Information technology governance in small and medium enterprises - a systematic mapping

Information Technology (IT) governance in small and medium-sized businesses is a subject that still requires more effort. Many of the studies that deal with this subject refer to large companies. IT governance structures, originally developed for the context of large enterprises such as COBIT, ISO/IEC 35800 or ITIL, when applied to the context of small and medium enterprises, lead to undesirable results and failures in the deployment process. The objective of this work was to perform a systematic mapping on IT governance in small and medium enterprises between 2007 and 2017. Systematic mapping studies are useful for categorizing and summarizing the existing information concerning a research question in an unbiased manner. Thus, from an initial set of 63 papers, a total of 17 research papers were selected for the mapping study. The results obtained allowed us to reach conclusions concerning the state-of-the-art of IT governance mechanisms, theories applied in the context and the consequences of IT governance. From the results of this study it was possible to perceive the low use of relational mechanisms of IT governance in the studied context, the constant need to adapt frameworks such as COBIT and ITIL, so that they can adapt to the reality of SMEs, the wide variety of theoretical approaches and the importance, for SMEs, of the concept of IT value for the business

O controlo interno nas Pequenas e Médias Empresas: uma revisão sistemática da literatura

O controlo interno tem vindo a evoluir ao longo do tempo e desempenha um papel fundamental na organização da empresa, ajudando a alcançar os objetivos estabelecidos pela gestão. No entanto, o facto de não existir um conceito universal resulta em diferentes interpretações do termo quer na literatura académica como na profissional. Nesse sentido, a presente dissertação fornece uma visão geral dos principais estudos do controlo interno nas pequenas e médias empresas (PME) através de uma Revisão Sistemática da Literatura (RSL). Foram seguidas as linhas orientadoras do PRISMA, tendo os dados sido recolhidos a partir das bases de dados ISI Web of Knowledge e Scopus. A amostra final foi de 25 artigos, publicados entre 1999 e 2020, tendo sido feita uma análise dos conteúdos dos mesmos. Conclui-se que a investigação nesta área se encontra ainda muito dispersa. No entanto, os temas mais abordados na investigação são o Efeito do Controlo Interno no Desempenho e os Componentes do Controlo Interno. Os resultados deste estudo sugerem que implementar controlos nas PME é mais difícil que nas grandes empresas, derivado da falta de segregação de funções e limitação em termos de recursos. A técnica de recolha mais utilizada foi o questionário e a técnica de análise a regressão linear. Por fim, os principais resultados permitem-nos indicar que as teorias não são muito utilizadas, tanto na literatura genérica como nos artigos que compõem a amostra. Com esta RSL pretende-se fornecer um contributo teórico para a literatura nesta área e um contributo em termos práticos para os gestores das PME, através de uma síntese das principais tendências, tais como a adoção da segregação de funções e o bom relacionamento com o seu auditor interno, passíveis de aplicar noutras organizações. As suas principais limitações estão associadas ao enquadramento teórico, dado que os estudos sobre o Controlo Interno aplicados ao contexto das pequenas e médias empresas são algo escassos, e com o facto das publicações como livros e atas de conferência terem sido excluídos, o que resultou numa amostra significativamente mais reduzida. Quanto às pistas para investigação futura sugere-se que sejam comparadas organizações com e sem controlo interno para que fique evidenciado ainda mais a sua importância para o suporte à gestão e desempenho da organização.Internal control has been evolving over time and plays a key role in the company’s organization, helping to achieve the established objectives. However, the fact that there is no universal concept results in different interpretations of the term in academic and professional literature. Therefore, this dissertation provides an overview of the main studies of internal control in small and medium-sized enterprises (SME) through a Systematic Literature Review (SLR). PRISMA guidelines were followed, and data were collected from the ISI Web of Knowledge and Scopus databases. The final sample was 25 articles, published between 1999 and 2020, and a content analysis of the articles was performed. We conclude that research in this area is still very dispersed. However, the most covered topics in the research are the Effect of Internal Control on Performance and the Components of Internal Control. The results of this study suggest that implementing controls in SMEs is more difficult than in large companies, due to the lack of segregation of duties and limited resources. The most used collection technique was questionnaires, and the analysis technique was linear regression. Finally, the main results allow us to indicate that the theories are not widely used, both in the generic literature and in the articles that make up the sample. This SLR aims to provide a theoretical contribution to the literature in this area and a contribution in practical terms for SME managers, through a synthesis of the main trends, such as the adoption of the segregation of duties and the good relationship with their internal auditor, likely to be applied in other organizations. Its main limitations are related with the theoretical framework, considering that studies on Internal Control applied to the context of small and medium-sized enterprises are somewhat scarce, and with the fact that publications such as books and conference proceedings were excluded, which resulted in a significantly smaller sample. As for the clues for future research, it is suggested that organizations with and without internal control be compared so that their importance for supporting the organization’s management and performance may be further evidenced

It governance evaluation: Adapting and adopting the COBIT framework for public sector organisations

This thesis examined the potential to develop an IT governance evaluation framework for an Australian state public sector and identified factors that would positively influence the adoption of the adapted framework. Using four linked studies the research revealed that an adapted framework for the evaluation of IT governance could be derived from best-practice models to fit the specific needs of individual organisations or sectors. The findings contribute to improving the ease of use, enhance usefulness, and increase the intent to adopt IT governance frameworks within a public sector context