Doctor of Philosophy (PhD)


Information Systems and Decision Sciences (Business Administration)

Document Type



The history of IT governance research has been dichotomous in that research either focused on the IT governance structural arrangements or the contingencies that affect IT organizational decisions. Weill and Ross’s (2004) seminal text on IT governance represents a synthesis of these two streams of research and thus establishes a new trajectory in the discourse related to IT governance. Their study included analysis from both survey data and case studies. However, the case study sites included were of large capitalized companies. Moreover, the cases were conducted prior to the mandated implementation of Section 404 of Sarbanes Oxley (SOX), which oversees the requirements for companies to ensure they have adequate controls in place to safeguard financial data and reporting. Compliance efforts with SOX have disproportionately impacted the finances of small publicly traded companies; consequently, the compliance efforts of small and medium publicly traded companies may differ from that of large companies. Most small companies have taken SOX seriously and complied with the requirements mandated by the legislation by implementing the controls that demonstrate that the organization has reasonable assurance of governance over the company’s IT function. Still other small companies have chosen to use SOX as a catalyst for systemic change throughout the company’s IT function. While the latter may seem the logical progression of a company’s IT governance effort, that is not always the case. This study seeks to understand the reasons behind why some companies extend compliance efforts to invoke positive systemic change while others only do enough to comply with regulatory requirements. Using a multiple-case methodology, this study attempts to build upon the existing body of IT governance research by examining how the aforementioned IT governance concepts discussed by Weill and Ross are manifest in small and medium publicly traded companies. Additionally, the reason(s) why or why not those concepts may be present is examined using the theoretical lens of institutional theory. Findings of the study include an identification of differences small and medium publicly traded companies and large publicly traded companies in establishing enterprise-wide IT governance.



Document Availability at the Time of Submission

Release the entire work immediately for access worldwide.

Committee Chair

Schneider, Helmut



Included in

Business Commons