the cloud applications [20].
SaaS model implies that a consumer uses the provider’s applications on a cloud infrastructure. The consumer can access the applications from different devices through either a web browser or a program interface. The consumer does not own, manage or operate the underlying infrastructure platform [1]. The generic claimed benefits of cloud computing, which applies to SaaS, are automatic software integration, easy access to information, quick deployment, pay-per-use basis, low upfront capital investment, high degree of flexibility and up-to-date IT resources [19, 21, 22]. Although, there are some negative aspects of using SaaS which includes concerns about security, privacy and vendor lock-ins [22]. SaaS is an attractive choice for many consumers as it eases the burden of software maintenance and the ongoing operation and support costs. SaaS, as cloud computing solution, will be the focus in this study because public organizations are more likely to use SaaS over IaaS and PaaS. Because of IT knowledge shortage [14], SaaS can be used to ease the burden of software maintenance [20].
2.2 IT Governance Framework
Van Grembergen & De Haes [23] have introduced an IT governance framework that focuses on three significant components: structures, processes and relational mechanisms like is shown in Fig. 1. Compared to other frameworks like the one of five focus areas of ITGI [24], Van Grembergen and De Haes [23] framework is more delimited, and therefore, found to be more applicable to be used in this study. Moreover, similar studies of IT governance in public organizations have been used this ITG framework [25,26,27,28]. Thus, IT governance framework of Van Grembergen & De Haes [23], will be used in this study.
IT governance framework of Van Grembergen & De Haes [23, p. 25]
IT Governance Structures
The structure component of the IT governance framework in Fig. 1, address where IT decision making authority is located and how the IT function is organized in the enterprise. For an effective IT governance framework, it is important for the board and executive management to define clear roles and responsibilities for the parties involved. It is important with continuous communication within the organization to keep knowledge of current business models, technologies; management techniques and potential risk up-to-date [29].
IT Governance Processes
The process component of the IT governance framework in Fig. 1, focus specifically on business and IT alignment and addresses different standards, methods and frameworks that can be used. For example, Balanced Scorecards (BSC), Strategic Information Systems Planning (SISP), Service Level Agreements (SLA), CobiT and IT Infrastructure Library (ITIL) [29]. By linking the Balanced Scorecard (BSC) and the IT BSC the IT governance can be supported by becoming an alignment method.
IT Governance Relational Mechanisms
The relational mechanisms of the IT governance framework in Fig. 1, is about communication, collaboration and participation between the business and the IT Department. This is to increase awareness of business in the IT Department and IT in the business departments [29]. According to Tonelli et al. [16, p. 607] “the relational mechanisms between IT and other organizational units are, in the IT governance context, the determining factors for IT performance, and are also positively correlated with organizational performance”. The relational mechanisms component in the IT governance ensures that knowledge is continuously shared across organization and departments to attain and sustain alignment between business and IT. To do this, it is also important with career cross-over, by having training, continuous education and rotation programs between the units. Here, balanced scorecards can be extended to include knowledge management initiatives as well.
2.3 Cloud Computing Influence on IT Governance
When a new technology, such as cloud computing is implemented in an organization, the IT governance of that organization will be affected [30]. Cloud computing is expected to be a disruptive technology, which means that adoption of it will entail the need for more rigorous governance strategies [21]. The impact of cloud computing on IT governance is according to Bounagui et al. [31] in the following domains: interoperability and portability; compliance and audit; roles and responsibilities; policy management; risks management; service level agreement; security and privacy. According to Winkler et al. [32] there is a critical need of a governance structure that is business-driven and includes senior managers and owners of business processes in an organization to achieve the payoffs coming out of cloud computing services. In fact, to manage cloud computing services, will be a need of a reconsideration of the IT governance, that will entail new competence developments to ensure that cloud computing services are aligned with the organization’s strategic objectives [33]. In order to satisfy the cloud computing needs, the organizational structure will also have to support additional capabilities. The organizational structure will also be affected by cloud computing with regard to new positions and responsibilities [30]. For example, the organization could need the presence of a Chief Cloud Officer, Cloud Management Committee and a Cloud Relationship Center [17]. Cloud services will also affect the management and risk implications [30]. Moreover, by adopting cloud computing services new dimensions of information asymmetry will emerge with the cloud vendor. Information asymmetry occurs when two parties have private information that the other does not know about. For instance, the cloud provider could hold information, such as the availability of backup and disaster recovery, the security of the client’s information and the potential for lock-in or high switching costs, that the client are not aware of. This brings new challenges to IT governance. Thus, the organization will need to ensure that formal processes are in place for information exchange between all parties; the IT department, the organization and the cloud vendors, through for example committees. By mitigating information asymmetry firms can increase benefits from cloud computing and add value by improving IT governance [18]. Regarding effective governance of cloud services, the organization need to manage relationships with cloud service vendors and other stakeholders. Cloud computing adoption can increase the number of stakeholders because of its impact on IT processes and other business units [33]. With cloud computing adoption, it is also important with clearly defined policies, IT strategies, and an established organizational structure with clear roles and responsibilities for business processes, IT management and the applications.
2.4 Research Conceptual Framework
The research conceptual framework shown in Fig. 2, will be used in this study to answer the research question: How does Software as a Service influence IT governance in a Swedish municipality?
Research conceptual framework
In Fig. 2, in the left part we have cloud computing service model that is represented by Software as a Service (SAAS) of Mell & Grance’s [1]. In the right part of the research conceptual framework shown in Fig. 2 we have IT governance that is represented by IT governance framework of Van Grembergen & De Haes [23]. The research conceptual framework shown in Fig. 2, will be applied to study how cloud computing using SaaS, influence IT governance structures, processes and relational mechanisms in a Swedish municipality.
3 Research Methodology
To achieve the purpose of this study, and analyze how does SaaS influence IT governance in a public organization; a case study method has found to be the appropriate one [34]. Case study is the appropriate method when studying why and how questions [34, 35]. Myers and Avison [35, p. 81] defines case study as: “A case study examines a phenomenon in its natural setting, employing multiple methods of data collection to gather information from one or a few entities (people, groups, or organizations)”. The case needs to have distinct boundaries and be a self-contained entity [36]. The choice of case was based on a matter of convenience; time and resource constraints, the applicability of the case in other organizations, and also the level of interest [36]. Case studies are used to focus on one instance of something being investigated and emphasizes relationships and processes, with the aim to explain the general by analyzing the particular [36]. The choice of case was based on a matter of convenience; the applicability of the case in other organizations, in this case municipalities or other public organizations and also the level of interest [36]. For this purpose, a large Swedish municipality with approximately 11000 employees was used as case study in this research. All the municipalities in Sweden work with social services, schools, emergency services, health and environmental protection, water and sewage, waste management, sanitation and planning and construction issues. They also arrange cultural and sport activities within the municipality area. The politicians of this Swedish municipality assembly take the decisions for the municipality. Apart from this assembly, there is also a Municipality Executive Committee, which is the highest executive body of the municipality. There are 20 different councils in the municipality that are responsible for ensuring that the decisions made in the municipality assembly are implemented within each department (Fig. 3). There are 14 departments in the municipality. The employees in the various departments have the task of implementing the council’s decisions in practice. The employees in the departments also provide the politicians in the Municipality Assembly with supporting documents for the decisions that the councils should make. Each department is linked to one or more councils. In this municipality, there is a department for Information and Communication Technology (ICT), which is the largest department as well. ICT managers work with various IT related inquiries and also are responsible to inform the other departments for implementing the digitization plan in the municipality that has been produced by the Municipality Assembly.
(Source: based on the governing model on the municipality’s website)
Conceptualization of the municipality governance
The data was collected in the Swedish municipality through six semi-structured interviews with IT managers. Additionally, internal documents were also used in the data collection like the digitization plan and organizational structure of the municipality’s to have multiple sources of evidence and assure data triangulation [34]. The interviewees were chosen based on non-probability sampling [36], and select the staff holding a position that could contribute with special knowledge within the area of IT governance and SaaS. The interviews were held in person at the municipality’s office. The interviewees in this study have different IT management positions. Six people within the municipality were interviewed: the CDO (Chief Digital Officer), the IT Security Manager and four ICT-managers that works in the five largest departments in the Swedish municipality. The semi-structured interviews were chosen because this type of interview is more flexible compared to structured interviews, since questions and topics can be asked in a different order than what may have been intended in the interview guide. This form of data collection also allows follow-up questions in response to the interviewee’s answers [37]. Semi-structured interviews also give the interviewee the possibility to develop ideas and speak more freely [36]. An interview guide was used during these interviews that has included questions regarding how cloud computing influence IT governance in public organizations. The interviews have lasted approximately 30–60 min. During these six interviews, repeating answers from the interviewees were received. Thus, we have considered that we reached the level of saturation, so, no more interviewees were perceived to be further conducted in this organization. The anonymity of the participants and organization in this research is not disclose as the participants’ in this study have requested. The participants, their generic positions (for anonymity), duration of the interviews, interviewees workplace and date of interviews are presented in Table 1.
All the interviews were audio recorded and transcribed in English and then analyzed using thematic analysis [38]. Thematic analysis is a data analyzing method used for systematically identifying, organizing and analyzing patterns in qualitative data [38]. When performing a thematic analysis, the data is examine in order to see and make sense of core themes that could be distinguished across qualitative data sets [37, 38]. The thematic analysis method was used in this study, because it focuses on meaning across data sets and it supports researchers in making sense of collective experiences and meaning. To analyze the data collected we have looked for keywords, codes and themes in relation with our research question and the concepts in cloud computing and IT governance. A thematic analysis was performed using Braun & Clark [38] six-phase approach of thematic analysis that are the followings: familiarizing yourself with the data, generating initial codes, searching for themes, reviewing potential themes, defining and naming themes and producing the report [38]. The six phases mentioned before have been used in performing the thematic analysis of the qualitative data collected through the interviews. The main themes identified in this study are the followings: IT governance structures, processes and relational mechanisms in the Swedish municipality; SaaS influence on the IT governance structure; SaaS influence on the IT governance processes; and SaaS influence on the IT governance relational mechanisms. A presentation of the results under the main themes in this study is included in the next section.
4 Results
4.1 IT Governance Structures, Processes and Relational Mechanisms in the Swedish Municipality
IT Governance Structure in the Swedish Municipality
The structure component addresses the importance of continuous communication within the organization to keep knowledge of current business models, technologies, management techniques and potential risks up-to date. Therefore, an IT committee can be established in order to support the communication. The municipality has continuous communication within the organization by having a formal business forum once a month. They have defined a role as Chief Digital Officer (CDO) that holds the forum and all the ICT managers from the departments in the municipality as well as others from the unit for digitalization meet to ensure that everyone is working according to the digitalization plan. The purpose of the plan is to support the departments in their work towards the IT goals of the municipality. In the business forum various overall IT related questions are discussed, e.g., operating agreements, the scorecard for the central IT unit, budget and financing issues. The participants in the forum also update each other on the most important things that are going on in their departments: “The business forum is the only forum and collaboration space we have today, although we, the ICT managers, collaborate with each other based on different needs that emerge. If I know that a department has a function, some process or is working with some specific working method that I think is good or want to know more about, then I can contact that person directly. I work in such way that I contact the person I know is relevant to the question” (Interviewee 4). Additionally a process control group for business development and digitalization is formed. The participants in the process control group will include a number of different department directors that are most closely concerned. An evaluation panel or an activity forum is linked to this process control group. The ICT managers will then act as a preparatory organ for decision making in the process control group.
IT Governance Processes in the Swedish Municipality
The Swedish municipality uses different models, frameworks and guidelines to ensure that the business and IT is effectively aligned. For almost 10 years, the municipality has used pm3 as their IT governance model, to manage business development. As a management model this depicts the stakeholders on both IT-side and business side and also the IT components to manage including the SaaS management. At this Swedish municipality, pm3 [39] also makes sure that manuals and proper education is in place for the employees. Moreover, ITIL framework is used by the organization’s operating partner, since the municipality outsourced their IT operations to their operating partner. There are also security control processes designed regarding SaaS services.
IT Governance Relational Mechanisms in the Swedish Municipality
The Swedish municipality is a large organization with many different departments and it can be difficult to keep up with developments in the other departments. The employees that manage the software’s in the departments according to pm3 have operational meetings to discuss common issues and to exchange information in general. These meetings are for sharing thoughts and knowledge between the departments and the meetings occur on a regular basis. The ICT managers in the various departments meet at the formal business forum, which is noticed as a strategic meeting. The meeting is for directing the focus and prioritization on where the municipality is heading regarding the IT that is common for all the departments across the municipality. On these meetings, ICT managers can also describe or illustrate things that they have done in their department, and if other departments finds it interesting, they often book informal meetings with key employees from that department. Even though it is up to every department in the municipality to handle their own IT, the software managers and the ICT managers in the various departments cooperate on a regular basis. The Swedish municipality practices concerning knowledge management is having formal operational meetings and formal strategic meetings, which can lead to informal meetings, in order to exercise knowledge creation, acquisition sharing and replenishment. By having these informal meetings, knowledge is shared between the employees in the different departments of this municipality.
4.2 SaaS Influence on IT Governance Structure, Processes and Relational Mechanisms in the Swedish Municipality
SaaS Influence on IT Governance Structure in the Swedish Municipality
The IT governance structure in the Swedish municipality addresses where the IT decision making authority is located. In the municipality every department controls their own IT and has their own IT budget. In the previous years, 20% of the municipality software was SaaS and approximately 80% was operated by a partner. Now, half of the software are in the cloud and half are operated by their partner. In the future years, the municipality is planning to have 80% SaaS and 20% of the software are going to be operated by their operating partner. Some departments in the municipality have adopted SaaS to a greater extent than others. This is mainly because some departments needs special software to suit their unique businesses and, in many cases, there are only a few vendors that offers this specific software. An ICT manager has stated that: “In our department we need very specific and custom made software, which are not available as SaaS solutions yet. Therefore, SaaS have not been adopted in a large scale, but we are getting there” (Interviewee 6). On the other hand, all of the interviewees consider that there are numerous advantages of having SaaS, which could be a reason to why SaaS is used in a large extent in the municipality. The reason why the remaining 20% of the software are not being moved to the cloud is also because they are large, old and complex and it is not reasonable to move them. The municipality purchases SaaS to a greater extent today because the software vendors often provide SaaS solutions over software solutions requiring physical servers. Furthermore, the municipality wants to purchase features and services that can improve the municipality’s own services. The decisions regarding IT in the departments are to be taken by the department’s business along with the ICT manager. Although, the departments are obliged to consult the City Management Office, procurement office, legal department and safety. They have to do this in order to ensure that all departments are following laws. If there are decisions that have to be taken regarding basic IT prerequisites in the municipality, e.g., common storage, then the Chief Digital Officer (CDO) has the power to make the decisions. The CDO monitors the financing of what is common for all of the Departments in the municipality, e.g., the technical platforms and the entire operating agreement. The CDO has noticed that: “It could be a good idea to anchor IT decisions with the Municipality Assembly to get a political mandate and thus convey the reasoning to the politics” (Interviewee 1). Effective IT governance can be determined by the location of the IT decision making authority and the decision-making structure can be centralized, decentralized and federal [29]. The location of the decision-making structure in the municipality is not influenced by SaaS because the municipality is governed by politicians. Since the municipality is governed by politicians, the IT decision making structure can appear to be centralized. Although, because the municipality is a large organization that consists of 14 departments that can make their own IT decisions, the federal structure is a more suitable explanation of the municipality’s IT decision making authority. The interviewees have explained that their roles and responsibilities have changed to some extent in regard to SaaS (see Fig. 4).
SaaS influence on the IT governance structures in the Swedish municipality
For example, an ICT manager considers that roles have changed in regard to the fact that SaaS is more widely used, because now as ICT manager can focus on the right things and properly work with the development of the business, “Now, with SaaS it is less work for us, and we can do other things that are more important for the business, so our responsibilities have changed” (Interviewee 4).
SaaS Influence on IT Governance Processes in the Swedish Municipality
Using pm3 model as IT governance in the Swedish municipality has created a clear distinction between business related software management and IT related software management. The IT related software management is primarily about operating management, which is no longer required if you buy SaaS because the SaaS vendor operates the software. This means that IT related software management that pm3 [39] advocates is no longer in use with SaaS. The interviewees also explain that ITIL is not either developed for purchases of SaaS solutions. According to the interviewees they do not see the need for a new model to replace pm3 [39], instead they use what is relevant in the model that can be applied to the municipality, and to adjust and customize the model to better fit the municipality. Interviewee 4 noticed that: “Pm3 is not really adapted to organizations today, but I think that the model is really good because it creates structure and order, and it also makes costs more visible and so on. So, it is a good and clear model, but it is not the best for SaaS solutions, it needs to be adapted if used” (Interviewee 4). On the other hand the municipality uses pm3 and the operating vendor uses ITIL. In addition to pm3 [39] and ITIL each department can have their own guidelines, and IT governance frameworks or processes that they follow it (see Fig. 5).
SaaS influence on the IT governance processes in the Swedish municipality
Processes, guidelines and requirements are also in place in the Swedish municipality to make sure that the security of the software that are planned to be purchased are reliable. The municipality have guidelines in place containing different security requirements that the vendors must follow. For instance, they follow ISO/IEC 27000, which is an international standard that provide guidelines regarding information security. It can be utilized to assess the security of the internal organization or the security of an external organization. The municipality use ISO/ISO 27000 requires that the vendor have effective routines in place for their own IT security and also requires that the vendor’s employees and their background are checked and that every party involved have signed a confidentiality agreement. Moreover, this municipality also demands that communications are encrypted, which is especially important when working with SaaS solutions because you can have access to the cloud wherever you are: “We do not know if the person are sitting here on our network or if he is sitting at home or wherever, so we want the SaaS solution to be encrypted, which you can get per automation” (Interviewee 2).
SaaS Influence on IT Governance Relational Mechanisms in the Swedish Municipality
The IT governance relational mechanisms of Van Grembergen & De Haes [23] framework is about collaboration, communication and participation between the business and IT department. The interviewees describe that the municipality, including all the departments, have cooperative agreements with their operating partner as well as the various SaaS vendors. In these agreements it is stated how often they should meet and what kind of expectations of proactive development there is. The City Management Office have meetings with important software vendors a couple of times per semester, at least 4 times per year. Important meaning bigger and more complex software which is used throughout the municipality or in certain departments. In these meetings, the City Management Office follow up on the vendors agreements and the content of the agreements. The City Management Office also have meetings every two week with their operating partner, this is because thousands of operating cases arises per week that needs to be followed up. The operating partner have stipulated a contract where they promise certain measuring points and delivery capacity. The meetings between the City Management Office and the operating partner is then often about overall operating issues, but also about the vendor showing that they are doing what was promised in the contract. Every department in the municipality can have their own SaaS vendor and therefore it is up to the department to have their own meetings with their SaaS vendor. Furthermore, with a SaaS solution fewer vendors needs to be involved, because the third party, the IT operating partner, is eliminated, since both the operation and software is included. This compared to the municipality having an operating partner and a software vendor, since they need to communicate and have meetings with both (see Fig. 6).
SaaS influence on the IT governance relational mechanisms in the Swedish municipality
The influence of SaaS on IT governance relational mechanisms in the Swedish municipality is that makes communication and the use of the software more efficient and time effective. Otherwise, the municipality had to go through a software operating provider and the software provider had to communicate with the operating provider, and then the municipality had to be involved in some manner: “When a third party is eliminated you avoid people putting the blame on each other. That the software provider blames the operating provider and say that the issue is not with them but with the operating provider, and then the other party says, no it is not the operation but the software, i.e. you can avoid that, which is nice.” (Interviewee 3). With the SaaS vendor the contact is more about planning, how do the SaaS vendor think, what kind of plans do they have to strategically move forward and what are the vendors planning to develop next. As example one of the interviewees has mentioned “With SaaS I believe we can plan more ahead at strategic level. We have more time to discuss development than to have to go into certain details and orders. SaaS vendors do not ask their customers if it is ok for them to replace a bad and old server. We can get this kind of question from our operating partner because they may want us to pay for it and that is a big difference between these vendors” (Interviewee 4).
5 Conclusions
This research has focused on how SaaS influence IT governance structures, processes and relational mechanisms in a Swedish municipality. The results shows that SaaS influence IT governance in different aspects like the roles and responsibilities in the ITG governance structure, making it possible for the departments in the municipality to better work with the development of the services. Moreover, ICT department have more time to focus on the development of the services in the Swedish municipality and SaaS could potentially speed up the decision-making processes in the various departments of this municipality. Apart from these findings, we have also found that there are new roles and responsibilities that are planned in regard to SaaS in the Swedish municipality that is currently investigating new forms of dialogue between the different departments regarding using SaaS. We have also found that SaaS influence IT governance processes and the IT governance model (pm3) used in the Swedish municipality needs to be adjusted if they will continue to use it. This is because pm3 is not developed for the use of SaaS. Furthermore, it will become important to follow the influence of the SaaS on the IT governance processes concerning information security like e.g. ISO/IEC 27000, in order to ensure that SaaS solutions are secure. In fact, by using SaaS in the Swedish municipality both the software and operation is included, which eliminates the need of an operating partner. This aspect influences the IT governance relational mechanisms by making the communication vender consumer more efficient. The contact with the SaaS vendor is in this case more about planning ahead which can add value for the various departments in the municipality. A limitation of this study is that the technical aspects of SaaS were not taken into account e.g. the cloud infrastructure. In order to generalize the findings of this study, a replication of this research will need to be done in other municipalities in Sweden. Cloud computing is now well spread in the public organizations in Sweden and will increase in the near future. According to ReportLinker (2019) “over 65% of Swedish organizations invest in digitization. The digitization trend is expected to continue during the forecast period, especially in the public sector. The demand is mostly driven by the adoption of new delivery models such as cloud computing, big data, and the Internet of Things (IoT)”. Therefore, the results of this research are important for both researchers in this area as well for IT decision makers in public organizations for understanding how SaaS influence IT governance and identify the effective IT governance structures, processes and relational mechanisms that create value from this cloud computing service model.
References
Kathuria, A., Mann, A., Khuntia, J., Saldanha, T.J.V., Kauffman, R.J.: A strategic value appropriation path for cloud computing. J. Manage. Inf. Syst, 35(3), 740–775 (2018)
Mell, P., Grance, T.: The NIST definition of Cloud Computing. National Institute of Standards and Technology, 53, 20011 (2011)
Van Grembergen, W., De Haes, S.: Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer, New York (2009)
Weill, P., Ross, J.W.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, Boston (2004)
Turedi, S., Zhu, H.: How to generate more value from IT: the interplay of it investment, decision making structure, and senior management involvement in IT governance. Communi. Assoc. Inf. Syst. 44, 511–536 (2019)
Rusu, L., Viscusi, G.: Preface. In: Rusu, L., Viscusi, G. (eds.) Information Technology Governance in Public Organizations - Theory and Practice. Springer International Publishing AG (2017)
Hoch, D., Payan, M.: Establishing good IT governance in the public sector, Transforming Government, McKinsey & Company, March 2008, 45–55 (2008)
Johansson, B., Muhic, M.: Relativism in the cloud: cloud sourcing in virtue of IS development outsourcing - a literature review. Int. J. Inf. Syst. Project Manage. 5(4), 55–65 (2017)
Andriole, S.: Forrester Research Gets Cloud Computing Trends Right (2019). https://www.forbes.com/sites/steveandriole/2019/11/20/forrester-research-gets-cloud–computing-trendsright/#7853d09068a2
Queensland Government: Benefits of cloud computing (2017). https://www.business.qld.gov.au/running-business/it/cloud-computing/benefits
Prieto-González, L., Tamm, G., Stantchev, V.: Governance of Cloud Computing: semantic aspects and cloud service brokers. Int. J. Web and Grid Services, 11(4), 377–389 (2015)
Jafarijoo, M., Joshi, K.D.: How do firms derive value from cloud computing investment? examining the role of information technology governance. In: AMCIS 2020 Proceedings. pp. 1–10, Association for Information Systems (2020)
Ali, S., Green, P.: IT governance mechanisms in public sector organizations: an Australian context. J. Global Inf. Manage. 15(4), 41–63 (2007)
Campbell, J., McDonald, C., Sethibe, T.: Public and private sector it governance: identifying contextual differences. Australasian J. Inf. Syst. 16(2), 5–18 (2009)
Al-Farsi, K., Haddadeh, R.E.: Framing information technology governance in the public sector: opportunities and challenges. Int. J. Electron. Govern. Res. 11(4), 89–101 (2015)
Tonelli, A.O., de Souza Bermejo, P.H., Aparecida dos Santos, P., Zuppo, L., Zambalde, L.A.: IT governance in the public sector: a conceptual model. Inf. Syst. Front. 19(3), 593–610 (2017)
Prasad, A., Green, P., Heales, J.: On governance structures for the Cloud Computing services and assessing their effectiveness. Int. J. Account. Inf. Syst. 15, 335–356 (2014)
Vithayathil, J.: Will cloud computing make the information technology (IT) department obsolete? Inf. Syst. J. 28(4), 634–649 (2017)
Schneider, S., Sunyaev, A.: Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing. J. Inf. Technol. 31(1), 1–31 (2016)
Youseff, L., Butrico, M., Da Silva, D.: Toward a unified ontology of cloud computing. In: 2008 Grid Computing Environments Workshop, pp. 1–10, IEEE (2008)
Al-Ruithe, M., Benkhelifa, E.: Analysis and classification of barriers and critical success factors for implementing a cloud data governance strategy. Procedia Comput. Sci. 113, 223–232 (2017)
Muhic, M., Johansson, B.: Cloud sourcing - next generation outsourcing? Procedia Technol. 16, 553–561 (2014)
Van Grembergen, W., De Haes, S.: Implementing information technology governance: models. IGI Publishing, Practices and Cases (2008)
IT Governance Institute (ITGI): Board Briefing on IT Governance. Illinois: IT Governance Institute (2003). https://www.oecd.org/site/ictworkshops/year/2006/37599342.pdf
Nfuka, E., Rusu, L., Johannesson, P., Mutagahywa, B.: The state of IT governance in organizations from public sector in a developing country. In: Proceedings of HICSS-42 - Hawaii International Conference on System Sciences, pp. 1–12, IEEE (2009)
Winkler, T.J.: IT Governance Mechanisms and Administration/ IT Alignment in the Public Sector: A Conceptual Model and Case Validation, Wirtschaftsinformatik Proceedings 2013, pp. 831–845. Association for Information Systems (2013)
Al Qassimi, N., Rusu, L.: IT governance in a public organization in a developing country: a case study of a governmental organization. Procedia Comput. Sci. 64, 450–456 (2015)
Bianchi, I., Sousa, R., Pereira, R., Hillegersberg, J.: Baseline mechanisms for IT governance at universities. In: Proceedings of the 25th European Conference on Information Systems (ECIS), pp. 1551–1567. Association for Information Systems (2017)
Van Grembergen, W., De Haes, S., Guldentops, E.: Structure, Processes and Relational Mechanisms for IT Governance. In: Van Grembergen, W. (ed.) Strategies for Information Technology Governance, pp. 1–36. Idea Group Publishing, Pennsylvania (2004)
Khalil, S., Fernandez, V., Fautrero, V.: Cloud impact on IT governance. In: 2016 IEEE 18th Conference on Business Informatics (CBI), pp. 255–261. IEEE (2016)
Bounagui, Y., Hafiddi, H., Mezrioui, A.: Challenges for IT based cloud computing governance. In: 2014 9th International Conference on Intelligent Systems: Theories and Applications (SITA-14), IEEE (2014)
Winkler, T.J., Benlian, A., Piper, M., Hirsch, H.: Bayer healthcare delivers a dose of reality for cloud payoff mantras in multinationals. MIS Quarterly Executive 13(4), 193–208 (2014)
Prasad, A., Green, P.: Governing cloud computing services: reconsideration of IT governance structures. Int. J. Account. Inf. Syst. 19, 45–58 (2015)
Yin, R.K.: Case Study Research: Design and Methods, 5th edn. Sage, London (2014)
Myers, M.D., Avison, D.E.: Qualitative Research in Information Systems: A Reader (Introducing Qualitative Methods). Sage Publications, London (2002)
Denscombe, M.: The Good Research Guide: For Small-scale Social Research Projects, 4th edn. Open University Press, Maidenhead (2010)
Bryman, A.: Social Research Methods, 4th edn. Oxford University Press, Oxford (2012)
Braun, V., Clarke, V.: Thematic analysis. In: Cooper, H. (ed.) The Handbook of Research Methods in Psychology. American Psychological Association, Washington (2012)
På pm3: pm3 model (2018). https://pm3.se/pm3-modellen/
ReportLinker: Sweden Asia Data Center Market - Investment Analysis and Growth Opportunities 2019–2024 (2019). https://www.reportlinker.com/p05796161/Sweden-Asia-Data-Center-Market-Investment-Analysis-and-Growth-Opportunities.html?utm_source=GNW
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Aasi, P., Nikic, J., Li, M., Rusu, L. (2020). The Influence of Cloud Computing on IT Governance in a Swedish Municipality. In: Themistocleous, M., Papadaki, M., Kamal, M.M. (eds) Information Systems. EMCIS 2020. Lecture Notes in Business Information Processing, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-63396-7_42
Download citation
DOI: https://doi.org/10.1007/978-3-030-63396-7_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63395-0
Online ISBN: 978-3-030-63396-7
eBook Packages: Computer ScienceComputer Science (R0)