See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/332200071

Critical Success Factors for Data Governance: A Theory Building Approach

Article  in  Information Systems Management · April 2019

DOI: 10.1080/10580530.2019.1589670

CITATIONS READS

11 3,071

3 authors:

Ibrahim Alhassan David Sammon

Saudi Electronic University University College Cork
8 PUBLICATIONS   84 CITATIONS    132 PUBLICATIONS   1,018 CITATIONS   

SEE PROFILE SEE PROFILE

Mary Daly
University College Cork
8 PUBLICATIONS   89 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Exploring the Information Behaviour of Expectant and New Mothers: A Longitudinal Study View project

All content following this page was uploaded by Ibrahim Alhassan on 11 June 2019.

The user has requested enhancement of the downloaded file.

 Information Systems Management

ISSN: 1058-0530 (Print) 1934-8703 (Online) Journal homepage: https://www.tandfonline.com/loi/uism20

Critical Success Factors for Data Governance: A

Theory Building Approach

Ibrahim Alhassan, David Sammon & Mary Daly

To cite this article: Ibrahim Alhassan, David Sammon & Mary Daly (2019): Critical Success
Factors for Data Governance: A Theory Building Approach, Information Systems Management,
DOI: 10.1080/10580530.2019.1589670

To link to this article: https://doi.org/10.1080/10580530.2019.1589670

Published online: 03 Apr 2019.

Submit your article to this journal

Article views: 3

View Crossmark data

Full Terms & Conditions of access and use can be found at

https://www.tandfonline.com/action/journalInformation?journalCode=uism20
INFORMATION SYSTEMS MANAGEMENT
https://doi.org/10.1080/10580530.2019.1589670

Critical Success Factors for Data Governance: A Theory Building Approach

Ibrahim Alhassana, David Sammonb, and Mary Dalyc
a
Assistant professor of E-commerce, Saudi Electronic University, Riyadh, Saudi Arabia; bProfessor of Information Systems, Cork University
Business School, Cork, Ireland; cLecturer of Information Systems, Cork University Business School, Cork, Ireland

ABSTRACT KEYWORDS
The objective of this research study is to present the critical success factors (CSFs) for data Data governance; CSFs; case
governance (DG). This paper reports on a single case study where data are gathered through study; open coding; axial
semi-structured interviews following the CSF approach and analyzed by applying open, axial, and coding; selective coding
selective coding techniques. The findings are presented as seven CSFs, which are ranked in order
of importance. Furthermore, we highlight the need to better understand the relationships (inter-
connectedness) between the CSFs.

Introduction number of papers have examined the critical success

factors (CSFs) for data governance. This research aims
Thinking about data strategically is a problem for many
to contribute to the body of knowledge by inductively
organizations today. Governing data has become vital
identifying the CSFs for data governance, following the
in running a business successfully, for data to be treated
building theory from case study research approach
as a valuable asset (Khatri & Brown, 2010; Otto, 2015).
proposed by Eisenhardt (1989).
In recent years, the volume of data used within organi-
The remainder of this research paper is organized as
zations has increased dramatically, playing a critical
follows. Section 2 highlights the literature related to data
role in business operations (Tallon, Ramirez, & Short,
governance to aid understanding of its concepts. Section 3
2013). In particular, data influence both operational
outlines the research methodology and explains the
and strategic decisions. It is argued that a lack of trust
research approach and data gathering and analysis techni-
in data can lead to the wasting of up to 50% of knowl-
ques used. Section 4 presents the CSFs identified for data
edge workers’ time, spent “hunting for data” (Redman,
governance, together with detailed descriptions and
2013, p. 4), whereas, when “data is trusted, it gets
a reflection on the data governance literature. Finally, sec-
shared”, which can drive higher returns on data invest-
tion 5 presents the concluding remarks and areas of further
ments (Information Builders, 2014, p. 8). However,
research around the interconnectedness of the CSFs.
a recent study by Holt, Ramage, Kear, and Heap
(2015) indicated that 45% of the participants, who
were from the global community of data-base and Data governance background
data professionals, did not have data governance poli-
Data governance has received much attention in both
cies in place. Hence, we argue that data governance
academic and practitioner communities. The concept has
requires more attention from both academics and
been developed over the last ten years whereby data are
practitioners.
considered as valuable assets and as a strategic function
Although data governance is considered to be
within the organization’s structure and are thus placed
a relatively emerging subject (Kamioka, Luo, &
under corporate governance (Vayghan et al., 2007;
Tapanainen, 2016; Rasouli, Eshuis, Trienekens,
Wende, 2007). Data governance focuses on who holds
Kusters, & Grefen, 2016), several researchers have pro-
the decision rights related to data assets in an organization
posed different data governance models (c.f. Khatri &
(Khatri & Brown, 2010; Otto, 2011) in order to ensure the
Brown, 2010; Otto, 2011; Panian, 2010; Weber, Otto, &
quality, consistency, usability, security, privacy, and avail-
Österle, 2009; Wende, 2007). These researchers help in
ability of the data (Cohen, 2006; Panian, 2010).
our understanding of the data governance subject and
Rau (2004, p. 35) refers to governance as “the way
in shaping its boundaries. However, only a limited
the organization goes about ensuring that strategies are

CONTACT Ibrahim Alhassan [email protected] Saudi Electronic University

© 2019 Taylor & Francis
2 I. ALHASSAN ET AL.

set, monitored, and achieved”. Horne (1995) connected appropriate research design to apply when exploring
governance with the optimal use of assets and outlined CSFs by conducting a case study (Koh, Gunasekaran, &
how data as an asset drives the importance of the Goodman, 2011). Many scholars have investigated and
governance of data within an organization. The concept explored CSFs in certain IS domains and applied qualita-
of data as an asset emerged with a report by the Hawley tive methods using either single case or multiple case
Committee in 1994, which defined data assets as “data study designs (e.g., Butler & Fitzgerald, 1999; Guynes &
that is or should be documented and that has value or Vanecek, 1996; Sammon & Adam, 2008).
potential value” (Oppenheim, Stenson, & Wilson, 2003,
p. 159). Therefore, the main driver of data governance
is the consideration of data as an asset in an organiza-
Case background
tion (Panian, 2010).
Several data governance models have been proposed Al Rajhi Bank was founded in 1957 and is considered to
which enable us to understand the boundaries of data be one of the largest Islamic banks in the world, with total
governance and related functions (Cheong & Chang, assets of US$80 billion, paid-up capital of US$4.33 billion
2007; Guetat & Dakhli, 2015; Khatri & Brown, 2010; and an employee base of over 9,600 associates (Alrajhi
Lajara & Maçada, 2013; Otto, 2011b; Vayghan, Bank, 2017). With over 58 years of experience in banking
Garfinkle, Walenta, Healy, & Valentin, 2007; Wende and trading activities, the various individual establish-
& Otto, 2007). ments under the Al Rajhi name were merged under the
In our recent study (Alhassan, Sammon, & Daly, umbrella of ‘Al Rajhi Trading and Exchange Corporation’
2018), we analyzed academic and practitioner publica- in 1978 and it was in 1988 that the bank was established as
tions on data governance and proposed a universal data a Saudi share-holding company. With an established base
governance activities model. This model is a guide to in Riyadh, Saudi Arabia, Al Rajhi Bank has a vast network
understanding data governance-related concepts and of over 500 branches, over 118 dedicated women’s
boundaries reported in the literature. The data govern- branches, more than 4,100 ATMs, 46,000 point-of-sale
ance activities were mapped against three actions: terminals installed with merchants, and the largest custo-
define, implement, and monitor. Our analysis shows mer base of any bank in the Kingdom of Saudi Arabia, in
a lack of research around data governance, particularly addition to 170 remittance centers across the kingdom
in the implementation and monitoring actions. There is (Tadawul, 2017).
more focus in the literature on the defining action, Al Rajhi Bank recorded net income profits of US
which indicates a somewhat embryonic understanding $2,166 million in 2016. The bank operates in multiple
of data governance. segments and continues to grow through the diversifi-
Following on from our literature analysis work, we cation of income resources and development of the
needed to understand how governance is actually exe- investment and corporate banking sectors, which are
cuted within practice. Therefore, we decided to follow built on a strong retail banking base.
an indicative approach to build theory from a case Internationally, Al Rajhi Bank currently has 24
study. As part of our exploratory approach to this branches in Malaysia. It also started operations in
research, this afforded us the opportunity to compare Kuwait in 2010 with a fully-fledged branch offering retail
the results of our literature analysis work (Alhassan and corporate banking solutions. In addition, the bank
et al., 2018) with the CSF identified from our empirical started activities in Jordan in 2011, offering its customers
work. In the next section, we provide a detailed descrip- innovative and comprehensive banking products and ser-
tion of our research approach to building theory. vices to help them enhance their lifestyles. The bank now
has six branches in Jordan, through which it serves the top
three occupied districts in Jordan.
Research methodology
This case was selected because Al Rajhi bank deals with
The theory building research strategy proposed by large volumes of data which is distributed across different
Eisenhardt (1989) provides a clear process for conducting systems and geographical areas. Also, in the banking
research that aims to build theories from one or more case industry, data governance is considered to be a vital func-
studies. According to Eisenhardt (1989), the main driver tion in the organization as they deal with financial data as
for building theory from a case study is when little is well as sensitive customer data and operate in a highly
known about a phenomenon and, therefore, the process regulated environment. Within Al Rajhi bank, some stor-
does not rely on previous literature or prior empirical ies were considered to be successes and others as failures,
evidence. Hence, interpretive qualitative research is an which can be valuable to our research.
 INFORMATION SYSTEMS MANAGEMENT 3

Data gathering Table 1. List of interviewees’ positions and related section (IT or
business) and interview duration.
The CSF approach was introduced by Rockart (1979), IT/ Interview duration
who defined CSFs as the “areas of activity that should Position Business (minutes)
receive constant and careful attention from manage- Product Manager for Mobile Banking Business 60
Head of Remittance Business 70
ment” (p. 85). The CSFs approach has been widely Head of Government Relations Business 30
investigated and used in information systems (IS) Department
Head of Alternative Channels Business 50
research and in practice over the last three decades Head of Call Centre Business 60
(Shah, Braganza, & Morabito, 2007; Tan, Catersteel, & Head of Data Cleansing Project Business 70
Head of Internet and Mobile Banking Business 60
Toleman, 2009) and remains a valid research method Product Manager Business 40
for making sense of a problem by identifying potential Head of MIS & HR Payments Business 70
Head of Risk Systems & Data Business 70
factors that influence a community of practice (Caralli, Governance
Stevens, Willke, & Wilson, 2004; Lam, 2005). (1) Senior Systems Analyst (Data IT 40
Warehouse)
Interviews are considered the most appropriate data (2) Senior Systems Analyst (Data IT 40
gathering technique for collecting rich and detailed Warehouse)
Senior Systems Analyst (Internet IT 60
data from industry experts (Koh et al., 2011). Banking)
Interviews are subject to the amount of control utilized Oracle Analyst IT 60
Head of IT Risk IT 30
by the researcher during the interview and the degree
of structure required (Esterberg, 2002). In terms of
identifying CSFs, Rockart (1979) suggests conducting conducted in two different periods. The researchers
separate interviews with executives individually. The decided to stop interviewing more people at the point
interviews conducted for this research were aimed at at which information started to be repeated and the
identifying the business goals that indicate CSFs. material collected was sufficiently rich to reveal the data
Therefore, this research employed semi-structured governance story in Al Rajhi Bank.
interviews, which enabled the researchers to explore All the interviews were started with an introduction
the CSFs for data governance. We developed a data of the research objective. Each interviewee was then
collection procedure based on the CSF approach in asked to begin talking about the data-related activities
Rockart (1979) (Figure 1). in his/her department, which led to the identification of
Fifteen individual semi-structured interviews were the CSFs for data governance. In many cases, the inter-
conducted at Al Rajhi Bank with personnel at the viewer explained the data governance programme from
managerial levels of both business and IT departments the perspective of the five decision domains (c.g. Khatri
(see Table 1 for a list of the interviewees’ positions and & Brown, 2010) to make sure the interviewee under-
the duration of the interviews). These interviews were stood the meaning of data governance. During the

Figure 1. Data gathering approach.

4 I. ALHASSAN ET AL.

interviews, the interviewer attempted to keep the dis- and Corbin (1990) state that the concepts that appear to
cussion to data-governance-related topics in order to be similar are grouped together under a higher-order,
maintain the interview focus. more abstract concept called a category.
Some of the interviews were conducted in Arabic The second reading of the data is considered during
and others in English, depending on the English- axial coding (Dezdar & Sulaiman, 2009), which is per-
language level of the interviewee. All the interviews formed simultaneously with open coding
were transcribed word-by-word and those conducted (Bhattacherjee, 2012; Strauss & Corbin, 1990). During
in Arabic were translated into English by a third party this stage, the categories are refined in order to be
in order to avoid bias. The transcripts were then linked in the form of relationships. Strauss and
reviewed with the recording in order to supply any Corbin (1990) suggest that, in order to identify the
missing words. Finally, due to the transcripts having relationship between data, a paradigm model should
been translated, they were reviewed to ensure that they be used that consists of causal conditions, the phenom-
were true to the meaning of the original interview. enon, the context, intervening conditions, action/inter-
action strategies, and consequences. Using this model
enables the researcher to think systematically about the
Data analysis data in order to relate them (Strauss & Corbin, 1990).
Qualitative data analysis is not well formulated (Miles, Finally, selective coding begins when researchers iden-
1979), and there are probably as many approaches as tify a potential core category (Tan et al., 2015), focusing
there are researchers (Eisenhardt, 1989). In addition, then on the core categories and related categories that
the emphasis of qualitative data analysis is on “sense accrued in the axial coding. This involves comparing the
making” (Bhattacherjee, 2012, p. 113), so a coding tech- core categories with the raw data by telling the story of the
nique by Strauss and Corbin (1990) was adopted in this core categories that emerge (Strauss & Corbin, 1990).
research in a way that serves the purpose of the For this research, after preparing all the interview
research objective. Coding is one of the techniques transcripts, the data analysis was commenced by read-
widely used in analyzing qualitative data in order to ing each transcript sentence by sentence and following
build theory from a case study (Buchwald, Urbach, & an open coding technique. After coding the first two
Ahlemann, 2014; Tallon, Ramirez, et al., 2013; Tan, interviews, axial coding was commenced in an iterative
Pan, Lu, & Huang, 2015). In the following data analysis, manner as categories started to emerge (see Figure 2).
there are, as outlined by Strauss and Corbin (1990), The five decision domains identified by Khatri and
three types of coding: open, axial, and selective (see Brown (2010), were used to break down the phenom-
Table 2). These coding techniques aim to generate enon into paradigm models (see Figure 3: Paradigm
concepts from field data (Walsham, 2006). According model constructs) in order to clarify the relationships
to Strauss and Corbin (1990, p. 57), coding “represents between the categories that emerged during the open
the operations by which data are broken down, concep- coding analysis. Therefore, the axial coding procedure
tualized, and put back together in new ways”. resulted in five paradigm models that identify the rela-
Open coding is a process that aims to identify the tionships between the categories. The researchers were
concepts or key ideas that are hidden within data that then able to identify selective coding for the core cate-
are likely to be related to the phenomenon of interest gories and validate the concepts that emerged in an
(Bhattacherjee, 2012). Concepts and categories are gen- iterative manner. The core categories are considered
erated in the open coding stage (Glaser, 1992). Strauss later as CSFs for data governance.
The five decision domains identified by Khatri and
Brown (2010), namely, p. 1) data principles, 2) data
Table 2. Open, axial, and selective coding definitions by Strauss
and Corbin (1990). quality, 3) metadata, 4) data access, and 5) data life
Coding cycle (see Table 3) are used as an initial lens to identify
technique Definition the CSFs for data governance.
Open coding “The process of breaking down, examining, comparing, Some of the categories that emerged are associated
conceptualizing, and categorizing data” (p. 61).
Axial coding “A set of procedures whereby data are put back together in with more than one decision domain, due to the con-
new ways after open coding, by making connections text of the original concepts. For example, the category
between categories. This is done by utilizing a coding
paradigm involving conditions, context, action/interactional
‘Employee awareness’ was associated as a causal condi-
strategies and consequence” (p. 96). tion of ‘Data principles’ where one of the interviewees
Selective “The process of selecting the core category, systematically
coding relating it to other categories, validating those
stated the following in a general comment about data
relationships, and filling in categories that need further governance: “Our people here are well educated, but do
refinement and development” (p. 116). they have the concepts of how to work on data
 INFORMATION SYSTEMS MANAGEMENT 5

Open Coding Axial Coding Selective Coding

Validation

Figure 2. Open, axial, and selective coding iterative process.

Figure 3. Paradigm model constructs.

Table 3. Decision domains for data governance (Khatri & the context of the data quality level that “there was no
Brown, 2010). awareness and 90% of the problem is that the employee
Data principles “Clarifying the role of data as an asset” doesn’t have awareness”.
Data quality Metadata Data life cycle From coding the 15 interviews, it was found that the
“Establishing the “Establishing the “Determining the
requirements of semantics or definition, production, majority of the concepts were associated with ‘Data
intended use of “content” of data so retention and retirement quality’ as a decision domain for data governance, as
data” that it is of data”
interpretable by the can be seen in Figure 4. This is not surprising, as data
users” quality is considered a fundamental element of a data
Data access
“Specifying access governance programme. This is followed by ‘Data prin-
requirements of ciples’, whereby the strategic initiatives are associated
data”
with the overall data governance programme.
The coding procedure for the 15 interviews resulted
governance? No, they don’t”. In contrast, in another in 345 concepts that related to data governance. The
interview, the category ‘Employee awareness’ was asso- 345 concepts generated 89 categories. Using the para-
ciated with ‘Data quality’ when the interviewee stated in digm models, the researchers identified the

Figure 4. Frequency count of the categories associated with each of the five decision domains.
6 I. ALHASSAN ET AL.

relationships between the 89 categories, which enabled Table 4 shows the seven CSFs for data governance
the creation of seven core categories during the selec- ranked based on the frequency count of the concepts they
tive coding phase. Figure 5 illustrates the data coding reflect. The number of concepts represents the emphasis of
procedure together with examples of concepts, category each interviewee on a certain aspect of data governance.
relationships, and the core category, namely, ‘employee Although this might indicate the importance of one con-
data competencies’ and its cause and action/interaction. cept in comparison with others, it might also show a lack of
shared understanding as to the most important concepts
Findings associated with a successful data governance programme.
For example, our analysis shows that the concepts relating
CSFs for data governance
to the “clear data processes and procedures” CSF have been
This subsection discusses the CSFs identified as a result of coded more than those relating to the CSF “focused and
the five paradigm models and the selective coding find- tangible data strategies”. In fact, our observations (during
ings. Seven core categories emerged that are considered to the interviews) is that the interviewees’ discussion related
be CSFs for data governance: 1) Employee data compe- more to the aspects missing from the data governance in
tencies, 2) Clear data processes and procedures, 3) their daily work that caused a lack of trusted data.
Flexible data tools and technologies, 4) Standardized easy- The CSFs are associated with the most obvious
to-follow data policies, 5) Established data roles and causes and subsequent actions/interactions. Causes are
responsibilities, 6) Clear inclusive data requirements, 7) positive or negative things that could potentially be
Focused and tangible data strategies. considered CSFs, whereas the actions/interactions are

Concept #1: Many of the

Excerpt: For example, the English name field is left to the
employees don’t have a
clerk’s sensibilities in terms of the spelling, and many of
good understanding of
them don’t know English very well.
the English language
Open coding

Concept #2: Certain

Excerpt: The clerk has certain competencies.
competencies

Concept #3: Teaching

Excerpt: So, as I said, it should be solved by teaching the
the policy and procedure
procedures and policies to the employees.
to employees

Concept #4: Educate Excerpt: Hence, the business people should do the
business people in data governance of the data and they have to be educated about
governance it.

Concept #1: Many of the

employees don’t have a good Paradigm model
Category #1: Employee understanding of the English Employee competency
competency levels language. level is a causal condition
Axial coding

Concept #2: Certain for data quality.

competencies.
Concept #3: Teaching the
policy and procedure to Paradigm model
Category #2: Employee employees. Training is an
training Concepts #4: Educate the action/interaction for data
business people on data quality.
governance.
Selective coding

Cause: Employee competency level

Core category #1:
Employee data
competencies
Actions: Employee training

Figure 5. Example of the data coding procedure for the ‘Employee data competencies’ CSF.
 INFORMATION SYSTEMS MANAGEMENT 7

Table 4. CSFs for data governance associated with main causes data entry depends on a certain level of employee capabil-
and actions/interactions. ities and awareness of data processes and procedures. In
Critical success addition, due to the sensitivity of banking data and privacy
Rank factor Cause Action/interaction
requirements, our analysis highlighted the importance of
1 Employee Questionable employee Increase employee
data competency level and awareness and increasing employee awareness around viewing and mod-
competencies top management training. ifying the data from both business and IT departments in
awareness.
2 Clear data Significant manual data Have appropriate data order to avoid the misuse of customers’ information.
processes and entry. processes and Different actions/interactions are recommended in
procedures procedures and embed
them into the systems. order to ensure appropriate employee data competen-
3 Flexible data Data integration and Have appropriate IT cies. The most important action/interaction is ‘train-
tools and ability to embed data infrastructure and
technologies policies, processes, and integrated data. ing’, such as continuous training in dealing with and
procedures. implementing data policies as well as data processes
4 Standardized Lack of clear data Embed data policies
easy-to-follow policies into the systems.
and procedures, and includes internal and external
data policies training. For example, the bank addresses data entry
5 Established Unclear roles and Assign a committee for
data roles and responsibilities. data governance and
problems by building up a team responsible for training
responsibilities define the data the operations and branch managers, as stated by one
owners. of the executive managers of a data cleansing project:
6 Clear inclusive Understanding of data Have the right data
data requirements and requirements and “We have built a training team from the CIF
requirements communication issues. comply with Department who are specialists in this field. They trained
regulations.
7 Focused and Understanding the Consider data as the operations managers and branch managers”. It is
tangible data importance of the data. a strategic element also vital to increase employees’ awareness of the criti-
strategies and management
reinforcement of this cality of data in terms of entering the right information,
ethos. as well as when accessing sensitive material.
In comparison with the data governance literature,
a limited amount of research has focused on employ-
the things that are recommended to be performed in ees’ competencies in data governance (Alhassan et al.,
order to address the CSFs. These causes and actions/ 2018). The research focuses mainly on the other
interactions are abstracted from the original results of activities that need to be undertaken to introduce
the axial coding. In the next section, each of the seven a data governance programme, such as the data gov-
CSFs (see Table 4) is described in greater detail in order ernance structure and the roles involved (c.f. Weber
to clarify the meaning and boundaries of each sta- et al., 2009). However, a few publications offer
ted CSF. a single sentence recommending conducting some of
these activities. For example, Cheong and Chang
CSF #1: employee data competencies (2007) state, within the context of explaining the
The employee data competencies CSF covers data gov- responsibilities of the role of ‘Data Steward’, that
ernance activities that involve human action and is, “They manage user group meetings, train and educate
based on our case analysis, the highest-ranked CSF for data users” (p. 1005). Therefore, from a practical
data governance. Employee data competencies directly point of view, employees’ competencies play
impact the defining, implementing, and monitoring of a critical role in introducing a data governance pro-
data processes and procedures, as well as data policies gramme, which suggests that researchers need to
and data requirements. Thus, it determines an employ- focus attention on the competencies required for con-
ee’s ability to handle these data governance activities. ducting a data governance programme and how to
The competencies of all employees, from senior execu- acquire these skills.
tives to entry-level workers, are important due to their
involvement in various data governance activities at various CSF #2: clear data processes and procedures
points in time. For example, establishing an overall data Based on our analysis, clear data processes and proce-
governance strategy requires certain top managers to have dures ranked second in importance as a CSF for data
certain competencies. Based on our analysis, such compe- governance. This is not surprising, as the bank gener-
tencies would be needed to treat data as a strategic asset. ally has data policies in place which should be detailed
Furthermore, dealing with data entry and access also and operationalized during activities related to data
requires employees to have a minimum set of capabilities processes and procedures. Therefore, clear data pro-
and a certain level of awareness with regard to handling the cesses and procedures are evenly coded among the
organization’s data. For example, the practice of manual five decision domains, apart from metadata. This
8 I. ALHASSAN ET AL.

includes all the detailed activities related to data flow, that affect the data in an organization, including the
data integration, data authorization processes, data vali- presentation and storage of data. Flexible data tools and
dation, and more. technologies were, according to our analysis, coded
The absence of data processes and procedures resulted among all five decision domains. However, the majority
in doubts relating to trusting the data. This is due to of the codes were associated with the data life cycle, as it
different reasons, one of which is knowing that there are involves decisions relevant to the operationalizing and
no clear data processes and procedures, as stated by one processing of the data throughout different systems.
interviewee: “When a person gets the data, they assume the Our analysis shows a significant impact of flexible data
wrong intention, and the reason for that is that there are no tools and technologies on other CSFs, such as “standar-
clear procedures for the data”. Another reason is missing dized easy-to-follow data policies”, as well as “clear data
a part of the data processes and procedures, such as data processes and procedures” in terms of embedding them
testing. For example, when establishing a new product in into the right system with the correct format. This
the bank, the resulting data are not tested enough to have includes, for example, making some fields mandatory or
the proper report, as stated by the department responsible having an automated validation method. The tools and
for evaluating the result of each product in different technologies also involve the implementation of “clear
branches: “our problem is that we start to use data before inclusive data requirements”. Therefore, having strong
we run the right test on it”. data tools and technologies enables other CSFs.
Based on our analysis, different actions/interactions Having appropriate IT infrastructure and integrated
are recommended in order to achieve effective data pro- data is recommended to address flexible data tools and
cesses and procedures in the bank. At the top of these technologies. This includes setting up advanced technol-
actions/interactions is ‘Embedding the data processes and ogies that enable data integration in order to automate
procedures into the system’, such as when an interviewee the validation of the data. As stated by one interviewee:
was talking about the processes of attaching the right “Frankly, the solution is that we get more automated tools
documents: “That would be facilitating the processes itself, to capture this data. That way, it’s automated or verified
when you scan or photocopy the customer’s ID and then from a reliable source”. In addition, it is recommended
attach it to his file, it’s expected that the fields become that systems should be thoroughly tested through
embedded in the system”. This includes considering man- a testing procedure, as well as flexible enough to incor-
datory fields, validation methods, and other data flow porate future changes. It is important to take into
requirements. Finally, the current processes and proce- account the privacy and availability of the data while
dures need to be re-checked and updated, as stated by the integrating internal and external systems.
Head of Alternative Channels: “Also, you will find the In comparison with the literature, our analysis of the
manual data processes require re-checking”. case study is in line with work that reports issues of data
One of the main focuses in data governance literature is tools and technologies. The majority of the publications
data processes and procedures, as they play a critical role in on data governance consider data tools and technology
governing data (c.f. Alhassan et al., 2018; Panian, 2010). as fundamental elements of implementing a data govern-
Although data processes and procedures should be defined, ance programme (c.f. Watson, Fuller, & Ariyachandra,
implemented, and monitored for all the different aspects of 2004; CDI Institute, 2006; Larkin, 2008; Reeves &
data flow and use (Cheong & Chang, 2007; Lomas, 2010; Bowen, 2013; Tallon, Short, & Harkins, 2013) and, spe-
Panian, 2010; Silic & Back, 2013; Wood, 2013), some pub- cifically, for metadata (Khatri & Brown, 2010; Panian,
lications emphasize data processes and procedures for cer- 2010), data integration (Tallon et al., 2013), and data life
tain aspects, such as data quality (c.f. Wende, 2007; Bowen cycle (Khatri & Brown, 2010). This shows the alignment
& Smith, 2014), data access (c.f. Rosenbaum, 2010), and of data governance with IT governance aspects by con-
data recording and storage (c.f. Khatcherian & Jefferson, sidering the related tools and technologies that affect the
2009). Hence, from the two perspectives of the prior litera- success of the implementation of a data governance
ture and our case study, clear data processes and procedures programme. Hence, it is suggested that more studies be
are considered a fundamental element of successfully conducted to investigate strategies for the alignment of
implementing a data governance programme. This shows data governance and IT governance in order to better
maturity in understanding the importance of establishing understand data-related tools and technologies and the
clear data processes and procedures. decisions associated with them.

CSF #3: flexible data tools and technologies CSF #4: standardized easy-to-follow data policies
Flexible data tools and technologies consist of all the Standardized easy-to-follow data policies play
activities related to dealing with software and hardware a fundamental role as a CSF for data governance.
 INFORMATION SYSTEMS MANAGEMENT 9

Data policies are viewed as short statements that pro- for data access (Fu, Wojak, Neagu, Ridley, & Travis,
vide the high-level guidelines and rules necessary for 2011; Rosenbaum, 2010). This can draw attention to
dealing with data. Our analysis shows that standardized the importance of compliance with regulatory frame-
easy-to-follow data policies are associated with all five works as well as data access policies as critical activities
decision domains, particularly with data principles. for establishing a data governance programme.
Furthermore, data access is reliant on data policies
existing especially for banking data, since banks deal CSF #5: established data roles and responsibilities
with critical data that requires a high degree of privacy. Established data roles and responsibilities should also
Based on our analysis, the absence of data policies be considered in the context of data governance. It is
for certain data made employees uncomfortable about important to identify the individual(s) responsible for
making decisions that relied on those data due to their the data-related activities in the organization, such as
not knowing how the data were processed. For exam- who defines the policies and processes for the data as
ple, one interviewee stated in the context of trusting well as assigning the duties for the actions related to
data: “So, we should comply with the policies even if it data. In addition, from a strategic point of view, estab-
might cause delay in the requests, but at least we can be lished data roles and responsibilities include the data
more comfortable while relying on the data”. Also, it was governance function in the organization. Therefore, our
revealed that accessing unneeded data affecting privacy analysis showed that established data roles and respon-
might also have an effect on business performance. sibilities categories are mainly coded under the data
Certain other characteristics around data policies were principles decision domain.
also revealed during our analysis. For example, data Our analysis shows that the employees in the bank
policy documents should follow a certain template in experienced imprecise roles and responsibilities that
order to be understood by all the employees who deal were caused either by the roles being unclear or having
with them, as well as keeping the policy statements unclear assignments. This confirms established data
basic, simple and up-to-date to ensure that employees roles and responsibilities as a CSF for data governance.
appreciate the value of following the guidelines. For example, having good processes in place without
Several actions/interactions are recommended in clear roles and responsibilities leads to mistakes in
order to have effective data policies in place, which dealing with data, as stated by one of the interviewees:
include having a strong, clear, simple, and easy-to- “This dual control process is implemented as written in
follow data policy. However, having a defined data the procedures, but who is the monitor? Who edits these
policy is not enough to achieve successful data govern- fields? Mistakes happen unfortunately on an ad hoc
ance. Formulating implementation methods and having basis”. Therefore, unclear data roles and responsibilities
them in place is highly recommended. For example, as has a negative effect on the success of data governance.
drawn from our analysis, embedding data policies into Different actions/interactions are recommended
a system is strongly recommended and involves having from our analysis, such as setting up a committee for
mandatory fields for data entry and a validation data governance as well as identifying data owners. For
method especially for sensitive data, such as, in this example, it was stated by an interviewee that “there
case, recording the mobile number of the customer should be a committee so you can formulate this”. It is
whereby the customer receives encrypted data via text recommended, therefore, to assign a committee to deal
message. Monitoring policies and updating them is with all data governance activities. The Head of the Call
another of the essential activities related to this CSF Centre also remarked: “So, we are the decision-maker in
that are highly recommended following our analysis. the call center, what data can be shown? But at the bank
For example, in the context of data policies, the Head of level, no, there are different departments for different
Internet Banking stated: “after that, what you need to do systems”. This indicates the need for a clear definition
is to do a periodic audit on it”. of data owners.
Data policies are widely reported in the data govern- Data roles and responsibilities receive more atten-
ance literature, generally with the aim of defining and tion in the literature compared with other areas of data
endorsing policies around the creation, development, governance, such as employee data competencies
control, management and auditing of data (Khatri & (Alhassan et al., 2018). Some data governance literature
Brown, 2010; Panian, 2010). However, some publica- focuses mainly on data roles and responsibilities frame-
tions view data policies in the context of data govern- works for data governance (c.f. Cheong & Chang, 2007;
ance as measures for complying with data regulations Weber et al., 2009). It can be argued that establishing
(Kooper, Maes, & Lindgreen, 2011; Yoku Shaw-Taylor, data roles and responsibilities should be the first step
2014) and others consider only those policies required towards the successful implementation of data
10 I. ALHASSAN ET AL.

governance due to the notion that any activities asso- governance literature has not focused on the relation-
ciated with data governance should be driven by ship between the quality of data requirements and
a representative of a certain role that has a collection communication of those requirements with employees’
of responsibilities. data competencies.

CSF #6: clear inclusive data requirements CSF #7: focused and tangible data strategies
In the context of data governance, data requirements Focused and tangible data strategies include planning for
are the needs that are initially requested by business or data governance in order to achieve its goals, as well as
IT with regard to data. Clear inclusive data require- the main activities related to considering data as assets.
ments define all aspects of data implementation, such Furthermore, the short- and long-term objectives that
as data flows and integration. Our analysis shows that relate to data governance are included. Therefore, based
the business owner should initially understand the data on our analysis, data strategy categories are mainly
requirements and then communicate with IT in order related to the data principles decision domain.
to explain the data needs clearly. Understanding the importance of the data and con-
The largest element of data requirements in our sidering them as assets confirms ‘focused and tangible
analysis are those associated with the data regulations data strategies’ as a CSF for data governance. For example,
that come from either external regulators, such as the one of the team members in the data cleansing project
central bank or other corresponding banks; for exam- stated that “data cleansing is one of the projects considered
ple, one interviewee stated that “we got regulations from strategic in the bank”. Our analysis also shows that poor
the central bank enforcing us to make the changes”, or planning for the future negatively impacts on data when
internal regulations, such as the Compliance focused and tangible data strategies are absent, as stated in
Department at the bank. These regulations are consid- this excerpt: “Also, there was poor planning for the future
ered the main part of the data requirements for data needs, we are talking about 20 years ago”. However, based
governance due to the banking industry being well on our analysis, the bank recently started to consider data
regulated. In addition, the clear inclusive data require- as strategic, which has had an influence on the success of
ments include how data are used for different types of data governance.
reports. As stated by one of the IT developers, this In contrast, based on our analysis, considering data
means “how they want their data to be presented and as strategic is the main recommended action for
calculated in their way”. Therefore, based on our ana- addressing focused and tangible data strategies. Top
lysis, the IT Department in the bank suffers from a lack management enforcement should also be taken as an
of clear data requirements from the business owner of action, as stated by the Head of IT Risk: “you need
the data, as can be seen from a comment by one of the enforcement from top to bottom”. This includes consid-
developers: “I only add what I expect I will need in the ering the assignment of a top management committee
reports, and what other departments and authorities for data governance.
may need, in a way that I think is correct, unless Although this CSF is the lowest priority in our case
I have clear requirements”. study, it has been extensively reported in the literature
There is a clear relationship between clear inclusive related to the successful implementation of data gov-
data requirements and employee data competencies, as ernance (Cheong & Chang, 2007; Elliott et al., 2013;
understanding the right requirements is considered the Weller, 2008). The majority of data governance studies
main action/interaction to address data requirements. consider data as strategic assets and associated with
This is heavily based on employee data competencies. different activities in order to address the data appro-
The data owners should also communicate with the priately. This suggests the need to focus more on
implementers in a formal and detailed method for each awareness of the strategic elements of data governance
and every data requirement, including the data flow as by training top managers, as well as establishing an
well as mandatory fields and validation methods. executive team to drive the data governance pro-
When comparing the literature, data requirements gramme as a companywide framework.
have been reported from different perspectives. For
example, many studies suggest having guidelines for
Concluding remarks and further research
setting rules for data requirements (c.f. Rickards &
Ritsert, 2012; Watson et al., 2004; Wende, 2007). This research has attempted to contribute to the exist-
While other studies also focus on the requirements of ing knowledge on data governance by addressing the
data regulations, as well as data privacy and security (c. CSFs for data governance. This research followed the
f. Tallon et al., 2013). However, it appears as if the data approach of theory building by conducting several
 INFORMATION SYSTEMS MANAGEMENT 11

semi-structured interviews within a single case study industries as a business developer. Ibrahim’s current research
organization. The interviews were transcribed and pre- interests lie in exploring data governance practices and his
pared for analysis by applying open, axial, and selective research has been published in the Journal of Enterprise
Information Management and the Journal of Decision
coding. Seven CSFs for data governance have been Systems.
identified based on our analysis of the case data.
These CSFs are associated with recommended actions/ David Sammon is a Professor (Information Systems) at Cork
University Business School, University College Cork, Ireland.
interactions in order to enable organizations to have
He is co-Director of the IMI Data Business executive masters
a greater chance of success in their data governance program and is co-founder of the VIVID Research Centre.
programmes. He is Editor-in-Chief of the Journal of Decision Systems.
Ultimately, we have found that establishing a successful
Mary Daly is a lecturer and researcher in Business
data governance programme requires a high level of atten- Information Systems at Cork University Business School,
tion from the stakeholders with regard to ‘employee data University College Cork, Ireland She is Co-director of the
competencies’, as well as a need to start by ‘establishing MSc Business Information and Analytics Systems.
data roles and responsibilities’. These two CSFs reflect the
core of what a data governance programme should have in
order to be successful. In addition, our analysis reflects little References
on the importance of a data strategy, as few of the inter-
Alhassan, I., Sammon, D., & Daly, M. (2018). Data govern-
viewees mentioned concepts that could be interpreted as ance activities: A comparison between scientific and
relating to the more strategic aspects of data governance. practice-oriented literature. Journal of Enterprise
However, considering data as strategic assets is deemed on Information Management, 31(2), 300–316. doi:10.1108/
of the main drivers for a successful data governance pro- JEIM-01-2017-0007
gramme within an organization. Hence, this suggests that Alrajhi Bank. (2017). About alrajhi bank. Retrieved from
http://www.alrajhibank.com.sa/en/investor-relations
the ‘focused and tangible data strategies’ may be a more
/about-us/pages/about-us.aspx
important CSF than revealed in this case analysis and Bhattacherjee, A. (2012). Social science research: Principles,
requires further investigation. Therefore, while we appreci- methods, and practices (2nd ed.). Tampa, FL: CreateSpace
ate that data governance is a strategic initiative (Khatri & Independent Publishing Platform.
Brown, 2010; Otto, 2011; Wende, 2007), a focus on the Bowen, R, & Smith, A. R. (2014). Developing an enterprise-
actions pertaining to a data strategy is fundamental to wide data strategy. Healthcare Financial Management, 68
(4), 86-89.
establishing a successful data governance programme. Buchwald, A., Urbach, N., & Ahlemann, F. (2014). Business
One of the limitations is that this research is based on value through controlled IT: Toward an integrated model
a single case study, which can only show part of the of IT governance success and its impact. Journal of
picture. Conducting further case studies in different Information Technology, 29(2), 128–147. Retrieved from
industries is needed, in order to promote a “universal https://link.springer.com/article/10.1057/jit.2014.3
Butler, T., & Fitzgerald, B. (1999). Unpacking the systems
model” of CSFs for data governance. Furthermore, as
development process: An empirical application of the CSF
part of the case analysis in this research, it appeared as if concept in a research context. The Journal of Strategic
interconnectedness between the CSFs could be estab- Information Systems, 8(4), 351–371. doi:10.1016/S0963-
lished. For example, ‘employee data competencies’ defines 8687(00)00027-5
the competency requirements for each role, which Caralli, R. A., Stevens, J. F., Willke, B. J., & Wilson, W. R.
impacts the CSF relating to ‘established data roles and (2004). The critical success factor method: Establishing
a foundation for enterprise security management.
responsibilities’. Therefore, a failure to have employee Retrieved from http://www.dtic.mil/get-tr-doc/pdf?AD=
data competencies may cause a failure in establishing ADA443742
data roles and responsibilities. Therefore, further research Cheong, L. K., & Chang, V. (2007), ‘The need for data
to examine the interconnectedness between the CSFs in governance: A case study’, proceedings of the 18th
order to better understand the implications of the pre- Australasian conference on information systems. ACIS
2007 Proceedings, Toowoomba, pp. 999–1008
sence or absence of one of the CSFs on another is needed
Cohen, R. (2006). What’s in a name? Data governance roles,
to further the data governance agenda. responsibilities and results factors. DM Review, 8
Dezdar, S., & Sulaiman, A. (2009). Successful enterprise
resource planning implementation: Taxonomy of critical
Notes on contributors factors. Industrial Management & Data Systems, 109(8),
1037–1052. doi:10.1108/0263557091099
Ibrahim Alhassan is an assistant professor in the depart- Eisenhardt, K. M. (1989). Building theories from case study
ment of E-commerce at Saudi Electronic University, Riyadh, research. The Academy of Management Review, 14(4),
Saudi Arabia. He has worked for several years in different 532–550. doi:10.5465/AMR.1989.4308385
12 I. ALHASSAN ET AL.

Elliott, T. E., Holmes, J. H., Davidson, A. J., Chance, L., from https://link.springer.com/article/10.1057/palgrave.
Nelson, A. F., & Steiner, J. F. (2013). Data warehouse ejis.3000530
governance programs in healthcare settings: A literature Larkin, B. S. (2008). Increasing information integrity:
review and a call to action. EGEMs (Generating Evidence & Cultural impacts of changing the way we manage data.
Methods to Improve Patient Outcomes), 1(1), 15. International Journal of Organization Theory & Behavior
doi:10.13063/2327-9214.1010 (Pracademics Press), 11(4), 558–578. doi:10.1108/IJOTB-
Esterberg, K. G. (2002). Qualitative methods in social 11-04-2008-B007
research. Boston, MA: McGraw Hill. Lomas, E. (2010). Information governance: Information secur-
Fu, X., Wojak, A., Neagu, D., Ridley, M., & Travis, K. (2011). ity and access within a UK context. Records Management
Data governance in predictive toxicology: A review. Journal Journal, 20(2), 182–198. doi:10.1108/09565691011064322
of Cheminformatics, 3(1), 1–16. doi:10.1186/1758-2946-3-24 Loshin, D. (2007). Data governance for master data manage-
Glaser, B. G. (1992). Emergence vs forcing: Basics of grounded ment and beyond. DataFlux.USA: SAS Institute Inc.,
theory analysis. Mill Valley, CA: Sociology Press. Miles, M. B. (1979). Qualitative data as an attractive nuisance:
Guetat, Sana Bent Aboulkacem, & Dakhli, Salem Ben Dhaou. The problem of analysis. Administrative Science Quarterly,
(2015). The architecture facet of information governance: 24(4), 590–601. Retrieved from http://www.jstor.org/
the case of urbanized information systems. Procedia stable/2392365
Computer Science, 64(1088–1098), . doi: 10.1016/j. Oppenheim, C., Stenson, J., & Wilson, R. M. S. (2003).
procs.2015.08.564 Studies on information as an asset I: Definitions. Journal
Guynes, C. S., & Vanecek, M. T. (1996). Critical success of Information Science, 29(3), 159–166. doi:10.1177/
factors in data management. Information & Management, 01655515030293003
30(4), 201–209. doi:10.1016/0378-7206(95)00053-4 Otto, B. (2011). Organizing data governance: Findings from
Holt, V, Ramage, M, Kear, K, & Heap, N. (2015). The usage the telecommunications industry and consequences for
of best practices and procedures in the database commu- large service providers. Retrieved from http://aisel.aisnet.
nity. Information Systems, 49, 163-181. doi:10.1016/j. org/cgi/viewcontent.cgi?article=3610&context=cais
is.2014.12.004 Otto, B. (2011b). Organizing data governance: findings from
Horne, N. W. (1995). Information as an asset—the board the telecommunications industry and consequences for
agenda. Computer Audit Update, 1995(9), 5–11. large service providers. Communications Of The Ais, 29
doi:10.1016/0960-2593(95)90246-5 (1), 45-66.
Information Builders. (2013), Driving Better Business Otto, B. (2015). Quality and value of the data resource in
Performance With a Practical Data Strategy, [White paper]. large enterprises. Information Systems Management, 32(3),
Institute, CDI. (2006). Corporate data governance best prac- 234–251. doi:10.1080/10580530.2015.1044344
tices: 2006-07 scorecards for data governance in the global Panian, Z. (2010). Some practical experiences in data
5000. Burlingame, CA: CDI Institute. governance. World Academy of Science, Engineering and
Kamioka, T., Luo, X., & Tapanainen, T. (2016). An empirical Technology Management, 62, 468–475.
investigation of data governance: The role of accountabil- Rasouli, M. R, Trienekens, J. J, Kusters, R. J, & Grefen, P. W.
ities. The 20th Pacific Asia Conference on Information (2016). Information governance requirements in dynamic
Systems (PACIS), business networking. Industrial Management & Data
Khatcherian, S, & Jefferson, G. (2009). Information govern- Systems, 116(7), 1356-1379.
ance: challenges for financial services firms operating in Rau, K. G. (2004). Effective governance of it: Design objectives,
the information age. Convergence, 5(1), 80-89. roles, and relationships. Information Systems Management,
Khatri, V., & Brown, C. V. (2010). Designing data 21(4), 35–42. doi:10.1201/1078/44705.21.4.20040901/84185.4
governance. Communications of the ACM, 53(1), Redman, T. C. (2013). Data’s credibility problem. Harvard
148–152. doi:10.1145/1629175.1629210 Business Review, 91(12), 84-88.
Koh, S. C. L., Gunasekaran, A., & Goodman, T. (2011). Reeves, M. G, & Bowen, R. (2013). Developing a data govern-
Drivers, barriers and critical success factors for ERPII ance model in health care. Healthcare Financial
implementation in supply chains: A critical analysis. The Management, 67(2), 82-86.
Journal of Strategic Information Systems, 20(4), 385–402. Rickards, R. C., & Ritsert, R. (2012). Data governance chal-
doi:10.1016/j.jsis.2011.07.001 lenges facing controllers. International Journal of Business,
Kooper, M. N., Maes, R., & Lindgreen, E. E. O. R. (2011). On Accounting, & Finance, 6(1), 25–42.
the governance of information: Introducing a new concept Rockart, J. F. (1979). Harvard business review. Chief Executives
of governance to support the management of information. Define Their Own Data Needs, 57(2), 81–93. Retrieved from
International Journal of Information Management, 31(3), http://europepmc.org/abstract/med/10297607
195–200. doi:10.1016/j.ijinfomgt.2010.05.009 Rosenbaum, S. (2010). Data governance and stewardship:
Lajara, T. T., & Maçada, A. C. G. (2013, August 15–17). Designing data stewardship entities and advancing data
Information governance framework: The defense manufac- access. Health Services Research, 45(5p2), 1442–1455.
turing case study. Paper presented at Proceedings of the doi:10.1111/j.1475-6773.2010.01140.x
Nineteenth Americas Conference on Information Systems, Sammon, D., & Adam, F. (2008). Proceedings from 2008
Chicago, Illinois. Retrieved from http://aisel.aisnet.org/cgi/ International Conference on Information Systems (ICIS):
viewcontent.cgi?article=1704&context=amcis2013 Justifying an ERP investment: critical success factors for
Lam, W. (2005). Investigating success factors in enterprise transformation investments. Paris, France.
application integration: A case-driven analysis. European Shah, M. H., Braganza, A., & Morabito, V. (2007). A survey
Journal of Information Systems, 14(2), 175–187. Retrieved of critical success factors in e-banking: An organisational
 INFORMATION SYSTEMS MANAGEMENT 13

perspective. European Journal of Information Systems, 16 Vayghan, J. A, Garfinkle, S. M, Walenta, C, Healy, D. C, &
(4), 511–524. Retrieved from https://link.springer.com/arti Valentin, Z. (2007). The internal information transforma-
cle/10.1057/palgrave.ejis.3000693 tion of ibm. Ibm Systems Journal, 46(4), 669-683. doi:
Shaw-Taylor, Y. (2014). Making quality improvement pro- 10.1147/sj.464.0669
grams more effective. International Journal of Health Care Walsham, G. (2006). Doing interpretive research. European
Quality Assurance, 27(4), 264–270. doi:10.1108/IJHCQA- Journal of Information Systems, 15(3), 320–330. Retrieved
02-2013-0017 from https://link.springer.com/article/10.1057/palgrave.
Silic, M., & Back, A. (2013). Factors impacting information ejis.3000589
governance in the mobile device dual-use contextnull. Watson, H. J., Fuller, C., & Ariyachandra, T. (2004). Data
Records Management Journal, 23(2), 73–89. doi:10.1108/ warehouse governance: Best practices at blue cross and
RMJ-11-2012-0033 blue shield of north carolina. Decision Support Systems,
Strauss, A., & Corbin, J. (1990). Basics of qualitative research: 38(3), 435–450. doi:10.1016/j.dss.2003.06.001
Grounded theory procedures and techniques. Thousand Weber, K., Otto, B., & Österle, H. (2009). One size does not
Oaks, CA: SAGE Publications, Inc. fit all–a contingency approach to data governance. Journal
Tadawul. (2017). About alrajhi bank. Retrieved from https:// of Data and Information Quality (JDIQ), 1, 1. doi:10.1145/
www.tadawul.com.sa 1515693.1515696
Tallon, P. P., Ramirez, R. V., & Short, J. E. (2013). The informa- Weller, A. (2008). Data governance: Supporting datacentric
tion artifact in IT governance: Toward a theory of informa- risk management. Journal of Securities Operations &
tion governance. Journal of Management Information Custody, 1(3), 250–262.
Systems, 30(3), 141–178. doi:10.2753/MIS0742-1222300306 Wende, K. (2007). Proceedings from 18th Australasian
Tallon, P. P., Short, J. E., & Harkins, M. W. (2013). The Conference on Information Systems (ACIS): A model for
evolution of information governance at intel. MIS data governance–Organising accountabilities for data qual-
Quarterly Executive, 12(4), 189–198. ity management. Toowoomba, Australia: The University of
Tan, B., Pan, S. L., Lu, X., & Huang, L. (2015). The role of IS Southern Queensland. doi:10.1094/PDIS-91-4-0467B
capabilities in the development of multi-sided platforms: Wende, K., & Otto, B. (2007, November 10). A contin-
The digital ecosystem strategy of Alibaba. com. Journal of gency approach to data governance. In M. A. Robert, R.
the Association for Information Systems, 16(4), 248–280. O’Hare, M. L. Markus, & B. Klein (Eds.), Proceedings of
doi:10.17705/1jais 12th International Conference on Information Quality
Tan, W. G., Catersteel, A., & Toleman, M. (2009). Implementing (ICIQ-07) (pp. 163–176). Cambridge, USA: Institute of
it service management: A case study focussing on critical Information Management. Retrieved from https://www.
success factors. Journal of Computer Information Systems, 50 alexandria.unisg.ch/213308/Woodd
(2), 1–12. doi:10.1080/08874417.2009.11645379 Wood, D. (2013). Information Governance. doi:10.1.1.629.6550

View publication stats