ON THE EMERGENCE OF SHADOW IT - A TRANSACTION COST-BASED APPROACH

Information Technology (IT) used for business processes is not only provided by the organization´s IT department. Business departments and users autonomously implement IT solutions, which are not embedded in the organizational IT service management. This increasingly occurring phenomenon is called Shadow IT. The various opportunities and risks of Shadow IT challenge organizations and call for approaches to manage the phenomenon. An initial point to achieve measurable indications for the management is to explain why Shadow IT emerges. Therefore, this paper explores the business decision to implement Shadow IT. Based on existing research we derive that Shadow IT is created after a make-or-buy decision, which is substantiated in the Transaction Cost Theory. We deploy a triangulation approach using the methods expert interviews and multiple-case study to investigate Shadow IT emergence. Our findings identify prohibitive transaction costs in the exchange relation between business and IT departments, influnced by misalignment, as the main explanation. We conclude that the principles of Transaction Cost Theory may be applied to develop governance structures for managing Shadow IT. This strengthens the link between IT Governance and Business IT Alignment and expands the understanding of business integration within the IT domains of an organization

Causing factors, outcomes, and governance of Shadow IT and business-managed IT: a systematic literature review

Shadow IT and Business-managed IT describe the autonomous deployment/procurement or management of Information Technology (IT) instances, i.e., software, hardware, or IT services, by business entities. For Shadow IT, this happens covertly, i.e., without alignment with the IT organization; for Business-managed IT this happens overtly, i.e., in alignment with the IT organization or in a split responsibility model. We conduct a systematic literature review and structure the identified research themes in a framework of causing factors, outcomes, and governance. As causing factors, we identify enablers, motivators, and missing barriers. Outcomes can be benefits as well as risks/shortcomings of Shadow IT and Business-managed IT. Concerning governance, we distinguish two subcategories: general governance for Shadow IT and Business-managed IT and instance governance for overt Business-managed IT. Thus, a specific set of governance approaches exists for Business-managed IT that cannot be applied to Shadow IT due to its covert nature. Hence, we extend the existing conceptual understanding and allocate research themes to Shadow IT, Business-managed IT, or both concepts and particularly distinguish the governance of the two concepts. Besides, we find that governance themes have been the primary research focus since 2016, whereas older publications (until 2015) focused on causing factors

Shadow Analytics

Gartner predicts that analytics will revolutionize how we conduct business. By 2019 worldwide analytics implementation are estimated to reach $187 billion (Olavsrud 2016). Unfortunately, many internal IT departments lack the business acumen, financial resources and data science expertise to initiate analytics initiatives (Goldberg 2012). This leads functional departments, armed with use cases, trying to launch their own analytic program. We call this shadow analytics. To add insight to this shadow analytics phenomenon, this paper uses an in-depth longitudinal case study of one department’s shadow analytics initiative. Using technology affordances and constraints theory, we investigate what enables and constrains a shadow analytics initiative. This study offers practical insights to others trying to launch an analytics program and shows a shift in client vendor outsourcing projects towards, agile delivery, experimentation and failure acceptance

The Social Side of Shadow It and its Impacts: Investigating the Relationship with Social Influence and Social Presence

The use of shadow IT within organizations may offer an interesting context to analyze individual behavior in the contemporary society. Considering that social factors profoundly influence user behavior, we aim to investigate the relationship of perceived social influence and perceived social presence on shadow IT usage and its impacts based on the assumption that social factors influence individuals towards the use of shadow IT. We performed a survey among employees from different companies. The results show that shadow IT usage has a strong positive relationship with the social factors investigated here, which positively impacts employee’s work performance. Our findings suggest that shadow IT is a collective solution used and socially recognized by workgroups. In addition, we found that shadow IT can lead to optimized communication and collaboration among employees, teams or departments

Justifications for the Implementation of Shadow IT Solutions by Functional Departments in an Organisation

Background: The implementation of information technology (IT) solutions by end-users, while bypassing organisational laid-down IT acquisition and implementation processes and controls, poses a significant challenge for most organisations. This phenomenon, which is known as Shadow IT (SIT), has major financial, legal and security implications for the organisation. Studies indicate that even when organisations implement IT policy to minimise the implementation of SIT, end-users may still find innovative ways to bypass the IT department when implementing unsanctioned software. Purpose of the research: The objective of this study was to investigate how end-users (functional departments) who implement SIT in organisations justify their actions. The term Justification refers to the techniques employed by a social actor to indicate that their deviant behaviour is actually reasonable. Understanding justifications for SIT is essential for IT managers since they can understand them as justification and not confuse them with other phenomena and at the same time they can devise appropriate strategies to counter them. IT Managers who are not aware of the justifications for SIT may implement measures which may not be effective in curbing the phenomena. Design/Methodology/approach: The study adopted an interpretivist approach. The study was guided by the 'Neutralisation Theory’ from the social deviance discipline. The study examined whether an organisation had an IT policy which prevents end-users from implementing SIT, and also assessed the 'Neutralisation’ techniques employed by end-users to justify SIT. The study adopted a case study approach based on a South African office of a multinational organisation. The study collected data through (i) semi-structured interviews with end-users from different functional departments who were involved with implementation of SIT and (ii) documentation (IT policy and email correspondences). The study adopted the purposeful sampling (snowball) technique to target the employees who were involved with the implementation of SIT. A total of 13 respondents were interviewed. The data was analysed using thematic analysis approach. Findings: The organisation did not have an IT policy which prevented functional departments from implementing SIT. Instead, it had a policy which allowed functional departments to implement their own IT solutions as long as they inform the IT department to assess the software application for potential risks and compatibility with the existing landscape. Most respondents did not use Neutralisation techniques to justify the implementation of SIT due to the policy which allowed them to implement their own IT solutions. Nevertheless, the respondents who employed Neutralisation techniques mainly used Denial of responsibility, Denial of injury and Appeal to higher loyalties to justify SIT. Originality/contribution: The study contributed to the justifications of SIT literature when it explored the concept of SIT in a corporate company setting - as opposed to earlier studies that used quantitative methods and experiments when exploring the concept of SIT. The study also makes a further contribution to literature by investigating SIT in an environment where functional departments are allowed to implement their own IT solutions - this was not explored by previous studies on Justification of SIT. The study also contributes to the practice where there is a need by IT management to minimise SIT by providing awareness of Neutralisation techniques which may be employed by functional departments to justify SIT. Through the understanding of the Neutralisation techniques, IT managers could make sound decisions when implementing measures to minimise SI

Shadow Systems, Risk, and Shifting Power Relations in Organizations

Drawing on notions of power and the social construction of risk, we build new theory to understand the persistence of shadow systems in organizations. From a single case study in a mid-sized savings bank, we derive two feedback cycles that concern shifting power relations between business units and central IT associated with shadow systems. A distant business-IT relationship and changing business needs can create repeated cost and time pressures that make business units draw on shadow systems. The perception of risk can trigger an opposing power shift back through the decommissioning and recentralization of shadow systems. However, empirical findings suggest that the weakening tendency of formal risk-management programs may not be sufficient to stop the shadow systems cycle spinning if they fail to address the underlying causes for the emergence of shadow systems. These findings highlight long-term dynamics associated with shadow systems and pose “risk” as a power-shifting construct

Shadow IT Use, Outcome Effects, and Subjective Performance Evaluation

Abstract: The use of shadow IT (information technology systems not sanctioned or monitored by a company’s IT department) may be seen as either a form of organizational misbehavior or proactive and creative problem-solving. We examine whether these differing possible perceptions have implications for the subjective evaluation of subordinate performance. In our experiment, participants choose whether to award a bonus to an employee when different IT systems are used (normal vs. shadow IT) across different outcome levels (high vs. low outcomes). We find that employees using shadow IT are less likely to receive the bonus in both high and low outcome conditions relative to employees using the normal IT system. Our results suggest that shadow IT usage is more likely to be viewed as organizational misbehavior and to cast a negative light on employee performance

A benefit dependency network for shadow IT adoption

Shadow information technology (SIT) revolves around systems that are hidden but still are managed by the same business entities. It consists on the use of devices, software, systems and applications without information technology (IT) department approval. Employees use IT without the knowledge of the IT department and this creates a gap in communication, as the IT department looses the knowledge of the reality within the company. However there are benefits envolved. In order to take advantage of those benefits, change has to be implemented in the way business activities are handled. The benefits should be a direct effect of change, of the difference between the ongoing and suggested way that activities are done and the efficiency and effectiveness to which people deliver on their daily tasks. The objective of this study is to propose a benefit dependency network (BDN) for SIT, through its concepts sinthetize our findings and specify connections between SIT practices and its benefits. With an understanding of the BDN and the benefits of SIT it is easier to have a better notion of the implications and the factors involved in order to assist in the decision making process. Either an organization wants to reach inovation, increase revenue, retain clients, the BDN helps with analysis and selection and is something organizations should take seriously, as it is essential to have knowledge on what the benefits there are and how they can be reached.Shadow information technology (SIT) aborda sistemas que estão ocultos mas são geridos e utilizados pelas diversas entidades de negócio. Consiste no uso de dispositivos, software, sistemas e aplicações sem a aprovação do departamento de informática – information technology (IT). A maioria dos trabalhadores utiliza este tipo de aplicações sem o conhecimento do departamento de IT e isto cria uma lacuna na comunicação, fazendo com que o departamento de IT perca a real noção da situação da companhia, no entanto existem benefícios envolvidos. De forma a tomar vantagem desses benefícios, deve ser implementada uma mudança na maneira em que as actividades de negócio são realizadas. Os benefícios devem ser efeito directo de mudança, da diferença entre o modelo corrente e sugerido de fazer o negócio, assim como na eficiência e eficácia com que o staff desenvolve o seu trabalho com sucesso. O objectivo deste estudo é propor uma benefit dependency network (BDN) para shadow IT e, através dos seus conceitos sintetizar as nossas descobertas e especificar conexões entre práticas de SIT e seus benefícios. Com percepção da BDN e dos benefícios de SIT é possível ter uma melhor noção das implicações e factores envolvidos, facilitando assim o processo de tomada de decisão. Quer a organização queira atingir a inovação, aumentar lucros, reter clientes, a BDN facilita no processo de análise, de escolha e deve ser algo que as organizações devem levar a sério pois é essencial haver conhecimento sobre que benefícios existem e como os atingir