Next Article in Journal
CerealNet: A Hybrid Deep Learning Architecture for Cereal Crop Mapping Using Sentinel-2 Time-Series
Previous Article in Journal
Do NFTs Sound Good? An Exploratory Study on Audio NFTs and Possible Avenues
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Informatics
Volume 9
Issue 4
10.3390/informatics9040095
informatics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Benefit Dependency Network for Shadow Information Technology Adoption, Based on Practitioners’ Viewpoints

by
Isaias Scalabrin Bianchi
1,*,
António Vaquina
2,
Ruben Pereira
2,
Rui Dinis Sousa
3 and
Guillermo Antonio Dávila
4
1
Grupo de Investigación Desarrollo Empresarial, Gestión del Conocimiento e Innovación, Instituto de Investigación Científica, Universidad de Lima, Lima 15023, Peru
2
Department of Information Science and Technology, Instituto Universitário de Lisboa (ISCTE-IUL), 1649-026 Lisbon, Portugal
3
ALGORITMI Center, Department of Information Systems, University of Minho, 4804-533 Guimarães, Portugal
4
Grupo de Investigación Desarrollo Empresarial, Gestión del Conocimiento e Innovación, Carrera de Ingeniería de Sistemas, Instituto de Investigación Científica, Universidad de Lima, Lima 15023, Peru
*
Author to whom correspondence should be addressed.
Informatics 2022, 9(4), 95; https://doi.org/10.3390/informatics9040095
Submission received: 26 September 2022 / Revised: 13 November 2022 / Accepted: 14 November 2022 / Published: 24 November 2022
Browse Figures
Versions Notes

Abstract

:
Shadow information technology (SIT) revolves around systems that are hidden but are still managed by the same business entities. It consists of the use of devices, software, systems and applications without the information technology (IT) department’s approval. Employees use IT without the knowledge of the IT department, and it creates a gap in communications, as the IT department loses the knowledge of the reality within the company. However, there are benefits involved. In order to take advantage of these benefits, changes have to be implemented in the way that business activities are handled. The benefits should be a direct result of the changes, of the difference between the ongoing and the suggested way that activities should be undertaken, and the levels of efficiency and effectiveness to which people deliver their daily tasks. The objective of this study was to propose a benefit dependency network (BDN) for SIT, and, through its concepts, to synthetize our findings and specify the connections between SIT practices and their benefits. This research was conducted a systematic literature review (SLR) and used a design science research methodology, adopting semi-structured interviews with fourteen interactions to propose a BDN for SIT. We proposed a model with five dimensions related to a BDN for SIT. By understanding the BDN and the benefits of SIT, it is easier to have a better notion of the implications and the factors involved in order to assist the decision-making process. Whether an organization wants to reach innovation, increase revenue or retain clients, the BDN helps with analysis and selection, and is something that organizations should take seriously, as it is essential to have knowledge about what the benefits are and how they can be reached. To the best of the authors’ knowledge, this research included and replaced several processes in the BDN for SIT, in a topic that is still underexplored.

1. Introduction

Currently, technology is evolving at a tremendous and accelerated pace, it seems as though everyday there is new software that absolutely changes the way that things are made and perceived. On the other hand, every day more and more people are gaining access to smartphones, to the internet and to all the benefits these bring along. Furthermore, innovative information technology (IT) applications and the services offered in the cloud—easily accessible via the internet, either for free or on a flexible pay-per-use basis—are increasing fast [1,2,3]. All of this can and is being used by employees on laptops, tablets and smartphones to work in a more efficient way, from work or at home, to help better accomplish their daily work requirements. However, while these benefits drive the digital transformation being witnessed today, they also motivate users to turn to these solutions without their organization’s approval [4]. This is called shadow information technology (SIT).
SIT represents all hardware, software, or any other technological solution used by employees inside of the organizational ecosystem, that did not receive any formal IT department approval [5,6]. Some examples include Dropbox, Google Drive and WhatsApp, which are applications available on the cloud, which means there is no need to download or install them. While most of these applications are harmless, there is always the possibility of hackers accessing important company data and information [7].
The constant need of end-users to complete their job and employees’ dissatisfaction with the implemented software are the main reasons behind the rise and development of SIT [8]. SIT represents one of the biggest threats for organizational IT security [9], and most of the time SIT is used to complement already-established enterprise resource planning (ERP) systems—the same systems adopted to eradicate and reduce the dependency on SIT.
Some authors suggest that SIT offers an effective and efficient way for users to cope with the insufficiencies of the formal systems and can be used as a solution to an existing problem with the implemented systems [4,5,10,11,12,13,14,15,16,17,18,19,20]. On the other hand, the negative side of SIT has also been pointed out as it creates the complex challenges experienced by many organizations and IT departments[5,7,8,11,13,21,22,23]. In fact, SIT is widely considered as one of the biggest challenges for the chief information officers (CIOs) and the IT departments [5] of organizations due to the risks it brings. For instance, the loss or leak of data, compliance-related issues or even the loss of investment are all risks for organizations, as most of these devices and applications leave no blueprints behind. This makes it complex to assess the actual risk, undermines the main system of a company and potentially damages organizational information and processes.
SIT is, most of the time, a result of individual behavior, and it is characterized through accessing, acquiring or using the widely available tools, processes or systems that have not received prior formal IT department approval [9]. Individuals rely on their own knowledge and experience to address their daily tasks in ways that they feel are best fitted to their needs, believing that the delivery of results will surpass the consequence of using SIT. This creates risks in a multitude of ways, which can, unintentionally, negatively affect the company’s dynamics and the employees’ work.
With the current evolution of IT and the increase in its users, organizations should not take this matter lightly as it is already being considered as one of the top concerns of CIOs and IT managers [22,24,25], as employees are already using SIT in a variety of ways for their daily tasks. Furthermore, most of them do not have the necessary know-how to defend themselves in the case of an attack on their devices.
Organizations do not put enough focus on the expected benefits, even though it has been proven that if they are to increase the likelihood of success from their IT investments, they must separate out the different causes of the benefits that they will bring before developing any implementation plan [26], no matter what the approach is, as the goal for investing in IT should always be to improve performance in order to achieve business goals. According to [27], research has indicated that management does not comprehend how to identify business benefits, and that is where the need for a benefit dependency network (BDN) comes from, as it allows management to clarify and highlight the change requirements that will be used to analyze the changes needed before advancing with new IT investments. It will help to examine the connection between technologies, processes and people-aiding management in understanding how the blend of technology and business changes will help to deliver the expected benefits. The BDN appears to be the appropriate tool for this level of initial research, acting as a catalyst to start the discussion and examine the data. Thereby, the occurrence of SIT is a phenomenon that has been insufficiently explored, on one hand, and, on the other hand, it is often misinterpreted [8]. This is a big reason why this subject deserves more attention from both organizations and the scientific world.
This research aimed to propose a BDN for SIT, through SLR and DSR methodologies, to specify the connections and benefits that may arise if companies start looking at SIT as a solution and not as a problem.
This article is structured as follows: Section 2 presents the related work. Section 3 describes the research methodology used in this study—adopting design science research. Section 4 presents the design and development of our artefact. Section 5 presents the discussion. Finally, Section 6 presents the conclusion.

2. Related Work

Researchers and practitioners have discussed different governance approaches at the firm level, ranging from total permission to specific concessions, and to the company-wide banning of SIT [28]. However, before anything is implemented, it is very important to take a step back and to try to understand the extent, the reach and the opinions on these solutions—as shown in Table 1.
So far, SIT has received limited scholarly attention, and that might be one of the reasons why it is a widespread challenge across IT departments. Companies such as Accenture have been saying that the “golden ages” of SIT are ahead of us, as this new generation gains access to the corporate world. Organizations should also take the blame for the issues surrounding the use of SIT, due to their failure to provide their employees with adequate systems to perform their duties and to the drastic way that most of them react whenever SIT use is identified within their branches. It is this lack of awareness and knowledge when it comes to approaching new ideas and concepts that allows the creation and growth of SIT solutions, as it creates an ideal situation for shadow users to implement whatever they feel will help them best in achieving their daily tasks.

2.1. Why Is SIT So Appealing?

Inadequate IT solutions lead to the deployment of SIT [7], which is guided by the need of the user-driven fulfilment of requirements [4]. It is the rate at which informal and collaborative information technology is being implemented autonomously by employees to help them perform their work [12]. It describes the circumstance of users starting to develop IT systems with their own capabilities [32], which are against corporate guidelines and hidden from official IT governance. It is developed by users with strong knowledge of local business processes, and it fills the existent void of formal IT competencies, and, for this reason, it can live for a long time without receiving any attention from IT staff. SIT is often readily available and is perceived as being easier to use than central systems and more cost effective [15]. In fact, 80% of employees use software that has not been approved by the IT organization [7] as security policies are ignored by employees and managers due to a lack of employee training [4].
SIT is an insider threat, which is caused by the members of an organization [4]. It has been reported that 32% of employees say that insider violations are more costly or damaging than incidents perpetrated by outsiders [5]. ERP implementations that fail to add value and achieve benefits are associated with a lack of trust and the dissatisfaction of employees with current systems. The constantly improving technical knowledge of users and the growing accessibility to cloud-based IT solutions can easily influence the creation of SIT [14]. SIT is used as a solution to the limitations and existing issues with formal systems, which are often highly consolidated and have complex user interfaces (UIs), and, as a consequence, users choose to enforce solutions from third-party vendors or self-made solutions in order to make processes simpler and to improve the user experience. An organization’s evolution can be understood as emerging from all these local network interactions [29].
Organizations also have a share in the blame for this deviant behavior by not providing appropriate systems for employees to perform their tasks [17].
Often, SIT can be more beneficial or efficient than legacy systems [9], and, although some organizations explicitly allow the use of SIT, most use a range of formal risk-management tools (IT service management, IT governance and IT security management) to direct, restrict and control the activities of BUs [15]. Central management can permit end users to implement SIT solutions, apply a strategy to monitor its implementation and regulate it through IT policies [32,40]. The IT department should try to identify solutions being used by department teams, because identified SIT brings less risk than unknown SIT.
The use of SIT is an effective reaction to the frustration experienced by employees [28] because of unaddressed business needs and slow responses to IT requests. End-users also implement SIT as a form of resistance to sanctioned systems, with some claiming its use shows the need for innovation [14]. This dissatisfaction is often caused by the misalignment of the IT department’s objectives with the other departments’ objectives; therefore, SIT systems succeed in environments where top management supports the development and implementation of such systems. SIT is popular with employees and can lead to higher user satisfaction as it can provide specific functionality or familiarity [7]. Because they need suitable IT solutions, they help themselves by implementing SIT [23]. This is one of the reasons why SIT should be looked at from an individual level, rather than from an organizational level [9].
SIT consists of autonomous developed and supplied systems, processes and organizational units [31], which exist without the acceptance or support of the IT department. It will often emerge if a business unit does not perceive its ability to influence the actions that a central IT department takes to fulfill its demands [15].
SIT has both positive and negative outcomes and is the result of the gap between the requirements of the stakeholders and the implementation of the systems [34]. A more systematic understanding of the dynamic interaction between the shadow systems, risk and power would be important for IT managers and for governance professionals in order to better address this issue and to find long-term solutions. SIT usage can be classified as a volitional action—the employee is deliberately undertaking an action, but without any malicious intentions [5].

2.2. The Benefit Dependency Network Dilemma

Many organizations focus on technology’s implementation, and do not give attention to the realization of the expected business benefits [23]. Benefits arise from changes and innovations, and they surface when IT gives people the power to accomplish things with more effectiveness and efficiency, thus creating a demand for improvements in how information is used. Benefits from IT investments do not just “happen”, they need a firm commitment from organizations to drive the investment through organizational change [41], as many projects fail due to the lack of proper tools to assist in IT investment decision-making and management issues.
Furthermore, understanding the business context of the investment being considered is crucial as, all too often, IT projects become technology projects rather than primarily business change projects, and the context for the investment is soon forgotten [27]; therefore, in some of these cases the projects are brought to a halt, which is not optimal.
The benefits may be considered as the effect of the changes [42]. If any organization wishes to evolve and stay on pace with today’s technology then change is something they should be ready and prepared to face.
For this research, the tool used was the benefit dependency network (BDN), due to its capability to graphically display the change requirements and to consider the connections based on technology, people and processes, while showing the expected benefits. It also seemed the most appropriate tool for this level of initial analysis. BDN provides a framework for explicitly linking the overall investment objectives and the requisite benefits with the business changes necessary to deliver those benefits and with the essential IT functionality to both drive and enable these changes to be made [27].
When discussing BDN, as shown in Table 2, there are five concepts that cannot be dismissed, as per [41]. These are as follows:
  • Investment objectives—specific to the project and focused on the outcome, i.e., on what the project will achieve if successful.
  • Business benefits—advantages that are incurred as a result of the project. When benefits are delivered, they will lead to organizations achieving the investment objectives.
  • Business changes—permanent changes to practices, processes and relationships within the organization, which are required in order to achieve the benefits.
  • Enabling changes—adjustments or changes that need to be implemented for business changes to take place.
  • IT enablers—IT tools that must be implemented, as well as IT considerations to be evaluated before introducing new technology.
Organizations need to take a holistic approach when it comes to adopting SIT. Consideration needs to be given to decisions with regards to the skills of people, the impact on the structure of the organization, the business processes, and the technology changes necessary to deliver the benefits and investment objectives. Each domain of the BDN should be considered prior to SIT adoption, as organizations are encouraged to find new ways to implement new technologies, without completely relying on existing technology, as a BDN model approach can assist in identifying organizational technology considerations.

2.3. Bring Your Own Device (BYOD)

The bring your own device (BYOD) concept is spreading very quickly in the organizations that hugely depend on IT infrastructure and that need their employees to be connected to the organization’s computer network for most of their tasks [43]. Simply put, BYOD means allowing employees to access an organization’s network via their own devices/technology. The adoption of BYOD, initiated by employees, refers to the provision and use of personal mobile devices and applications for both private and business purposes [44]. BYOD is a concept that allows employees to utilize their personally owned technology devices to stay connected to, access data from, or complete tasks for their organizations. At a minimum, BYOD programs allow users to access employer-provided services and/or data on their personal tablets/e-readers, smart phones and other devices [43].
BYOD provides an important benefit to both companies and their employees, in particular in Fintechs [45]. It provides great convenience for employees because they no longer need to carry several devices. It also allows individuals to select the sort of gadget with which they are most accustomed and comfortable. BYOD eliminates the need for organizations’ IT departments to acquire more mobile devices for employees. This configuration considerably decreases their expenses and alleviates part of the stress of servicing those mobile devices.
Firstly, it creates a significant convenience for employees as they no longer have to carry multiple devices with them. It also allows them to choose the type of device they are most familiar with and most comfortable with using. For companies, BYOD means that the IT department no longer has to purchase additional mobile devices for employees. This setup reduces their costs significantly and reduces some of the burden of supporting those mobile devices.

3. Research Methodology

The research methodology adopted by this investigation was the design science research (DSR). The aim was to design, build and evaluate the network we pretended to analyze.
DSR was the appropriate choice as it seeks to extend the boundaries of human and social capabilities by creating new and innovative artifacts that enable globalization, integration, increased productivity and rapid adaptation [46]. The goal was to develop a framework for the better comprehension, execution and evaluation of the research, as well as to measure the impact on the organization.
To reach this objective, a design science research methodology (DSRM) seemed to be the right option, as it attempts to develop and acquire information that brings effectiveness into a real-world context, as displayed in Figure 1. The DSR approach consists of the following three elements: conceptual principles, practical rules and procedures to perform and conduct research [47].
Hence, the goal of this research was to try to increase the efficiency of the organization. The principles followed are described in Table 3. As the principles themselves were not considered sufficient to justify the applicability and value in the design science, the DSR guidelines proposed by Hevner et al., 2004 [46], as shown in Table 3, were used. The Table 4 presents the DSR guidelines.
A questionnaire was conducted in the evaluation step of the proposals, the questions are presented in Table 5. Through these, it was possible to enlighten the interviewees about the definition of SIT and BDN first and, then, to inform them about the concept of BDN, before asking for their opinions on the suggested BDN and on what changes they would suggest.

4. Design and Development

As we aimed to design, build and evaluate the BDN, the DSR was the appropriate choice, as it seeks to extend the boundaries of human and social capabilities by creating new and innovative artifacts. To improve the access to our research question on the benefits of SIT adoption, a questionnaire was designed to better help us validate and strengthen our proposed BDN, which was conducted in a growing north American Fintech company, which, for confidentiality reasons, will be called ReaLife. A case method fitted this study, since it allowed the exploration of the benefits of SIT adoption in a real-world context and through theory.
The Fintech industry, in particular, was selected due to the need to reduce risks and to maximize the potential of SIT in an environment that is highly regulated, extremely competitive and innovative. There is a need for growing Fintech companies to stay in pace with the ever-growing demands of their clients and technological advances, as more and more people are starting to rely on these solutions to reach their financial goals. ReaLife was created in the early 2000s and quickly gained notoriety in the north American market, with its strong tradition of providing platforms and solutions for their clients to manage their fees, statements, financial reports and investments. The company is currently going through an expansion, as they plan to enter the European market by buying an already-established European Fintech, merging both companies into one. This process, so far, has exposed the huge differences in how the business is handled differently on both continents, as there is a feeling that European policies are stricter and more demanding than the ones existing in north America. The merging process is supposed to take over a year, and many gaps have already been identified in the company’s infrastructure and in its system’s integrity when it comes to outside resources that will put the company’s information and data at serious risk if it is not handled properly.
Data were collected from interviews and observations. As shown in Table 6, we conducted 15 semi-structured interviews, which took place over a two-week period, between October and November 2021. Experts, who were mostly from the IT units of both the European and north American sides of the company, were consulted. Their roles included the COO, team leaders, heads of department, senior analysts, development leads, system architects and solutions analysts. The interviewees’ professional IT experience ranged from 5 to 30 years, and the interviews lasted anywhere between 30 and 45 min. All the interviews were recorded and stored in a case database.
The first step of each interview was to present the definitions of SIT and BDN, and also the five concepts of BDN. Thereafter, the proposed BDN was shown, and the interviewee was asked for their input on the outputs shown on the BDN, e.g., which would they want to add? How would they interconnect (Appendix A)?
We followed the recommendations of the authors of [48], related to the interviews and the qualitative research enriching the experts’ viewpoints about a topic, adding valuable information. This approach allowed us to obtain important aspects that we had not been able to identify through our research and that were also useful in helping us validate our BDN. It was also important to form an idea of what the interviewees’ personal experiences with SIT were for the purpose of better understanding how much impact it makes and how big of an issue it really is in the workplace.
Furthermore, we made sure that the interviewees had early access to the definitions, the BDN and the questions to allow them to understand what the topic of the questionnaire would be, and, also, to allow us to clarify any questions they might have had on the subject prior to the interview. Our interviewees’ credibility was additionally confirmed by asking them for specific examples of when they had directly come face-to-face with SIT.

4.1. First Design Science Iteration

Some of the literature provided contradictory findings about SIT, and, while it is generally associated with risks, it is also argued that it could be beneficial to companies [14]. Most benefits were related to increased creativity, innovation and improved business performance by helping users to interact with systems that meet their particular needs by working around the limitations of existing information systems or processes in an organization [15]. It supports users to increase their performance and is innovative and flexible [16]. SIT can be a source of creativity and innovation [7]. The use of SIT boosts employees’ productivity and enables faster and better collaboration and communication [17], as it helps the circulation of information more instantaneously, in a way that is faster, and more agile, dynamic and practical, all without the need of formal permission [12].
Some of the benefits that are connected with the use of SIT are related to the creativity surrounding the systems—the perceived innovativeness of the systems and the stability and order brought about by the system [9]. This translates into an elevated level of motivation by the employees, which also raises productivity. If employees feel as though they are using the correct tools for their tasks, then they will be more likely to perform at the desired levels. Applications such as Skype, Facebook video calling and Google Talk are the main ones being used by co-workers to collaborate and communicate at work. There is a clear tendency among employees to use mainstream apps, as they are better known, easier to use, have a friendly interface and most of their issues and bugs are well documented on the internet. All these factors contribute to the adoption of SIT as a way to both facilitate tasks and improve performance, with some estimates finding that shadow systems account for more than 80% of the IT systems deployed by the end-users [9], as they can be very efficient and effective when used in place of the formal and standard systems already present [19].
Enterprise architecture (EA) can also benefit from SIT when planned accordingly and can have a significant impact if addressed from the correct point of view [32], as follows:
  • Current: SIT can beneficially be included to obtain a better global image of inventory and processes.
  • Change: overlooked SIT systems can have a serious impact on the success and outcome of changes, existing SIT systems can be converted or included in official EA and users can respond to poorly aligned EA by making SIT systems.
  • Future: several studies suggest that the successful organizations of the future will be the ones that will create opportunities for SIT systems and reduce central control over IT.
Engaging users in system development will eventually lead to fast adaptations to market changes, with the maximum insight and minimum cost, by creating local engagement, rapid adaptation and inexpensive innovation. This will make SIT too good to pass on, so organizations will eventually have to address it or risk allowing more non-regulated and non-controlled development of systems in order to keep pace with market- driven and rapid innovation requirements [32]. All this gathered information (Table 7) allowed us to create a BDN model that was oriented to SIT adoption, as shown in Figure 1, which was used as a reference to validate this research’s theory.
For the interview process and to help us to better understand and visualize all contributions, a color scheme was selected according to the input received from the interviewees—any new addition would be represented by the color green, any removal would be represented by the color red and any change to a currently existing field would be represented by the color yellow.
In order to validate the contributions and to avoid having artifacts with no correlation whatsoever, after the interviewees gave their opinions on the proposed BDN, they were also asked if they agreed with the input provided by their peers. We assumed that whenever a change was confirmed by more than three people, it would be considered valid and, therefore, would be added to the final artifact. Figure 2 presents the proposed BDN for SIT adoption.
One of the interviewees suggested only one change, so we considered that contribution invalid. Our first interview was with a project manager (PM), who had over 20 years of experience in IT. They agreed with the proposed BDN, but suggested the following, as displayed in Figure 3: adding “update IT policies” to the enabling changes column; adding “increased productivity and efficiency” to the investment objectives; merging the fields “analysis of data”—which could not be analyzed previously—and “evidence-based action”; removing ”improve business processes” from the investment objectives column; and removing “prevent fraud” from the investment objectives column.

4.2. Second Iteration

The second interview was with a solutions analyst, with over 15 years of experience in client success, while working mostly in the communications industry. Their suggestions were as follows: “review system performance” should be an IT enabler, as it is one of the first steps taken before implementing new solutions—it is a verification process; and “setup of new data sources”—in business changes—should be linked to “create new data policies” and “define new processes”, as they are all related to implementation.

4.3. Third Iteration

This interview was with a team leader, with over 20 years of experience in IT consulting and business management. Their recommendations were as follows: adding “network infrastructure” as an enabling change; add “process automation” as an enabling change; “evidence-based action taking”, “refinement of business processes” and “identification of flawed processes” should be linked to increased customer retention rate; the identification of flawed processes should be linked to “improved delivery times”; replace the “refinement of business processes” with “improved business processes”; adding environmental social governance (ESG) as an investment objective, linked to “improved business processes”; add “data analysis” as a business change, linked to the “identification of hidden patterns in data” and the “refinement of business processes”; replacing “data governance sources” with “apply data governance”; link “data quality”, as a business benefit, to “setup of new data sources” and “apply data governance”; replace “identification of new opportunities” with “creation of new opportunities”; and replace “review system performance” with “overall system interaction”.

4.4. Fourth Iteration

The interviewee had eleven years of experience in IT and currently works as a head of IT operations. Regarding the suggested BDN, they recommended the following: adding “risk assessment and compliance” to the IT enablers column; adding “implementation of new IT policies” to the enabling changes column, and connecting it to the latter; merging “define new processes” with “create new data policies”; merging “refinement of business processes” and “identification of flawed processes”—from the business benefits column—with “improve business processes”—which would go from the investment objective column, into the business benefits column; and add “improved process visibility” as an investment objective—to be linked to improving business processes.

4.5. Fifth Iteration

The interviewee had over 30 years of experience in IT and currently works as a PM, they were familiar with SIT. While analyzing the proposed BDN, they suggested the following: adding “setup of backups” to the enabling changes column—to be linked with IT enabler system availability; adding “non-IT enablers” and “business understanding” to the IT enablers column; adding “IT support” and “setup of backups” to the enabling changes column; and adding “organizational control” as a business benefit.

4.6. Sixth Iteration

Our interviewee had over five years of experience in the IT field and currently works as a PM. They started by mentioning that all fields presented in the BDN were valid, but they also had some suggestions, such as the following: renaming “identification of new business models” as “business model innovation (BMI)”; linking “identification of new opportunities” with “identification of hidden patterns in data” and “identification of new business models”; linking “data quality” with “identification of hidden patterns in data”; and linking “identification of new business models” with “increase revenue” and “increase customer retention rate”.

4.7. Seventh Iteration

Currently a team leader, with over 12 years of experience, this interviewee was very familiar with SIT, including experiencing it firsthand as an in-house developed tool, which went all the way to being accepted and utilized by the whole company, even though it was a lengthy process. Upon analyzing the proposed BDN, they suggested the following, as demonstrated in this step.: adding “reduced turnaround times” as a business benefit; adding “improved efficiency” as an investment objective; adding “adjustment of existing business processes” to the business changes column; linking “adjustment of existing business processes” to the setup of new training programs; and linking “define new processes” with “integration between various tools”.

4.8. Eighth Iteration

This interviewee currently works as head of IT Security and oversees all company operations, being very familiar with SIT and its consequences for users and for the company. When discussing the proposed BDN, they suggested the following, as shown: removing “refinement of business processes”, as it is not a business benefit and replacing it with “improve business processes”; removing “prevent fraud” from the investment objectives; adding “efficiency”, “innovation”, “organizational sustainability” and ESG as investment objectives; adding “attract and retain talent” to the business benefits and linking it to “organizational structure change” and the “identification of new opportunities”; replacing “network infrastructure” with “IT infrastructure”; merging “review system performance” with “review current technology”; linking “review current technology” with “setup new data sources”, “new risk management procedures”, “data governance sources” and “identification of new opportunities”.

4.9. Design Iteration

With over 23 years of experience as a network architect and systems administrator, this interviewee claimed to have some knowledge on SIT and its impact on organizations. As displayed in this step, their suggestions were as follows: moving “improve business processes” from the investment objectives column, into the business benefits column and have it replace “refinement of business processes”; linking “improved business processes” with “improve delivery times”; adding “innovation” and “organizational sustainability” to the investment objectives and linking them with “improved business processes” and “gain competitive advantage”; replacing “network infrastructure” with “IT infrastructure”; merging “review system performance” and “review current technology” with the latter; linking “review system performance” with “identification of new opportunities”, “new risk management” and “data governance sources”; and add “new communication channels” and link it with “improve business processes” and “identification of hidden patterns in data”.

4.10. Tenth Iteration

Currently part of the executive team, this interviewee had vast experience in IT management and was very much aware of the existence of SIT and its negatives. When reviewing the proposed BDN, they suggested the following: replacing “refinement of business processes” and “identification of flawed processes” with “improve business processes”; adding ESG as an investment objective; linking “review system performance” with “data governance sources” and “data quality”; linking “review current technology” with “identification of new opportunities”, “new risk management procedures”, "data governance sources” and “data quality”; adding “review of systems landscape” and putting it in place of “review current technology”; replacing “network infrastructure” with “IT infrastructure”; adding “system scalability” as an enabling change and linking it with IT infrastructure; and replacing “prevent fraud” with “regulatory compliance”.

4.11. Eleventh Iteration

This interviewee had vast experience in the IT field and currently works as the head of IT services. They were not very familiar with the specific terms of SIT, but admitted that it is something that they use multiple times. Their suggestions for the proposed BDN were as follows: adding “improve net promoter score (NPS)” to the investment objectives; moving “analysis of data that could not be analyzed previously” to the business changes and replace it with “providing better support and information”; replacing “refinement of business processes” with “improve business processes”; moving “improve delivery time” to the business benefits column; adding “ESG” as an investment objective; replacing “network infrastructure” with “IT infrastructure”; adding “review new technology and performance”—by moving “review system performance” to enabling changes and connecting it with “identification of new opportunities”, “new risk management procedures” and “new communication channels”; and merging “evidence-based action taking” and “understanding the impact of previous decisions” to the latter.

4.12. Twelfth Iteration

This interviewee was familiar with SIT, however, they were not aware that it was widely seen as a risk, since their experience with it had been positive, so far. Upon discussion, after taking a look at the proposed BDN, they suggested the following: replacing the investment objectives column with ROI (return of investment); moving “improve business processes” to business changes and linking it to “refinement of business processes”; replacing “prevent fraud” with “mitigation of risks and security”; adding ESG to ROI and linking it to “evidence-based action taking”; and replacing “network infrastructure” with “IT infrastructure”.

4.13. Thirteenth Iteration

The interviewee had vast experience in IT strategy, and, despite the fact that they were not familiar with SIT, they were very familiar with the BDN concepts. The suggestions made by them were as follows: reducing the number of investment objectives by prioritizing (preferably into three); removing “improve business processes” and “prevent fraud” from the investment objectives; adding “accelerate turnaround time” to the business changes; adding “transformation” to the business benefits and linking it with “accelerate turnaround times”; adding “mitigate risks” as a business benefit and linking it with “new risk management procedures”; linking “mitigate risks”, “increased customer retention rate” and “gain competitive advantage”; linking “transformation” with “gain competitive advantage”; and linking "transformation” with “setup of new data sources” and “organizational structure change”.

4.14. Fourteenth Iteration

With vast experience in IT management, this interviewee was familiar with the concepts of SIT. After a brief explanation they suggested the following: adding ESG as an investment objective; replacing “network infrastructure” with “IT infrastructure”; and making “improve business processes” a business benefit.

4.15. Data Saturation

For this particular situation, data saturation was observed to help determine the state of the artifact and to prepare it for the evaluation phase. During the qualitative research, the purpose was to understand when the data gathered were unnecessary, based on what had already been gathered and analyzed. The reason for the use of data saturation was due to a particular observation being repeated or similar comments seeming to be repeated, and, after 15 interviews [50,51] we had to stop because no new insights were added (Table 8).

4.16. Findings—Final Artifact

All the information was carefully analyzed based on the feedback received from our interviewees, and it was decided that, in order to validate a change or suggestion, it would have to be confirmed at least by three separate interviewees. As seen in Figure 4, new fields that were added to the BDN included the following: ESG was added as an investment objective; “network infrastructure” was replaced with “IT infrastructure” in the IT enablers; “evidence-based action taking” and “understanding the impact of previous decisions” were merged into the latter; “improve business processes” was removed from the investment objectives and placed as a business benefit, and “identification of flawed processes” and “refinement of business processes” was merged into it; “prevent fraud” was removed; and “review system performance” was merged with “review system performance” in the latter.
This section may be divided by subheadings. It should provide a concise and precise description of the experimental results and their interpretation, as well as the experimental conclusions that can be drawn.

5. Discussion

SIT is a socio-technical phenomenon [21], and whether it is good, bad or even neutral is not clear yet, as opinions diverge on what really happens in organizations, on how to handle it or if it is even worth the risk, as many times, in practice, the situation is often more complicated [12]. Aspects such as company data safety being more important than employee satisfaction or productivity, and profit being the main focus no matter the downside make the behavioral consequences of utilizing shadow IT ambiguous [37], as employees justify their use on the grounds of better productivity; however, on the other hand, management and IT departments spend a lot of time, effort and capital to ensure that the company system stays up-to-date and protected. There is no clear solution for this dilemma, as both sides have very valid reasons for why they are doing what they are doing, and the differences are sometimes abysmal, with multiple companies finding it difficult and often impossible to fill this gap on their own [23]. Often, organizations find themselves in an area of conflict, as IT integration might eliminate the benefits that SIT offers [21].
There is a need to try to find common ground, one where IT departments and employees are on the same page and where both work together towards productivity and dynamism. There is a need for consensus when it comes to SIT because it is not going away, but quite the opposite, there is an increase in its use as big tech companies focus more and more on the cloud and cloud-based services, which are interactive and friendly to the user—even the management use these solutions—which further strengthens the usage of SIT [23]. This is something that IT departments and management can use to improve the corporate IT landscape accordingly, which may have a positive impact on a company’s progress. To summarize, SIT exists alongside formal enterprise systems and either complements, expands or supplements them [21].
Despite all the initiatives promoted by companies and IT departments, the rate at which employees still use SIT solutions for their daily tasks is a major concern for companies [12]. This explains how a lot of management still looks at this reality, as most of the time they see it as a risk, dangerous for system integrity and for the normal functioning of the company. SIT can be used by one individual or by a group of employees, which suggests two levels of use: individual and collective use [36]. More often than not, SIT is looked at as a liability, and this sometimes incites employees to use it, even though it is unapproved. Using SIT gives a sense of rebellion, and, at the same time, as it helps with tasks and to fulfill professional needs, employees look at it as a win–win situation. There needs to be further research in order to understand how it can be dealt with, so both the management and employees can benefit from this situation, diminish the gap between them and help companies to prosper. As it has been stated many times, SIT is only growing, so it has to be dealt with, instead of being abolished or banned. One of the main issues is that these shadow solutions and devices leave no blueprints behind, making it extremely difficult to assess their actual risk [19]—it undermines both the main system of a company and causes damages to organizational processes and information. There is still a lack of knowledge, so not many organizations are taking risks and would rather avoid SIT instead of considering embracing it. Often, organizations can solve these inefficiencies by converting SIT into business-managed IT [21].
Additionally, the fact that employees depend on their own knowledge and experience to address their daily tasks in a way they feel best fits their needs, while believing that the delivery of results will surpass the consequences of using SIT [9], is one of the biggest reasons why it is spreading so fast. Often, employees view IT departments as holding them back and not as an entity that can help, as some in-house built solutions are not as interactive or user friendly as some of the solutions being used in the “shadow”. Even when the in-house solutions meet the employees’ needs, issues such as bugs, FAQs and updates will still exist. As most employees still rely on the IT department to help resolve these issues, when they cannot access that help right away, they will resort back to the solutions they know best, so companies and their data then face the same risks and liabilities when it comes to SIT. Communication and politics play a role in all of this, as they play a critical part in the overall success of SIT and the organization, in general. Disagreements between departments or a lack of communication between the staff can all lead to a company failing to implement possible solutions to SIT. Some believe that the reason for this is because of social factors—for instance, the social presence—have a profound influence on the ways in which individuals perceive and use this technology [12].
The challenge for CIOs and IT departments is to identify the employee needs that are being filled by these solutions, and to find a way to adapt their company’s policy so that they can be used without risk to employees or to the company itself. Being strict should not be a solution anymore as, eventually, employees find a way around the implemented systems and measures—especially against integrating systems, resistance to change or technical incompatibility [21]. Part of the solution must be understanding SIT fully in order to embrace it and adapt to it, instead of treating it as a liability. SIT requires not to be treated as the problem, but as part of the solution. In this respect, the research suggests that this is almost non-existent, even though some researchers already chose to see the positives in it and the positive outcomes it might bring for organizations when properly embraced.
Thereby, the occurrence of SIT is a phenomenon that has been insufficiently explored on one hand, and, on the other hand, one that is often misinterpreted [8]. This is a big reason why this subject deserves more attention from both organizations and the scientific world.
Regarding enterprise mobility today, BYOD is one of the most dangerous sources of shadow IT. Using a personal device for work always implies system interaction with unlicensed software, unwanted applications and possible malware.
However, the results of this study show that shadow IT can have a positive or a negative impact, depending on the organization. In the present study, the organization was a Fintech, and the context in which the company operates due to its culture of freedom to use different devices and to work with personal devices has benefits.

6. Conclusions

There is not a considerable amount of research currently being conducted at an individual level when it comes to the benefits of SIT and the reasons behind why employees choose to or do not choose to embrace it, and to what organizations should do about this ever-growing phenomenon. While the literature on SIT has increased over the last two years, the current knowledge is still severely limited. Past studies have put more focus on the consequences and the governance side of SIT in an organizational context, shedding no light on the antecedents, precedents, reasons and motivations behind the use of SIT adoption at multiple levels within organizations. This creates a big gap in understanding what works and what does not, or of what are the benefits and the risks when it comes to approaching the existence of SIT in organizations.
As SIT studies within an innovational context are also limited, in this research we wanted to bring attention to the world of possibilities and solutions that it has to offer and to their motivations and benefits, to give a better understanding of this phenomenon. We identified that most opinions about SIT were neutral or focused on its negative impact, instead of analyzing the potential and intangibles that it has. There is a rising need for organizations and IT departments, worldwide, to adapt to new trends and advances in IT, especially one that has the ability to motivate and improve productivity and creativity within their ranks.
Organizational focus should be on how to integrate, incorporate, explain, understand and encourage SIT in order to unleash employees’ potential and to improve their production and their ability to deliver, instead of ignoring or fighting against its growth. This is what we wanted to achieve with this research, by shedding a light on the benefits of SIT in order to allow a clear analysis of what SIT is about and what it entails.
There are still some academics and IT professionals who believe that SIT is “undesirable” due to its risks, although more recent studies have stated that SIT “may be just what an organization needs”. In times of constant change and digital transformation, organizations need to have agile procedures to support facts and proper adaptation. However, without a minimum of control, such solutions can be disastrous.
There will continue to be contradicting opinions when it comes to a topic such as SIT, but in a world that is constantly evolving, it is important that organizations and management have in mind that not everything that is new or unknown will bring more harm than good. The focus must be to maximize its potential in order to achieve success, and sometimes, on taking calculated risks because, even though SIT has its negatives, the benefits of SIT adoption are numerous and there will still be a need for end-users to complete their jobs.
This study was limited by the interviews only being made in one company and by the fact that many people of interest were not available for an interview. Any future work with a bigger and broader focus in doing more interviews should be encouraged.
Therefore, this research concludes that there is a lot of potential and an upside to SIT adoption. In order to reach its benefits, there needs to be knowledge on what the system landscape of the company entails and a clear understanding of what the investment objectives are, as that is the starting point whenever taking a BDN approach in considering SIT adoption.

Limitations and Future Research

This research had some limitations. Firstly, the collected data were limited to one firm. Secondly, regarding the method used for data collection, in which in-depth interviews were adopted—other methods, such as a Delphi survey, could also be useful for this context. A longitudinal case study would also be interesting to analyze over a longer time-period, as well as in other types of industries. Further in-depth studies are also necessary to strengthen the outcomes for each benefit.

Author Contributions

Conceptualization, A.V.; Methodology, I.S.B. and A.V.; Software, I.S.B.; Validation, I.S.B., R.D.S. and G.A.D.; Formal analysis, A.V.; Investigation, A.V.; Writing—original draft, A.V.; Writing—review & editing, I.S.B., R.P., R.D.S. and G.A.D.; Visualization, R.P.; Supervision, I.S.B. and R.P.; Project administration, I.S.B.; Funding acquisition, R.D.S. All authors have read and agreed to the published version of the manuscript.

Funding

This work has been supported by FCT—Fundação para a Ciência e Tecnologia—within the R&D Units Project Scope: UIDB/00319/2020.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data presented in this study are available on request from the corresponding author.

Conflicts of Interest

The authors declare no conflict of interest.

Appendix A

Questionnaire for research on a Benefit Dependency Network for Shadow IT adoption.
Definitions:
(a)
Shadow information technology (SIT) describes the autonomous deployment, procurement or management of information technology. It represents all hardware, software, or any other technological solution used by employees inside of the organizational ecosystem that did not receive any formal IT department approval and is not prescribed by the formal policy.
(b)
Benefit dependency network (BDN) is a core tool in constructing a benefits realization plan, it provides a framework that links the investment objectives and the necessary benefits with the business changes needed to provide said benefits and IT functionality to push and allow for these changes to be made.
(c)
When discussing BDN, there are five concepts that cannot be dismissed:
  • Investment objectives—specific to the project and focuses on the outcome of the project, on what the project will achieve if successful
  • Business benefits—advantages that are incurred as a result of the project. When benefits are delivered, they will lead to achieve the investment objectives
  • Business changes—permanent changes to practices, processes and relationships within the organization, required in order to achieve benefits
  • Enabling changes—adjustments or changes that need to be implemented for business changes to take place
  • IT enablers—IT tools that must be implemented as well as IT considerations to be evaluated before introducing new technology.
Questions (after analyzing Figure 1):
  • Based on the explanation above, would you remove any of the outputs in Figure 1?
  • What outputs would you include on the table and how would they interconnect between each other?

References

  1. Haag, S.; Eckhardt, A. Shadow IT. Bus. Inf. Syst. Eng. 2017, 59, 469–473. [Google Scholar] [CrossRef]
  2. Ferreira, R.; Pereira, R.; Bianchi, I.S.; da Silva, M.M. Decision Factors for Remote Work Adoption: Advantages, Disadvantages, Driving Forces and Challenges. J. Open Innov. Technol. Mark. Complex. 2021, 7, 70. [Google Scholar] [CrossRef]
  3. Sengik, A.R.; Lunardi, G.L.; Scalabrin Bianchi, S.; Wiedenhöft, G.C. Using Design Science Research to Propose an IT Governance Model for Higher Education Institutions. Educ. Inf. Technol. 2022. [Google Scholar] [CrossRef] [PubMed]
  4. Györy, A.; Cleven, A.; Uebernickel, F.; Brenner, W. Exploring the Shadows: IT Governance Approaches to User-Driven Innovation. In Proceedings of the 20th European Conference on Information Systems, Barcelona, Spain, 11–13 June 2012. [Google Scholar]
  5. Silic, M.; Barlow, J.B.; Back, A. A New Perspective on Neutralization and Deterrence: Predicting Shadow IT Usage. Inf. Manag. 2017, 54, 1023–1037. [Google Scholar] [CrossRef] [Green Version]
  6. de Vargas Pinto, A.; Beerepoot, I.; Maçada, A.C.G. Encourage Autonomy to Increase Individual Work Performance: The Impact of Job Characteristics on Workaround Behavior and Shadow IT Usage. Inf. Technol. Manag. 2022. [Google Scholar] [CrossRef]
  7. Klotz, S.; Kopper, A.; Westner, M.; Strahringer, S. Causing Factors, Outcomes, and Governance of Shadow IT and Business-Managed IT: A Systematic Literature Review. Int. J. Inf. Syst. Proj. Manag. 2019, 7, 15–43. [Google Scholar] [CrossRef]
  8. Raković, L. Shadow IT—Systematic Literature Review. ITC 2020, 49, 144–160. [Google Scholar] [CrossRef] [Green Version]
  9. Sillic, M. Critical Impact of Organizational and Individual Inertia in Explaining Non-Compliant Security Behavior in the Shadow IT Context. Comput. Secur. 2019, 80, 108–119. [Google Scholar] [CrossRef]
  10. Kopper, A.; Westner, M.; Strahringer, S. From Shadow IT to Business-Managed IT: A Qualitative Comparative Analysis to Determine Configurations for Successful Management of IT by Business Entities. Inf. Syst. E-Bus. Manag. 2020, 18, 209–257. [Google Scholar] [CrossRef]
  11. Klotz, S. Shadow IT and Business-Managed IT: Where Is the Theory? In Proceedings of the 2019 IEEE 21st Conference on Business Informatics (CBI), Moscow, Russia, 15–17 July 2019; pp. 286–295. [Google Scholar]
  12. Mallmann, G.L.; Maçada, A.C.G. The Mediating Role of Social Presence in the Relationship between Shadow IT Usage and Individual Performance: A Social Presence Theory Perspective. Behav. Inf. Technol. 2021, 40, 427–441. [Google Scholar] [CrossRef]
  13. Richter, S.; Waizenegger, L.; Steinhueser, M.; Richter, A. Knowledge Management in the Dark: The Role of Shadow IT in Practices in Manufacturing. Int. J. Knowl. Manag. 2019, 15, 1–19. [Google Scholar] [CrossRef]
  14. Magunduni, J.; Chigona, W. Revisiting Shadow IT Research: What We Already Know, What We Still Need to Know, and How Do We Get There? In Proceedings of the 2018 Conference on Information Communications Technology and Society (ICTAS), Durban, South Africa, 8–9 March 2018; pp. 1–6. [Google Scholar]
  15. Furstenau, D.; Rothe, H.; Sandner, M. Shadow Systems, Risk, and Shifting Power Relations in Organizations. CAIS 2017, 41, 43–61. [Google Scholar] [CrossRef]
  16. Huber, M.; Zimmermann, S.; Rentrop, C.; Felden, C. The Influence of Shadow IT Systems on Enterprise Architecture Management Concerns. In Information Systems; Themistocleous, M., Morabito, V., Eds.; Lecture Notes in Business Information Processing; Springer International Publishing: Cham, Switzerland, 2017; Volume 299, pp. 461–477. [Google Scholar] [CrossRef]
  17. Mallmann, G.L.; Maçada, A.C.G.; Oliveira, M. Can Shadow IT Facilitate Knowledge Sharing in Organizations? An Ex-Ploratory Study. In Proceedings of the 17th European Conference on Knowledge Management-ECKM 2016, Ulster, Belfast, Ireland, 1–2 September 2016; pp. 550–558. [Google Scholar]
  18. Silic, M. Shadow It Steroids for Innovation. SSRN J. 2015. [Google Scholar] [CrossRef] [Green Version]
  19. Silic, M.; Back, A. Shadow IT—A View from behind the Curtain. Comput. Secur. 2014, 45, 274–283. [Google Scholar] [CrossRef]
  20. Behrens, S. Shadow Systems: The Good, the Bad and the Ugly. Commun. ACM 2009, 52, 124–129. [Google Scholar] [CrossRef]
  21. Huber, M.; Zimmermann, S.; Rentrop, C.; Felden, C. Conceptualizing Shadow IT Integration Drawbacks from a Systemic Viewpoint. Systems 2018, 6, 42. [Google Scholar] [CrossRef] [Green Version]
  22. Mallmann, G.L.; Maçada, A.C.G.; Oliveira, M. The Influence of Shadow IT Usage on Knowledge Sharing: An Exploratory Study with IT Users. Bus. Inf. Rev. 2018, 35, 17–28. [Google Scholar] [CrossRef]
  23. Walterbusch, M.; Fietz, A.; Teuteberg, F. Missing Cloud Security Awareness: Investigating Risk Exposure in Shadow IT. JEIM 2017, 30, 644–665. [Google Scholar] [CrossRef]
  24. Bianchi, I.; Dinis Sousa, R.; Pereira, R. Information Technology Governance for Higher Education Institutions: A Multi-Country Study. Informatics 2021, 8, 26. [Google Scholar] [CrossRef]
  25. Branco, T.; Bianchi, I.; de Sá-Soares, F. Cloud Computing Adoption in the Government Sector in Brazil: An Exploratory Study with Recommendations from IT Managers. In Proceedings of the Green, Pervasive, and Cloud Computing; Miani, R., Camargos, L., Zarpelão, B., Rosas, E., Pasquini, R., Eds.; Springer International Publishing: Cham, Switzerland, 2019; pp. 162–175. [Google Scholar]
  26. Peppard, J.; Ward, J.; Daniel, E. Managing the Realization of Business Benefits from IT Investments. MIS Q. Exec. 2007, 6, 1–11. [Google Scholar]
  27. Peppard, J.; Ward, J. Unlocking Sustained Business Value from It Investments. Calif. Manag. Rev. 2005, 48, 52–70. [Google Scholar] [CrossRef] [Green Version]
  28. Haag, S.; Eckhardt, A. Justifying Shadow It Usage. In Proceedings of the Pacific Asia Conference on Information Systems, PACIS 2015, Singapore, 5–9 July 2015. [Google Scholar]
  29. Shaw, P. Intervening in the Shadow Systems of Organizations: Consulting from a Complexity Perspective. J. Organ. Change Manag. 1997, 10, 235–250. [Google Scholar] [CrossRef]
  30. Eckartz, S.; Daneva, M.; Wieringa, R.; van Hillegersberg, J. Cross-Organizational ERP Management: How to Create a Successful Business Case? In Proceedings of the 2009 ACM symposium on Applied Computing-SAC ’09, Honolulu, HI, USA, 9–12 March 2009; p. 1599. [Google Scholar]
  31. Rentrop, C.; Zimmermann, S. Shadow IT Evaluation Model. In Proceedings of the 2012 Federated Conference on Computer Science and Information Systems, FedCSIS 2012, Szczecin, Poland, 9–12 September 2012; pp. 1023–1027. [Google Scholar]
  32. Tambo, T.; Baekgaard, L. Dilemmas in Enterprise Architecture Research and Practice from a Perspective of Feral Information Systems. In Proceedings of the 2013 17th IEEE International Enterprise Distributed Object Computing Conference Workshops, Vancouver, BC, Canada, 9–13 September 2013; pp. 289–295. [Google Scholar]
  33. Kretzer, M.; Maedche, A. Generativity of Business Intelligence Platforms: A Research Agenda Guided by Lessons from Shadow IT. In Proceedings of the MKWI 2014—Multikonferenz Wirtschaftsinformatik, Paderborn, Germany, 26–28 February 2014; pp. 207–220. [Google Scholar]
  34. Lund-Jensen, R.; Azaria, C.; Permien, F.H.; Sawari, J.; Bækgaard, L. Feral Information Systems, Shadow Systems, and Workarounds—A Drift in IS Terminology. Procedia Comput. Sci. 2016, 100, 1056–1063. [Google Scholar] [CrossRef] [Green Version]
  35. Steinhueser, M.; Waizenegger, L.; Vodanovich, S.; Richter, A. Knowledge Management without Management—Shadow It in Knowledge-Intensive Manufacturing Practices. In Proceedings of the European Conference on Information Systems (ECIS), Guimarães, Portugal, 5–10 June 2017; pp. 1647–1662. [Google Scholar]
  36. Mallmann, G.L.; Maçada, A.C.G.; Eckhardt, A. We Are Social: A Social Influence Perspective to Investigate Shadow IT Usage. In Proceedings of the Twenty-Sixth European Conference on Information Systems (ECIS2018), Portsmouth, UK, 23–28 June 2018. [Google Scholar]
  37. Haag, S.; Eckhardt, A.; Schwarz, A. The Acceptance of Justifications among Shadow IT Users and Nonusers—An Empirical Analysis. Inf. Manag. 2019, 56, 731–741. [Google Scholar] [CrossRef]
  38. Fürstenau, D.; Rothe, H.; Sandner, M. Leaving the Shadow: A Configurational Approach to Explain Post-Identification Outcomes of Shadow IT Systems. Bus. Inf. Syst. Eng. 2021, 63, 97–111. [Google Scholar] [CrossRef] [Green Version]
  39. Jarrahi, M.H.; Reynolds, R.; Eshraghi, A. Personal Knowledge Management and Enactment of Personal Knowledge Infrastructures as Shadow IT. ILS 2021, 122, 17–44. [Google Scholar] [CrossRef]
  40. Barreto, J.L.S.; Espinoza, R.A.B.; Dávila, G.A. Blockchain-Based System to Ensure the Integrity of Used Vehicle Purchase Transactions: Under Researchers’ Perspective. In Digital Technologies and Transformation in Business, Industry and Organizations; Pereira, R., Bianchi, I., Rocha, Á., Eds.; Springer International Publishing: Cham, Switzerland, 2022; pp. 121–141. ISBN 978-3-031-07626-8. [Google Scholar]
  41. Maritz, J.; Eybers, S.; Hattingh, M. Implementation Considerations for Big Data Analytics (BDA): A Benefit Dependency Network Approach. In Responsible Design, Implementation and Use of Information and Communication Technology; Hattingh, M., Matthee, M., Smuts, H., Pappas, I., Dwivedi, Y.K., Mäntymäki, M., Eds.; Lecture Notes in Computer Science; Springer International Publishing: Cham, Switzerland, 2020; Volume 12066, pp. 481–492. ISBN 978-3-030-44998-8. [Google Scholar]
  42. Ward, J.; Taylor, P.; Bond, P. Evaluation and Realisation of IS/IT Benefits: An Empirical Study of Current Practice. Eur. J. Inf. Syst. 1996, 4, 214–225. [Google Scholar] [CrossRef]
  43. Siddiqui, R. Bring Your Own Device (BYOD) in Higher Education: Opportunities and Challenges. Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS) 2014, 3, 233–236. [Google Scholar]
  44. Barlette, Y.; Jaouen, A.; Baillette, P. Bring Your Own Device (BYOD) as Reversed IT Adoption: Insights into Managers’ Coping Strategies. Int. J. Inf. Manag. 2021, 56, 102212. [Google Scholar] [CrossRef]
  45. Junglas, I.; Goel, L.; Rehm, S.-V.; Ives, B. On the Benefits of Consumer IT in the Workplace—An IT Empowerment Perspective. Int. J. Inf. Manag. 2022, 64, 102478. [Google Scholar] [CrossRef]
  46. Hevner; March; Park; Ram Design Science in Information Systems Research. MIS Q. 2004, 28, 75. [CrossRef]
  47. Peffers, K.; Tuunanen, T.; Rothenberger, M.A.; Chatterjee, S. A Design Science Research Methodology for Information Systems Research. J. Manag. Inf. Syst. 2007, 24, 45–77. [Google Scholar] [CrossRef]
  48. Myers, M.D. Qualitative Research in Business and Management; SAGE: London, UK, 2013; ISBN 0-85702-973-8. [Google Scholar]
  49. Silic, M.; Silic, D.; Oblakovic, G. Shadow IT: Steroids for Innovation. CEUR Workshop Proc. 2016, 1612, 113–120. [Google Scholar] [CrossRef] [Green Version]
  50. Marshall, B.; Cardon, P.; Poddar, A.; Fontenot, R. Does Sample Size Matter in Qualitative Research?: A Review of Qualitative Interviews in Is Research. J. Comput. Inf. Syst. 2013, 54, 11–22. [Google Scholar] [CrossRef]
  51. Hennink, M.; Kaiser, B.N. Sample Sizes for Saturation in Qualitative Research: A Systematic Review of Empirical Tests. Soc. Sci. Med. 2022, 292, 114523. [Google Scholar] [CrossRef] [PubMed]
Informatics 09 00095 g001 550
Figure 1. DSRM Process Model Followed.
Figure 1. DSRM Process Model Followed.
Informatics 09 00095 g001
Informatics 09 00095 g002 550
Figure 2. Proposed BDN for SIT adoption.
Figure 2. Proposed BDN for SIT adoption.
Informatics 09 00095 g002
Informatics 09 00095 g003 550
Figure 3. Proposed BDN after first DSR iteration.
Figure 3. Proposed BDN after first DSR iteration.
Informatics 09 00095 g003
Informatics 09 00095 g004 550
Figure 4. Proposed BDN for SIT.
Figure 4. Proposed BDN for SIT.
Informatics 09 00095 g004
Table
Table 1. Analysis of Shadow IT impact.
Table 1. Analysis of Shadow IT impact.
Shadow IT Impact
AuthorSourcePositiveNegativeNeutralDid Not MentionBDN References
(Shaw, 1997)[29] x-
(Behrens, 2009)[20]x -
(Eckartz, Daneva, Wieringa and van Hillegersberg, 2009)[30] x -
(Rentrop and Zimmermann, 2012)[31] x-
(Györy, Cleven, Uebernickel and Brenner, 2012)[4] x-
(Tambo and Baekgaard, 2013)[32]x -
(Silic and Back, 2014)[19] x -
(Kretzer and Maedche, 2014)[33] x -
(Haag and Eckhardt, 2015)[28]x -
(G. L. Mallmann, Maçada and Oliveira, 2016)[17] x -
(Lund-Jensen, Azaria, Permien, Sawari and Bækgaard, 2016)[34] x-
(Silic, 2015)[18] x -
(Furstenau, Rothe and Sandner, 2017)[15] x -
(Silic, Barlow, and Back, 2017)[5] x -
(Walterbusch, Fietz and Teuteberg, 2017)[23] x-
(Haag and Eckhardt, 2017)[1]x -
(Huber, Zimmermann, Rentrop and Felden, 2017)[16] x -
(Steinhueser, Waizenegger, Vodanovich and Richter, 2017)[35]x -
(Mallmann, Maçada and Eckhardt, 2018)[36] x -
(Mallmann, Maçada and Oliveira, 2018)[22] x -
(Huber, Zimmermann, Rentrop, and Felden, 2018)[21] x -
(Magunduni and Chigona, 2018)[14] x -
(Klotz, Kopper, Westner and Strahringer, 2019)[7] x -
(Haag, Eckhardt and Schwarz, 2019)[11] x -
(Haag, Eckhardt and Schwarz, 2019)[37]x -
(Mallmann and Maçada, 2021)[12] x -
(Richter, Waizenegger, Steinhueser and Richter, 2019)[13]x -
(Sillic, 2019)[9] x -
(Raković, 2020)[8] x-
(Fürstenau, Rothe and Sandner, 2021)[38] x -
(Jarrahi, Reynolds and Eshraghi, 2021)[39] x -
(Kopper, Westner and Strahringer, 2020) [10] x -
Table
Table 2. BDN concepts.
Table 2. BDN concepts.
ConceptDefinition
Investment objectivesOutcome of the project
Business benefitsAdvantages incurred as result of the project
Business changesPermanent organizational changes
Enabling changesNon-permanent organizational changes
IT enablersTechnological requirements
Table
Table 3. DSR Principles.
Table 3. DSR Principles.
DSR PrinciplesExplanation
AbstractionThis research consisted of the creation of a BDN for SIT, in order to give a better understanding of the benefits organizations can derive from SIT adoption.
OriginalityThe proposed artifact was not in the body of knowledge (BoK).
JustificationThe justification was based on the methods proposed for its evaluation. Qualitative interviews were conducted with the executive team members, managers and team leaders of the proposed artifact, and with this contribution it was possible to add value to the artifact.
BenefitA BDN that displayed possible benefits of SIT adoption and that allowed decision makers to obtain useful information—which would aid in the decision-making process and attempt to improve the performance of the organization—was developed.
Table
Table 4. DSR Guidelines.
Table 4. DSR Guidelines.
Guideline 1: Design as an Artifact
The artifact proposed by the research was a BDN for SIT adoption.
Guideline 2: Problem Relevance
Need to have a BDN to help analyze the benefits of SIT adoption for an organization.
Guideline 3: Design Evaluation
Semi-structured interviews,
evaluated and suggested by interviewees who are in charge of decision making.
Guideline 4: Research Contribution
A new artifact, not present in the body of knowledge.
Guideline 5: Research Rigor
The main principles, practices and procedures of SLR and DSR were adopted to increase the credibility of the artifact and the consequent contribution of the research.
Guideline 6: Design as a Search Process
The result obtained was the departure from the unknown. A combination of good practices and relevant guidelines for prototype development.
Guideline 7: Communication of Research
The submission of the article to a journal/conference with high credibility and respect in the scientific community.
Table
Table 5. Questionnaire approach.
Table 5. Questionnaire approach.
Steps
Present the interviewee with SIT and BDN definitions.
Present the interviewee with BDN concepts.
What outputs should be expected from SIT adoption, based on the shown BDN concepts?
Show suggested BDN table and ask interviewee what their opinion is on the relationships presented and on what changes they would suggest.
Table
Table 6. Interviewees’ Profiles.
Table 6. Interviewees’ Profiles.
DSR InteractionAreaRoleExperience (years)
1ITProject Manager (PM)20
2ITSolutions Analyst15
3Client SuccessTeam Leader20
4ITHead of Operations11
5ITPM30
6ITPM5
7Client ExperienceTeam Leader12
8ITHead of Securityn/a
9ITSystems Administrator23
10ITExecutive Teamn/a
11ITHead of Servicesn/a
13ITPMn/a
14ITStrategyn/a
15ITData Analystn/a
Table
Table 7. SIT benefits.
Table 7. SIT benefits.
AuthorConcept
[20]Creativity surrounding the systems, the perceived innovativeness of the systems and the stability and order brought about by the system.
[4]Enhances the employees’ freedom and boosts their effectiveness.
[19]Very efficient and effective when used in place of the formal and standard systems already present.
[49]Important source of innovation.
[17]Boosts productivity and enables faster and better collaboration and communication.
Instantaneous, agile, fast, dynamic, immediate, practical and speedy nature of the information.
[5]Efficient and effective.
[16]Supports users to increase performance and is innovative and flexible.
[15]Creativity, innovation and improved business performance.
[14]Beneficial to companies.
[13]Increased employee responsiveness and decision-making speed.
[12]Helps the circulation of information to be more instantaneous, agile, fast, dynamic and practical, all without the need of formal permission.
[7]Source of creativity and innovation.
[10]Increased agility, productivity or innovation.
Table
Table 8. Total contributions from interviewees during DSR iterations.
Table 8. Total contributions from interviewees during DSR iterations.
RelationsUpdated or Added
IterationContributedTotalFieldsRelationships
15550
23812
3142268
472952
573661
664215
754732
8156286
9127457
10128657
11119783
12810552
131211757
14312030
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Scalabrin Bianchi, I.; Vaquina, A.; Pereira, R.; Dinis Sousa, R.; Dávila, G.A. A Benefit Dependency Network for Shadow Information Technology Adoption, Based on Practitioners’ Viewpoints. Informatics 2022, 9, 95. https://doi.org/10.3390/informatics9040095

AMA Style

Scalabrin Bianchi I, Vaquina A, Pereira R, Dinis Sousa R, Dávila GA. A Benefit Dependency Network for Shadow Information Technology Adoption, Based on Practitioners’ Viewpoints. Informatics. 2022; 9(4):95. https://doi.org/10.3390/informatics9040095

Chicago/Turabian Style

Scalabrin Bianchi, Isaias, António Vaquina, Ruben Pereira, Rui Dinis Sousa, and Guillermo Antonio Dávila. 2022. "A Benefit Dependency Network for Shadow Information Technology Adoption, Based on Practitioners’ Viewpoints" Informatics 9, no. 4: 95. https://doi.org/10.3390/informatics9040095

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop