About the Author(s)

Olaitan Olutoyin
Department of Information Systems, University of Fort Hare, South Africa

Stephen Flowerday Email
Department of Information Systems, University of Fort Hare, South Africa


Olaitan, O. & Flowerday, S., 2016, ‘Successful IT governance in SMEs: An application of the Technology–Organisation–Environment theory’, South African Journal of Information Management 18(1), a696. http://dx.doi.org/10.4102/sajim.v18i1.696

Original Research

Successful IT governance in SMES: An application of the Technology–Organisation–Environment theory

Olaitan Olutoyin, Stephen Flowerday

Received: 04 June 2015; Accepted: 12 Oct. 2015; Published: 13 May 2016

Copyright: © 2016. The Author(s). Licensee: AOSIS.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Background: Small and medium-sized enterprises (SMEs) are the bedrock of most economies of the world. Due to global competition, SMEs are making significant investments in information technology (IT) to improve their business processes. However, a study of extant literature on the subject of IT governance in SMEs has highlighted the fact that the implementation of structural controls to enable effective IT governance is often difficult, resulting in project failures and loss of income.

Objectives: This paper seeks to examine ways by which SMEs can successfully adapt a suitable IT governance framework to manage its IT investments.

Method: A content analysis of extant literature was done in this paper. The Technology–Organisation–Environment theory forms the theoretical basis of the proposed key pillars for an SME to evaluate its capability to embark on an IT governance initiative in order to obtain the desired results.

Results: From the content analysis of relevant literature, the paper proposed three key pillars which should be in place before an SME adapts any IT governance framework to manage its IT investments. The key pillars are considered an important link between strategic IT governance plans and measurable successful outcomes.

Conclusion: It was concluded that an SME would be better positioned for successful IT governance if it were to conduct a careful analysis of the components of these key pillars before embarking on the implementation of any IT governance framework.


As a sector, the small and medium-sized enterprises (SMEs) labour force is the largest sector of employees worldwide and contributes significantly to growth in developing economies (Apulu & Ige 2011). Because of global competition, SMEs are increasingly being forced to rethink their business processes and embrace agility in their work. The interconnectivity of the world has made it imperative for enterprises, both large and small, to rely on information technology (IT) in achieving their objectives (Devos, Van Landeghem & Deschoolmeester 2009a). As a result of this, SME owner-managers make significant investment in IT. They are therefore not immune from the governance debates on how to manage IT investments effectively and ensure its alignment to business strategies (Bloem, Van Doorn & Mittal 2007).

Following from this, it is apparent that a more structured system is required for the purpose of governing IT in SMEs. However, a study of extant literature on the subject of IT governance in SMEs has highlighted the problem, which is that implementation of structural controls to enable effective IT governance is often lacking, resulting in project failures and loss of income (Devos et al. 2009a).

This article proposes a set of constructs which are crucial for an SME to consider before implementing any IT governance framework. The Technology–Organisation–Environment (TOE) theory incorporates the three pillars on which an SME should evaluate its capability to embark on an IT governance initiative in order to obtain the desired results. The intrinsic value inherent in the ability of SME owner-managers to fully understand and articulate the business–IT fit in their particular environment before embarking on an IT governance initiative is also discussed in the article.

Research methodology

This section provides an overview of the research methods used.

Content analysis

Content analysis refers to a method for systematically exploring textual data to identify the patterns and structures in it, with the intention of identifying the important features of a given construct (Billore, Billore & Yamaji 2013). The purpose of such systematic data exploration in this research was to enable the author to decipher meanings and then draw inferences from the meanings with a certain degree of scientific precision (Vitouladiti 2014). In this article, the research methodology used is qualitative. The conclusions were drawn by using the six steps of content analysis as outlined by Krippendorff (2013). The following steps are involved:

  1. Unitising – A systematic approach that involves delineating the text that is relevant to the content under investigation. This was done by mainly reviewing literature with a focus on IT governance in SMEs.
  2. Sampling – The process of drawing a realistic sample of texts from the entire population, as it is impossible to perform a content analysis on the entire relevant population. A sample was selected from the range of available literature on IT governance based on the frequency of citation, relevance of empirical study of SMEs, and the focus on the challenges encountered when implementing IT governance in SMEs.
  3. Coding – The process of stratifying similar contexts in sampled texts into the same units of analysis in order to deduce meaning. In this article, coding was done by categorising similar constructs under the relevant aspects of the TOE framework.
  4. Reducing – The process of reducing the stratified data to manageable units in order for the results to be presented efficiently. The qualitative nature of this study implies that the reduced data is not coded when measured, but placed in a grouping of similar concepts.
  5. Inferring – The process of enunciating the meaning, reference, and inference to be drawn from the data and the attendant thoughts or constructs these inferences provoke. The inferences drawn from a content analysis of secondary literature form the three pillars narrated in the conclusion to this study.
  6. Narrating – The final step involves writing up the results of the preceding five steps in a way that answers the research question at hand. The narrative stage must ensure that the inferences drawn from the data are outlined in concise, clear language that directly addresses the research question. In this article, the narration is done as an application of the TOE framework and is presented in tabular form for easy assessment and understandability. (Krippendorff 2013).
Sampling procedure for the study

Because of the qualitative nature of this study, and the literature review being based on journals that include empirical studies on IT governance implementation in SMEs, quota sampling was the method used in selecting the journal articles surveyed in the course of writing this article. Quota sampling involves the selection of predetermined characteristics of units of the sample to be used for the research (Marshall & Rossman 2010). This article chose journals that discussed the common theme of IT governance challenges in SMEs, taking into consideration empirical studies on SME implementation of IT governance conducted across different sectors and countries. The TOE theory (Tornatzky & Fleischer 1990) was used to identify the tripartite pillars recommended for careful consideration before the implementation of IT governance frameworks in SMEs.

Validity and reliability

In a study of this nature, it is important to evaluate the quality of data interpretation. This is done by examining the reliability and validity of research findings, because these two attributes constitute a crucial test of trustworthiness for the credibility of the research (Miles, Huberman & Saldana 2013). For the purpose of this article, the validity and reliability of the findings are entrenched and inherent in the method of reviewing the scholarly articles on IT governance in SMEs. The most noteworthy articles were those which conducted case studies on IT governance implementation in SMEs. These were important to critically analyse the success of current IT governance processes in positioning SMEs competitively in the business community. The conclusions drawn from this study are therefore generalisable to the context of SMEs which plan to implement IT governance in their enterprises.

In addition, to ensure the validity and reliability of the constructs drawn from this study, the selection of the papers used for this exercise was based on how often they were cited by the academic community and their availability online as shown on the search engines Google Scholar and EBSCOhost.

Theoretical foundation

SME organisational structure

Worldwide, SMEs represent a means of distributing income among employees and their dependants (Bannock, 2005). Researchers estimate that SMEs are the source of 75% of employment in most economies (Apulu & Ige 2011). As a result of their peculiar ownership structure, mode of funding, and size, SMEs are less complex in both organisational structures and management processes than large organisations (Albayrak & Gadatsch 2012; Montazemi 2006). Additionally, because of financial constraints, SMEs are more inclined to hire personnel with adequate qualifications for the job specification rather than experts. SME owner-managers usually operate an informal reporting system, with the owner-managers as sole decision makers. This is contrary to what occurs in large corporations where decisions have to be ratified by the board or executive management.

Although there is usually good interaction between employees and the management of an SME, once decisions are made, the required implementation processes are cascaded down to employees without recourse to discussions and representations (Devos et al. 2009a). Accordingly, in the area of corporate and IT governance, SMEs are steered mainly by a microscopic unit of the enterprise, usually, the owner-manager, or, in a few cases, the top management team.

This article seeks to propose three pillars that a sound and successful IT governance program should be based on when introducing IT governance to SMEs. The proposed pillars will ensure that the governance of IT processes is aligned with organisational goals and achieves the desired results of improved operational efficiencies, profitability and strategic growth. The following section will discuss IT governance and its impact on the way IT is managed in SMEs.

IT Governance

Governance is described as the measurement and control systems of management, accountability, and supervision required to harness the complexity and competence of an enterprise in order to achieve the goals of that enterprise (Bloem et al. 2007). IT plays a central role in the crafting and introduction of new product offerings and serves as a tool in the implementation of strategic decision-making in enterprises (Montazemi 2006; Albayrak & Gadatsch 2012).

IT governance is defined as the processes that ensure the effective and efficient use of IT for enabling organisations to meet their business goals (Gerrard 2010). IT governance encompasses the decision framework, rights, responsibilities, and accountability required to ensure the desired behaviour in support of the organisation’s business goals (Robinson 2007). The domain of IT governance relates to the systemic optimisation of the IT portfolio to ensure it delivers maximum value and manages the risks that may arise from IT investments (Gerrard 2010; Albayrak & Gadatsch 2012).

In an increasingly competitive environment, there are a number of IT best practices and processes that result from the need to achieve business goals and objectives. Some of these IT best practice frameworks are: Control Objectives for Information and related Technology (COBIT), published by the IT Governance Institute (ITGI 2007), the IT Service Management Forum, and ISO/IEC 38500 (International Organization for Standardization, 2008).

There are two important components of IT governance: the IT governance structure, and the operational governance processes. The IT governance structure refers to the enterprise’s IT strategic plan which is based on its financial capabilities, business needs, and risk appetite. The second component of IT governance is an effective, well-laid-out, and unambiguous process for implementing the IT governance framework.

In an SME context, research findings on how the two aforementioned components are implemented are sparse (Huang, Zmud & Price 2010). According to Devos, Van Landeghem & Deschoolmeester (2012), the two components of IT governance cannot be implemented practicably in the SME context because structural controls in the SME environment are not mature enough to support strict compliance. Therefore we propose that IT governance for SMEs be reconsidered to find a way that consciously designs programs that can align the two components to the strategic goals of the SME in an implementable manner.

Ayat, Masrom & Sahibuddin (2011) contend that there is no framework for the implementation of IT governance in SMEs. In line with this, we outline the differences between large corporations and SMEs, concluding that these differences make the effective implementation of frameworks, such as COBIT Quickstart and ISO/IEC 38500, difficult in SME contexts. In this regard, Ayat et al. (2011) advocate further refinement of the ISO/IEC 38500 to better fit SMEs. In spite of this paucity of research findings on how to implement IT governance in SMEs, there is empirical evidence to show that SMEs that do so are better able to compete in the business world than their counterparts that do not (Huang et al. 2010). The next section of this article discusses factors that impede IT governance in SMEs and instances where IT governance frameworks designed for large corporations have been applied to SMEs.

IT Governance in SMEs

In light of globalisation, competition, and market convergence, SMEs are under increasing pressure to stay profitable, and are therefore in dire need of a system that ensures that IT investments, which are considerably high, deliver the expected value to keep the enterprise in business (Albayrak, Gadatsch & Olufs 2009).

The operational limitations and challenges faced by SMEs include a lack of specialists because of financial constraints that preclude them from attracting the most skilled personnel, and an inability to experiment with technological artefacts as they do not have resources to financially cushion them if the IT artefacts fail to achieve the desired goals. (Albayrak & Gadatsch 2012; Cocca & Alberti 2010).

Much of the research on IT governance has considered the organisational and structural composition of large corporations as being better able to benefit from, and institutionalise IT governance structures (Huang et al. 2010). Researchers have also conceded that large corporations have the financial, operational, and human capabilities required to implement the IT governance processes outlined in frameworks such as COBIT, TOGAF, and ITIL.

However, as discussed earlier in this article, SMEs invest a considerable amount of their limited resources in IT infrastructure; hence the need for these assets to have clear governance structures in place. This is important to ensure that their application aligns with the objectives of the enterprise (Albayrak et al. 2009). Also, extant literature has shown that the average SME manager does not base his IT decisions on any methodological metrics. This implies that IT artefacts in SMEs are being purchased and engaged on an ad hoc basis (Devos et al. 2009b; Apulu & Ige 2011; Huang et al. 2010).

In addition, because SMEs in the main do not have highly skilled personnel compared with large corporations, they depend heavily on external expertise for the adoption and implementation of IT (Devos et al. 2009b). The acquisition, implementation, and servicing of IT artefacts in SMEs are usually handled by external IT specialists acting as consultants or vendors. The effect of this is that IT governance is not considered an integral part of the enterprise, hence its value to the success of the business is not fully analysed or understood (Devos et al. 2009b; Jokonya, Kroeze & Van de Poll, 2012). A number of attempts have been made to tailor a scaled-down version of the IT governance frameworks designed for large corporations for SMEs. An example of this is COBIT Quickstart (ITGI 2007). However, reports from the IT Governance Institute (2007) suggest that the end result of the implementations has been disappointing, urging caution for enterprises with regard to the application of IT governance mechanisms in an SME environment (ITGI 2007).

The failure of these tailored IT governance frameworks in SMEs is attributable to the difference between SMEs and large corporations in terms of structure and operational processes (Albayrak & Gadatsch 2012; Teo, Manof & Choong 2013). IT governance in large corporations cannot be successfully extrapolated to SMEs because the managerial, cultural, and economic contexts are vastly different (Jokonya et al. 2012; Devos et al. 2012). The dearth of literature dedicated to SME adaptation of IT governance has also made it extremely difficult to draw general inferences about best practices in the implementation of IT governance in SMEs.

In view of the foregoing, this article proposes that a generic application of a structured IT governance framework is not the right fit for SMEs. It is opined that that there are important pillars to be considered before an SME embarks on adapting and implementing a particular IT governance framework in the enterprise. These key pillars form an important link between the strategic goals of the enterprise and the metrics that are conditional for successful IT governance in the SME context. This assertion has its theoretical grounding in the TOE framework. The framework is discussed in detail in the following section of this article.

Technology-Organisation-Environment framework

According to Tornatzky and Fleischer (1990), the TOE framework postulates that the implementation and use of a technology or information systems (IS) tool is influenced by the following contexts: technological, organisational, and environmental (Tornatzky & Fleischer 1990). For the purpose of this study, the technology environment is defined as the internal and external environment which has an impact on and is relevant to the SME. Major factors in this regard are the cost of procurement, maintenance, and adaptability of IT artefacts with existing skills and processes within the SME. All of these factors need to be governed in order for the SME to maximise the values derivable from IT (Ayat et al. 2011).

Major factors in the organisational context are the size, structure, internal processes, and disposition of the top management in an SME (Alston & Tippett 2009). The environmental context alludes to both the internal and external factors which may affect the IT in the SME. The external factors include government regulations, competition, and enabling infrastructure that mar or enhance the adaptation of new technology for the SME’s business and market structure (Chen, Papazafeiropoulus & Wu 2011).

This article proposes that the TOE framework is applicable in formulating key pillars for the purpose of governing IT in SMEs. The relevance of the TOE framework for the successful implementation of IT governance in SMEs is discussed in the next section of this article.

An assessment of readiness for IT governance implementation in SMEs using the TOE framework

The technological context of an SME refers to the internal and external technologies that are applicable to the enterprise. These technologies may consist of hardware, software, and processes. The technology context mirrors and tracks the maturity level of technology in the enterprise (Tornatzky & Fleischer 1990). Oliviera and Martins (2010) assert that the technological context reflects both the physical and the human infrastructure that must be in place in order for an implemented IT governance framework to achieve its desired goal in the enterprise. Organisational context refers to factors such as management and managerial styles, degree of formalisation, available resources, and work culture within the enterprise. Environmental factors, on the other hand, are the elements that support or oppose the successful implementation of an IT governance framework in the enterprise. These factors could be government policy, competitors, and enabling infrastructure for carrying out the required processes to validate the IT governance framework and organisational structure (Tornatzky & Fleischer 1990).

Oliviera and Martins (2010) conducted an extensive survey of studies which used the TOE framework to analyse divergent IT adoptions such as e-commerce, enterprise resource planning, open systems, electronic data interchange, and knowledge management systems. It was their considered opinion that the TOE theory is the most complete framework for a rounded analogy of effective IT adoption in the enterprise. In the same vein, we contend, in agreement with Baker (2011) that the implementation of IT governance must follow a critical analysis of the competence- enhancing ability of the entire process to the SME.

Although many authors have used the TOE theory to understand factors which influence adoption, the applicable factors affecting the technological, organisational, and environmental contexts have differed slightly (Baker 2011). This article has applied factors for each element of the theory relevant to the peculiar operating environments of SMEs in proposing its application in the adoption of IT governance in SMEs. We contend that the analogous investigation of the factors which should be in place for an effective IT governance program in SMEs are ingrained in the circumstances within which the SME operates, for example ‘financial constraints’ are more relevant to the organisational context of an SME than ‘global scope’.

Based on the content analysis methodology chosen for this study, and the challenges identified in SME structures and management, it is postulated that the TOE framework serves as a useful tool in formulating the key pillars which enable an SME to delve into the critical issues that need to be addressed before the adaptation of an IT governance framework. These pillars relate to the conditions that should prevail in order for an IT governance framework in an SME to be implemented successfully. The key pillars are considered an important link between strategic plans and measurable successful outcomes (see Table 1).

TABLE 1: Components of the key pillars of the TOE contexts for analysis before implementing IT governance in an SME.
Key Pillar 1 – Technology context of the enterprise

According to extant literature (Devos et al. 2012; Jokonya et al. 2012; Weill & Ross 2004), the research into IT governance in SMEs is an ongoing exercise. However, these authors agree that it is imperative that SMEs consider the stage and state of their technology artefact before adapting any IT governance framework or model. A situation where the technology context of the SME is purely based on outsourcing IT, including the management of the artefacts by specialists, raises questions about the need for a formal governance framework within the enterprise (Jokonya et al. 2012). According to Chen et al. (2011), many SMEs have a resource dependency outlook with regard to IT. The implication of this for IT governance is that the adaptation of a governance model may not be crucial to an SME with limited funding, it is thus advocated that an SME identify its dependency level before the adoption of an IT governance model or framework (Chen et al. 2011).

Owner-managers and CEOs of SMEs are typically the decision-makers regarding the extent and breadth of IT investments in the enterprise (Devos et al. 2012). Unfortunately, owner-managers often find it difficult to conceptualise the complicated thought processes behind the design of a framework for guiding IT in the enterprise, principally because they do not fully understand the immensely important role IT plays in the success and competitiveness of the enterprise (Huang et al. 2010). The components of the subpillars to be considered in the technology context are outlined as follows:

  • Formal control of IT is the conceptual model of an IT governance framework; informal processes are the norm in the choice and deployment of IT in SMEs (Ayat et al. 2011). Thus, a decision to implement a governance model for IT in SMEs should first consider a needs analysis in relation to the current artefacts and business goals. Studies conducted by De Haes, Haest and Van Grembergen (2010) confirm this by showing that SMEs are challenged in the area of business–IT alignment and this has a negative impact on their IT governance efforts. It is thus surmised that, before deciding on a framework to govern IT, an SME must fully understand and be able to state the impact IT has on its business and the future plans it has for utilising IT to promote or position the enterprise for better competitiveness. In other words, the need for IT governance should be apparent before an SME considers adapting any framework.
  • Following from this, a cost-benefit analysis of IT governance framework implementation should be carefully considered. In an SME where the IT in use is for process improvement or basic accounting, with the software sold and serviced by external vendors and specialists, the need for a rigorous process for IT governance does not seem apparent (Jokonya et al. 2012; Devos et al. 2012; Albayrak & Gadatsch 2012). The owner-manager may decide on a semiformal approach for managing IT risks, for example detailed and formalised Service Level Agreements which clearly outline the rules of engagement. However, in a technology context where the SME requires assembly line IT infrastructure, there may be a need for an internal IT specialist to be appointed to ensure the smooth running of artefacts; this would also necessitate the institutionalisation of strategic procedures to ensure no loopholes occur that may threaten the core of the business-production.
  • The technological context of an SME is largely dependent on the financial strength of the enterprise. An SME that is struggling to find funding to improve its production processes, or has challenges keeping ahead of competitors, will not be in a position to execute an elaborate IT governance framework. Albayrak and Gadatsch (2012) confirmed this assertion through an empirical study of SMEs in Germany, which revealed that most managers and employees could not correctly estimate the cost outlay of their IT artefacts, nor could they estimate the cost of their IT and correlate it with value added to the enterprise.
Key Pillar 2 – Organisational context

As previously discussed in this article, the two sides of IT governance are the development of the framework and the actual implementation of processes and procedures to achieve the goals outlined in the framework. The TOE framework refers to the organisational context of an enterprise as its characteristics, which include its managerial structure, the extent of formalisation, and its human resources (Tornatzky & Fleischer 1990). The components of the subpillars to be considered regarding the organisational context and IT governance in an SME are outlined as follows:

  • Although literature on SMEs and the availability of the organisational structure necessary for IT governance implementation is sparse, provision of quality IT services based on any IT governance framework in the enterprise depends on whether the human resources employed are equipped to carry out the required processes (Albayrak & Gadatsch 2012; Alston & Tippett 2009; Cocca & Alberti 2010; Montazemi 2006). It is critical for an SME to assess its readiness for IT governance in this respect before embarking on the implementation of any IT governance framework. This assessment should focus on two main factors:
    • Are there skilled personnel available to ensure the correct, sustained, and measurable implementation of the IT processes outlined in the framework?
    • Is the organisational context mature enough to ensure that the necessary controls and regulatory processes are in place for the governance of IT?
  • The IT Governance Institute (2007) opines that extreme caution is required when applying IT governance measures in SMEs. In this article, we extend this notion further by stating that trust plays a major role in the organisational context of an SME, and should thus be regarded as a determining agent in the successful implementation of an IT governance framework in SMEs. According to Devos et al. (2012), trust limits the need for structural controls, which implies that the focus of IT governance in SMEs should not only be on the implementation of structures and processes, the organisational context should also be one that entrenches or engenders trust between the owner-manager and the personnel in order to encourage willing and committed participation in the IT governance processes required (Alston & Tippett 2009). Research has shown that organisational trust creates an enabling environment for process improvements in the workplace (Alston & Tippett 2009; Lippert & Davis 2006). To this end, it is opined that an organic culture, which is generally prevalent in SMEs, may not be suitable for rigid procedural compliance with an IT governance framework. The leadership in an SME should critically assess the organisational culture and determine the levels of employee trust before implementing any IT governance framework. Also, an employee’s sense of belonging and community is enhanced by a high sense of organisational trust, which in turn contributes to the willingness to actively support required IT governance processes (Liu & Wang 2013).
  • Furthermore, Devos et al. (2009) maintain that trust is more important than structural control in eliminating IS project failures in SMEs. These findings were based on an empirical study of eight SMEs, and the results indicated that trust played a greater role in ensuring IT project success than the controls that were in place for the same purpose. The implication of this finding for IT governance is therefore that the output-based contracts obtained in large corporations may not necessarily be a guarantee of successful IT governance in SMEs (Devos et al. 2009b).
  • The organisational context also determines the level of communication within the enterprise. IT governance communication models for large corporations are structured and highly regulated. This structured, formalised model is unlikely to work in SMEs, where the organisational system is largely fluid and informal (Devos et al. 2012). Another crucial element which needs to be in place before the decision to choose any particular IT governance framework is a communication plan. The obvious challenge with formalising communication plans and implementing processes such as risk logs and issue logs in SMEs is that using these tools correctly involves training and a measurement metric to decipher compliance levels (Devos et al. 2012). Both of these elements, communication and documentation, must be enabled by the right human capital in the enterprise (Oliviera & Martins 2010).
Key Pillar 3 – Environmental context

The environmental context of an SME is of the utmost importance in the adoption of an IT governance framework. The regulatory environment in which an SME operates is fundamental to the successful adoption of IT governance (Jokonya et al. 2012) because an enabling environment in which SMEs can thrive and become innovative in delivering solutions to the industry is generally made possible by government support structures (Montazemi 2006). The components of the subpillars to be considered in the environmental context of an SME before the adaptation of an IT governance framework are outlined below:

  • Enterprises that are situated in regions where government regulations and fiscal policies offer support to SMEs in the form of funding, infrastructural outlay, and other technicalities necessary for IT to thrive, will be better positioned to implement IT governance processes (Bloem et al. 2007). It is therefore important for an SME to ensure that the right support parameters are in place to actualise the IT governance framework it chooses for the enterprise (Ayat et al. 2011). Decision rights and accountabilities in the SME are centralised, with the owner-manager making the strategic decisions on the future of the enterprise. In the context of SMEs, this seemingly absolute power of the owner-manager may create an atmosphere of disenchantment. According to Devos et al. (2012), the concept of IT governance is rooted in IT strategic planning and management; however, in large corporations both of these elements are linked to a distinct and well-articulated corporate governance model. The operational environments of SMEs are typically devoid of such structures, hence the unsuitability of IT governance frameworks designed for large corporations (Devos et al. 2009b). It is therefore advocated that the adoption of an IT governance framework by SMEs should only be done after a thorough and detailed investigation of the peculiarities of that enterprise’s environment. The next section of this article summarises these three pillars in a table format.


The TOE framework has been adopted for myriad innovations in both developed and developing countries. In this article, we contend that the TOE framework is a well-rounded theory for testing the core success factors of IT governance in SMEs. This article posits that the implementation of IT governance as it applies to the SME context is a complex, multifaceted endeavour. This is mainly because the very nature and structure of SMEs negate the clearly defined structural processes required for the actualisation of an IT governance program.

Based on the TOE framework, this article discussed three key pillars that should be in place in an SME before an IT governance framework can be adapted. The components of the three key pillars, the technological, environmental, and organisational contexts of the enterprise, were outlined. Some of the components discussed include the consideration of the financial health of the enterprise to ensure it has the resources it needs to successfully manage the technical and human resources required to actualise the processes of an adapted IT governance framework; a detailed assessment of the SME to determine whether there are skilled personnel to ensure the correct, sustained, and measurable implementation of the IT governance processes in the enterprise; and an evaluation of the support structures such as government policies and sector policymakers and how these may influence the success of the implementation of an IT governance framework in the enterprise.

These key pillars are considered to be a prerequisite to successful IT governance in SMEs as they highlight the peculiarities of the SME environment in order to ascertain whether the implementation of an IT governance framework in the enterprise is practicable. The article concluded by asserting that an SME would be better positioned for successful IT governance if it were to conduct a careful analysis of the components of these key pillars before embarking on the implementation of any IT governance framework.

A limitation of this article is that the application of the TOE framework, which is discussed and forms the foundation of this article, is theoretical. Thus, the direction for future research is an empirical, quantitative investigation of SMEs in order to test the validity of the components of the key pillars outlined in this study.


Competing interests

The authors declare that they have no financial or personal relationships which may have inappropriately influenced them in writing this article.

Authors’ contributions

O.O. (University of Fort Hare): lead author and writing up of article. S.F. (University of Fort Hare): Postgraduate supervisor of the lead author.


Albayrak, A.C. & Gadatsch, A., 2012, ‘IT Governance model for small and medium sized enterprises’, Munich, European, Mediterranean & Middle East Conference on Information Systems (EMOIS), pp. 380–390.

Albayrak, A.C., Gadatsch, A. & Olufs, D., 2009, ‘Life cycle model for IT performance measurement: A reference model for small and medium enterprises (SME)’, in G. Dhillon, C.B Stahl, & R. Bakersdale (eds.), Information systems-creativity and innovation in small and medium sized enterprises: Proceedings of IFIP W.G 8.2 conference, pp. 180–191. http://dx.doi.org/10.1007/978-3-642-02388-0_13

Alston, F. & Tippett, D., 2009, ‘Does a technology-driven organization’s culture influence the trust employees have in their managers?’, Engineering Management Journal 21(2), 3–10. http://dx.doi.org/10.1080/10429247.2009.11431801

Apulu, I. & Ige, E., 2011, ‘Are Nigerian SMEs Effectively Utilising ICT?’, International Journal of Business and Management 6(6), 207–214. http://dx.doi.org/10.5539/ijbm.v6n6p207

Ayat, M., Masrom, M., Sahibuddin, S. & Sharifi, M., 2011, ‘Issues in implementing IT Governance in small and medium enterprises’, California, USA, second international conference on Intelligent Systems, Modelling and Simulation (ISMS), pp. 197–201. http://dx.doi.org/10.1109/isms.2011.40

Baker, J., 2011, ‘The technology-organisation-environment framework’, in Y. K. Dwivedi, M.R. Wade & S.L. Schneberger (eds.), Information systems theory: Explaining and predicting our digital society, pp. 231–245, Springer.

Bannock, G., 2005, The Economics and Management of Small Business: An international perspective, 1st edn., Taylor & Francis, London.

Billore, S., Billore, G. & Yamaji, K., 2013, ‘The online corporate branding of banks-a comparative content analysis of Indian and Japanese Banks’, The Journal of American Business Review 1(2), 90–96.

Bloem, J., Van Doorn, M. & Mittal, P., 2007, Making IT Governance work in a Sarbanes Oxley world, 2nd edn., Wiley & Sons, New York.

Chen, H., Papazafeiropoulus, A. & Wu, C., 2011, ‘An E-government initiative to support supply chain integration for small to medium sized enterprises’, The Database for Advances in IS -Communications of the ACM 42(4), 63–99. http://dx.doi.org/10.1145/2096140.2096145

Cocca, P. & Alberti, M., 2010, ‘A framework to assess performance measurement systems in SMEs’, International Journal of Productivity and Performance Management 59(2), 186–200. http://dx.doi.org/10.1108/17410401011014258

De Haes, S., Haest, R. & Van Grembergen, W., 2010, ‘IT governance and business IT alignment in SMEs’, ISACA: Serving IT Governance Professionals 6, 1–7.

Devos, J., Van Landeghem, V.H. & Deschoolmeester, D., 2009a, IT Governance in SMEs: A theoretical framework based on the outsourced information systems failure, Academic Publishing, Sweden, pp. 213–246.

Devos, J., Van Landeghem, H. & Deschoolmeester, D., 2009b, ‘IT Governance in SMEs: Trust or control?’, in G. Dhillon, C.B. Stahl & R. Bakersville, (eds.), Information systems-creativity and innovation in small and medium-sized enterprises, pp. 135–149, Springer, Germany. http://dx.doi.org/10.1007/978-3-642-02388-0_10

Devos, J., Van Landeghem, H. & Deschoolmester, D., 2012, ‘Rethinking IT Governance for SMEs’, Industrial Management and Data Systems 112(2), 206–223. http://dx.doi.org/10.1108/02635571211204263

Gerrard, M., 2010, viewed 15 August 2014, from http://www.gartner.com/IT/initiatives

Huang, R., Zmud, R.W. & Price, L.R., 2010, ‘Influencing the effectiveness of IT Governance practices through steering committees and communication policies’, European Journal of Information Systems 19, 288–302. http://dx.doi.org/10.1057/ejis.2010.16

International Organization for Standardization, 2009, ISO/IEC 38500, viewed 5 September 2014, from http://www.itgovernance.co.uk/iso38500

ITGI, 2007, ‘CobiT 4.1: Executive summary’, viewed 13th July 2013, from http://www.isaca.org/

Jokonya, O., Kroeze, J. & Van der Poll, J.A., 2012, Towards a framework for decision making regarding IT adoption. Pretoria, Association for Computer Machinery (ACM), pp. 316–325. http://dx.doi.org/10.1145/2389836.2389874

Krippendorff, K., 2013, Content analysis: An introduction to its methodology, 3rd edn., Sage Publications, Thousand Oaks.

Lippert, S.K. & Davis, M., 2006, ‘A conceptual model integrating trust into planned change activities to enhance technology adoption behaviour’, Journal of Information Science 32(5), 434–448. http://dx.doi.org/10.1177/0165551506066042

Liu, X.P. & Wang, Z.M., 2013, ‘Perceived risk and organizational commitment: The moderating role of organisational trust’, The Journal of Social Behaviour and Personality 41(2), 229–240. http://dx.doi.org/10.2224/sbp.2013.41.2.229

Marshall, C. & Rossman, G.B., 2010, Designing qualitative research, 5th edn., Sage Publications, Thousand Oaks.

Miles, M.B., Huberman, M.A. & Saldana, J., 2013, Qualitative data analysis: A methods sourcebook, 3rd edn., Sage Publications Inc, Thousand Oaks.

Montazemi, A., 2006, ‘How they manage IT: SMEs in Canada and the US’, Communications of the ACM 49(12),109–112. http://dx.doi.org/10.1145/1183236.1183240

Oliviera, T. & Martins, F.M., 2010, ‘Firm patterns of E-business adoption: Evidence for the European Union-27’, The Electronic Journal of Information Systems Evaluation 13(1), 47–56.

Robinson, N., 2007, viewed 17 August 2014, from http//www.isaca.org

Teo, W.L., Manof, A. & Choong, L.F.P., 2013, ‘Perceived effectiveness of information technology governance initiatives among IT practitioners, International Journal of Engineering Business Management 5, 1–9.

Tornatzky, L.G. & Fleischer, M., 1990, The process of technological innovation, Lexington Books, United Kingdom.

Vitouladiti, O., 2014, ‘Content analysis as a research tool for marketing, management and development strategies in Tourism’, Procedia Economics and Finance 9, 278–287. http://dx.doi.org/10.1016/S2212-5671(14)00029-X

Weill, P. & Ross, J.W., 2004, IT Governance on one page, MIT Sloan Working Paper, vol. 349, pp. 1–18.


Crossref Citations

1. IT Governance in SMEs
Rodrigo Franklin Frogeri, Daniel Jardim Pardini, Ana Maria Pereira Cardoso, Liz Áurea Prado, Fabrício Pelloso Piurcosky, Pedro dos Santos Portugal Junior
International Journal of IT/Business Alignment and Governance  vol: 10  issue: 1  first page: 55  year: 2019  
doi: 10.4018/IJITBAG.2019010104