A Beneﬁt Dependency Network for Shadow Information Technology Adoption, Based on Practitioners’ Viewpoints

: Shadow information technology (SIT) revolves around systems that are hidden but are still managed by the same business entities. It consists of the use of devices, software, systems and applications without the information technology (IT) department’s approval. Employees use IT without the knowledge of the IT department, and it creates a gap in communications, as the IT department loses the knowledge of the reality within the company. However, there are beneﬁts involved. In order to take advantage of these beneﬁts, changes have to be implemented in the way that business activities are handled. The beneﬁts should be a direct result of the changes, of the difference between the ongoing and the suggested way that activities should be undertaken, and the levels of efﬁciency and effectiveness to which people deliver their daily tasks. The objective of this study was to propose a beneﬁt dependency network (BDN) for SIT, and, through its concepts, to synthetize our ﬁndings and specify the connections between SIT practices and their beneﬁts. This research was conducted a systematic literature review (SLR) and used a design science research methodology, adopting semi-structured interviews with fourteen interactions to propose a BDN for SIT. We proposed a model with ﬁve dimensions related to a BDN for SIT. By understanding the BDN and the beneﬁts of SIT, it is easier to have a better notion of the implications and the factors involved in order to assist the decision-making process. Whether an organization wants to reach innovation, increase revenue or retain clients, the BDN helps with analysis and selection, and is something that organizations should take seriously, as it is essential to have knowledge about what the beneﬁts are and how they can be reached. To the best of the authors’ knowledge, this research included and replaced several processes in the BDN for SIT, in a topic that is still underexplored.


Introduction
Currently, technology is evolving at a tremendous and accelerated pace, it seems as though everyday there is new software that absolutely changes the way that things are made and perceived. On the other hand, every day more and more people are gaining access to smartphones, to the internet and to all the benefits these bring along. Furthermore, innovative information technology (IT) applications and the services offered in the cloud-easily accessible via the internet, either for free or on a flexible pay-per-use basis-are increasing fast [1][2][3]. All of this can and is being used by employees on laptops, tablets and smartphones to work in a more efficient way, from work or at home, to help better accomplish their daily work requirements. However, while these benefits drive the This research aimed to propose a BDN for SIT, through SLR and DSR methodologies, to specify the connections and benefits that may arise if companies start looking at SIT as a solution and not as a problem.
This article is structured as follows: Section 2 presents the related work. Section 3 describes the research methodology used in this study-adopting design science research. Section 4 presents the design and development of our artefact. Section 5 presents the discussion. Finally, Section 6 presents the conclusion.

Why Is SIT So Appealing?
Inadequate IT solutions lead to the deployment of SIT [7], which is guided by the need of the user-driven fulfilment of requirements [4]. It is the rate at which informal and collaborative information technology is being implemented autonomously by employees to help them perform their work [12]. It describes the circumstance of users starting to develop IT systems with their own capabilities [32], which are against corporate guidelines and hidden from official IT governance. It is developed by users with strong knowledge of local business processes, and it fills the existent void of formal IT competencies, and, for this reason, it can live for a long time without receiving any attention from IT staff. SIT is often readily available and is perceived as being easier to use than central systems and more cost effective [15]. In fact, 80% of employees use software that has not been approved by the IT organization [7] as security policies are ignored by employees and managers due to a lack of employee training [4].
SIT is an insider threat, which is caused by the members of an organization [4]. It has been reported that 32% of employees say that insider violations are more costly or damaging than incidents perpetrated by outsiders [5]. ERP implementations that fail to add value and achieve benefits are associated with a lack of trust and the dissatisfaction of employees with current systems. The constantly improving technical knowledge of users and the growing accessibility to cloud-based IT solutions can easily influence the creation of SIT [14]. SIT is used as a solution to the limitations and existing issues with formal systems, which are often highly consolidated and have complex user interfaces (UIs), and, as a consequence, users choose to enforce solutions from third-party vendors or self-made solutions in order to make processes simpler and to improve the user experience. An organization's evolution can be understood as emerging from all these local network interactions [29].
Organizations also have a share in the blame for this deviant behavior by not providing appropriate systems for employees to perform their tasks [17].
Often, SIT can be more beneficial or efficient than legacy systems [9], and, although some organizations explicitly allow the use of SIT, most use a range of formal riskmanagement tools (IT service management, IT governance and IT security management) to direct, restrict and control the activities of BUs [15]. Central management can permit end users to implement SIT solutions, apply a strategy to monitor its implementation and regulate it through IT policies [32,40]. The IT department should try to identify solutions being used by department teams, because identified SIT brings less risk than unknown SIT.
The use of SIT is an effective reaction to the frustration experienced by employees [28] because of unaddressed business needs and slow responses to IT requests. End-users also implement SIT as a form of resistance to sanctioned systems, with some claiming its use shows the need for innovation [14]. This dissatisfaction is often caused by the misalignment of the IT department's objectives with the other departments' objectives; therefore, SIT systems succeed in environments where top management supports the development and implementation of such systems. SIT is popular with employees and can lead to higher user satisfaction as it can provide specific functionality or familiarity [7]. Because they need suitable IT solutions, they help themselves by implementing SIT [23]. This is one of the reasons why SIT should be looked at from an individual level, rather than from an organizational level [9].
SIT consists of autonomous developed and supplied systems, processes and organizational units [31], which exist without the acceptance or support of the IT department. It will often emerge if a business unit does not perceive its ability to influence the actions that a central IT department takes to fulfill its demands [15].
SIT has both positive and negative outcomes and is the result of the gap between the requirements of the stakeholders and the implementation of the systems [34]. A more systematic understanding of the dynamic interaction between the shadow systems, risk and power would be important for IT managers and for governance professionals in order to better address this issue and to find long-term solutions. SIT usage can be classified as a volitional action-the employee is deliberately undertaking an action, but without any malicious intentions [5].

The Benefit Dependency Network Dilemma
Many organizations focus on technology's implementation, and do not give attention to the realization of the expected business benefits [23]. Benefits arise from changes and innovations, and they surface when IT gives people the power to accomplish things with more effectiveness and efficiency, thus creating a demand for improvements in how information is used. Benefits from IT investments do not just "happen", they need a firm commitment from organizations to drive the investment through organizational change [41], as many projects fail due to the lack of proper tools to assist in IT investment decision-making and management issues.
Furthermore, understanding the business context of the investment being considered is crucial as, all too often, IT projects become technology projects rather than primarily business change projects, and the context for the investment is soon forgotten [27]; therefore, in some of these cases the projects are brought to a halt, which is not optimal.
The benefits may be considered as the effect of the changes [42]. If any organization wishes to evolve and stay on pace with today's technology then change is something they should be ready and prepared to face.
For this research, the tool used was the benefit dependency network (BDN), due to its capability to graphically display the change requirements and to consider the connections based on technology, people and processes, while showing the expected benefits. It also seemed the most appropriate tool for this level of initial analysis. BDN provides a framework for explicitly linking the overall investment objectives and the requisite benefits with the business changes necessary to deliver those benefits and with the essential IT functionality to both drive and enable these changes to be made [27].
When discussing BDN, as shown in Table 2, there are five concepts that cannot be dismissed, as per [41]. These are as follows: • Investment objectives-specific to the project and focused on the outcome, i.e., on what the project will achieve if successful.

•
Business benefits-advantages that are incurred as a result of the project. When benefits are delivered, they will lead to organizations achieving the investment objectives.

•
Business changes-permanent changes to practices, processes and relationships within the organization, which are required in order to achieve the benefits. • Enabling changes-adjustments or changes that need to be implemented for business changes to take place. • IT enablers-IT tools that must be implemented, as well as IT considerations to be evaluated before introducing new technology. Organizations need to take a holistic approach when it comes to adopting SIT. Consideration needs to be given to decisions with regards to the skills of people, the impact on the structure of the organization, the business processes, and the technology changes necessary to deliver the benefits and investment objectives. Each domain of the BDN should be considered prior to SIT adoption, as organizations are encouraged to find new ways to implement new technologies, without completely relying on existing technology, as a BDN model approach can assist in identifying organizational technology considerations.

Bring Your Own Device (BYOD)
The bring your own device (BYOD) concept is spreading very quickly in the organizations that hugely depend on IT infrastructure and that need their employees to be connected to the organization's computer network for most of their tasks [43]. Simply put, BYOD means allowing employees to access an organization's network via their own devices/technology. The adoption of BYOD, initiated by employees, refers to the provision and use of personal mobile devices and applications for both private and business purposes [44]. BYOD is a concept that allows employees to utilize their personally owned technology devices to stay connected to, access data from, or complete tasks for their organizations. At a minimum, BYOD programs allow users to access employer-provided services and/or data on their personal tablets/e-readers, smart phones and other devices [43].
BYOD provides an important benefit to both companies and their employees, in particular in Fintechs [45]. It provides great convenience for employees because they no longer need to carry several devices. It also allows individuals to select the sort of gadget with which they are most accustomed and comfortable. BYOD eliminates the need for organizations' IT departments to acquire more mobile devices for employees. This configuration considerably decreases their expenses and alleviates part of the stress of servicing those mobile devices.
Firstly, it creates a significant convenience for employees as they no longer have to carry multiple devices with them. It also allows them to choose the type of device they are most familiar with and most comfortable with using. For companies, BYOD means that the IT department no longer has to purchase additional mobile devices for employees. This setup reduces their costs significantly and reduces some of the burden of supporting those mobile devices.

Research Methodology
The research methodology adopted by this investigation was the design science research (DSR). The aim was to design, build and evaluate the network we pretended to analyze.
DSR was the appropriate choice as it seeks to extend the boundaries of human and social capabilities by creating new and innovative artifacts that enable globalization, integration, increased productivity and rapid adaptation [46]. The goal was to develop a framework for the better comprehension, execution and evaluation of the research, as well as to measure the impact on the organization.
To reach this objective, a design science research methodology (DSRM) seemed to be the right option, as it attempts to develop and acquire information that brings effectiveness into a real-world context, as displayed in Figure 1. The DSR approach consists of the following three elements: conceptual principles, practical rules and procedures to perform and conduct research [47].

Research Methodology
The research methodology adopted by this investigation was the design science research (DSR). The aim was to design, build and evaluate the network we pretended to analyze.
DSR was the appropriate choice as it seeks to extend the boundaries of human and social capabilities by creating new and innovative artifacts that enable globalization, integration, increased productivity and rapid adaptation [46]. The goal was to develop a framework for the better comprehension, execution and evaluation of the research, as well as to measure the impact on the organization.
To reach this objective, a design science research methodology (DSRM) seemed to be the right option, as it attempts to develop and acquire information that brings effectiveness into a real-world context, as displayed in Figure 1. The DSR approach consists of the following three elements: conceptual principles, practical rules and procedures to perform and conduct research [47]. Hence, the goal of this research was to try to increase the efficiency of the organization. The principles followed are described in Table 3. As the principles themselves were not considered sufficient to justify the applicability and value in the design science, the DSR guidelines proposed by Hevner et al., 2004 [46], as shown in Table 3, were used. The Table 4 presents the DSR guidelines. Table 3. DSR Principles.

Abstraction
This research consisted of the creation of a BDN for SIT, in order to give a better understanding of the benefits organizations can derive from SIT adoption. Originality The proposed artifact was not in the body of knowledge (BoK).

Justification
The justification was based on the methods proposed for its evaluation. Qualitative interviews were conducted with the executive team members, managers and team leaders of the proposed artifact, and with this contribution it was possible to add value to the artifact. A BDN that displayed possible benefits of SIT adoption and that allowed decision makers to Hence, the goal of this research was to try to increase the efficiency of the organization. The principles followed are described in Table 3. As the principles themselves were not considered sufficient to justify the applicability and value in the design science, the DSR guidelines proposed by Hevner et al., 2004 [46], as shown in Table 3, were used. The Table 4 presents the DSR guidelines.
A questionnaire was conducted in the evaluation step of the proposals, the questions are presented in Table 5. Through these, it was possible to enlighten the interviewees about the definition of SIT and BDN first and, then, to inform them about the concept of BDN, before asking for their opinions on the suggested BDN and on what changes they would suggest.

DSR Principles Explanation
Abstraction This research consisted of the creation of a BDN for SIT, in order to give a better understanding of the benefits organizations can derive from SIT adoption.

Originality
The proposed artifact was not in the body of knowledge (BoK).

Justification
The justification was based on the methods proposed for its evaluation. Qualitative interviews were conducted with the executive team members, managers and team leaders of the proposed artifact, and with this contribution it was possible to add value to the artifact.

Benefit
A BDN that displayed possible benefits of SIT adoption and that allowed decision makers to obtain useful information-which would aid in the decision-making process and attempt to improve the performance of the organization-was developed. Table 4. DSR Guidelines.

Guideline 1: Design as an Artifact
The artifact proposed by the research was a BDN for SIT adoption.

Guideline 2: Problem Relevance
Need to have a BDN to help analyze the benefits of SIT adoption for an organization.

Guideline 3: Design Evaluation
Semi-structured interviews, evaluated and suggested by interviewees who are in charge of decision making.

Guideline 4: Research Contribution
A new artifact, not present in the body of knowledge.

Guideline 5: Research Rigor
The main principles, practices and procedures of SLR and DSR were adopted to increase the credibility of the artifact and the consequent contribution of the research.

Guideline 6: Design as a Search Process
The result obtained was the departure from the unknown. A combination of good practices and relevant guidelines for prototype development.

Guideline 7: Communication of Research
The submission of the article to a journal/conference with high credibility and respect in the scientific community.

Design and Development
As we aimed to design, build and evaluate the BDN, the DSR was the appropriate choice, as it seeks to extend the boundaries of human and social capabilities by creating new and innovative artifacts. To improve the access to our research question on the benefits of SIT adoption, a questionnaire was designed to better help us validate and strengthen our proposed BDN, which was conducted in a growing north American Fintech company, which, for confidentiality reasons, will be called ReaLife. A case method fitted this study, since it allowed the exploration of the benefits of SIT adoption in a real-world context and through theory.
The Fintech industry, in particular, was selected due to the need to reduce risks and to maximize the potential of SIT in an environment that is highly regulated, extremely competitive and innovative. There is a need for growing Fintech companies to stay in pace with the ever-growing demands of their clients and technological advances, as more and more people are starting to rely on these solutions to reach their financial goals. ReaLife was created in the early 2000s and quickly gained notoriety in the north American market, with its strong tradition of providing platforms and solutions for their clients to manage their fees, statements, financial reports and investments. The company is currently going through an expansion, as they plan to enter the European market by buying an alreadyestablished European Fintech, merging both companies into one. This process, so far, has exposed the huge differences in how the business is handled differently on both continents, as there is a feeling that European policies are stricter and more demanding than the ones existing in north America. The merging process is supposed to take over a year, and many gaps have already been identified in the company's infrastructure and in its system's integrity when it comes to outside resources that will put the company's information and data at serious risk if it is not handled properly.
Data were collected from interviews and observations. As shown in Table 6, we conducted 15 semi-structured interviews, which took place over a two-week period, between October and November 2021. Experts, who were mostly from the IT units of both the European and north American sides of the company, were consulted. Their roles included the COO, team leaders, heads of department, senior analysts, development leads, system architects and solutions analysts. The interviewees' professional IT experience ranged from 5 to 30 years, and the interviews lasted anywhere between 30 and 45 min. All the interviews were recorded and stored in a case database.
The first step of each interview was to present the definitions of SIT and BDN, and also the five concepts of BDN. Thereafter, the proposed BDN was shown, and the interviewee was asked for their input on the outputs shown on the BDN, e.g., which would they want to add? How would they interconnect (Appendix A)?
We followed the recommendations of the authors of [48], related to the interviews and the qualitative research enriching the experts' viewpoints about a topic, adding valuable information. This approach allowed us to obtain important aspects that we had not been able to identify through our research and that were also useful in helping us validate our BDN. It was also important to form an idea of what the interviewees' personal experiences with SIT were for the purpose of better understanding how much impact it makes and how big of an issue it really is in the workplace.
Furthermore, we made sure that the interviewees had early access to the definitions, the BDN and the questions to allow them to understand what the topic of the questionnaire would be, and, also, to allow us to clarify any questions they might have had on the subject prior to the interview. Our interviewees' credibility was additionally confirmed by asking them for specific examples of when they had directly come face-to-face with SIT.

First Design Science Iteration
Some of the literature provided contradictory findings about SIT, and, while it is generally associated with risks, it is also argued that it could be beneficial to companies [14]. Most benefits were related to increased creativity, innovation and improved business performance by helping users to interact with systems that meet their particular needs by working around the limitations of existing information systems or processes in an organization [15]. It supports users to increase their performance and is innovative and flexible [16]. SIT can be a source of creativity and innovation [7]. The use of SIT boosts employees' productivity and enables faster and better collaboration and communication [17], as it helps the circulation of information more instantaneously, in a way that is faster, and more agile, dynamic and practical, all without the need of formal permission [12].
Some of the benefits that are connected with the use of SIT are related to the creativity surrounding the systems-the perceived innovativeness of the systems and the stability and order brought about by the system [9]. This translates into an elevated level of motivation by the employees, which also raises productivity. If employees feel as though they are using the correct tools for their tasks, then they will be more likely to perform at the desired levels. Applications such as Skype, Facebook video calling and Google Talk are the main ones being used by co-workers to collaborate and communicate at work. There is a clear tendency among employees to use mainstream apps, as they are better known, easier to use, have a friendly interface and most of their issues and bugs are well documented on the internet. All these factors contribute to the adoption of SIT as a way to both facilitate tasks and improve performance, with some estimates finding that shadow systems account for more than 80% of the IT systems deployed by the end-users [9], as they can be very efficient and effective when used in place of the formal and standard systems already present [19].
Enterprise architecture (EA) can also benefit from SIT when planned accordingly and can have a significant impact if addressed from the correct point of view [32], as follows: • Current: SIT can beneficially be included to obtain a better global image of inventory and processes. • Change: overlooked SIT systems can have a serious impact on the success and outcome of changes, existing SIT systems can be converted or included in official EA and users can respond to poorly aligned EA by making SIT systems.
• Future: several studies suggest that the successful organizations of the future will be the ones that will create opportunities for SIT systems and reduce central control over IT.
Engaging users in system development will eventually lead to fast adaptations to market changes, with the maximum insight and minimum cost, by creating local engagement, rapid adaptation and inexpensive innovation. This will make SIT too good to pass on, so organizations will eventually have to address it or risk allowing more non-regulated and non-controlled development of systems in order to keep pace with market-driven and rapid innovation requirements [32]. All this gathered information (Table 7) allowed us to create a BDN model that was oriented to SIT adoption, as shown in Figure 1, which was used as a reference to validate this research's theory. Author Concept [20] Creativity surrounding the systems, the perceived innovativeness of the systems and the stability and order brought about by the system. [4] Enhances the employees' freedom and boosts their effectiveness.
[19] Very efficient and effective when used in place of the formal and standard systems already present.
[17] Boosts productivity and enables faster and better collaboration and communication.
Instantaneous, agile, fast, dynamic, immediate, practical and speedy nature of the information.
[16] Supports users to increase performance and is innovative and flexible.
[13] Increased employee responsiveness and decision-making speed. [12] Helps the circulation of information to be more instantaneous, agile, fast, dynamic and practical, all without the need of formal permission.
[7] Source of creativity and innovation.
For the interview process and to help us to better understand and visualize all contributions, a color scheme was selected according to the input received from the intervieweesany new addition would be represented by the color green, any removal would be represented by the color red and any change to a currently existing field would be represented by the color yellow.
In order to validate the contributions and to avoid having artifacts with no correlation whatsoever, after the interviewees gave their opinions on the proposed BDN, they were also asked if they agreed with the input provided by their peers. We assumed that whenever a change was confirmed by more than three people, it would be considered valid and, therefore, would be added to the final artifact. Figure 2 presents the proposed BDN for SIT adoption.
One of the interviewees suggested only one change, so we considered that contribution invalid. Our first interview was with a project manager (PM), who had over 20 years of experience in IT. They agreed with the proposed BDN, but suggested the following, as displayed in Figure 3: adding "update IT policies" to the enabling changes column; adding "increased productivity and efficiency" to the investment objectives; merging the fields "analysis of data"-which could not be analyzed previously-and "evidence-based action"; removing "improve business processes" from the investment objectives column; and removing "prevent fraud" from the investment objectives column.

Second Iteration
The second interview was with a solutions analyst, with over 15 years of experience in client success, while working mostly in the communications industry. Their suggestions were as follows: "review system performance" should be an IT enabler, as it is one of the first steps taken before implementing new solutions-it is a verification process; and "setup of new data sources"-in business changes-should be linked to "create new data policies" and "define new processes", as they are all related to implementation.

Third Iteration
This interview was with a team leader, with over 20 years of experience in IT consulting and business management. Their recommendations were as follows: adding "network infrastructure" as an enabling change; add "process automation" as an enabling change; "evidence-based action taking", "refinement of business processes" and "identification of flawed processes" should be linked to increased customer retention rate; the identification of flawed processes should be linked to "improved delivery times"; replace the "refinement of business processes" with "improved business processes"; adding environmental social governance (ESG) as an investment objective, linked to "improved business processes"; add "data analysis" as a business change, linked to the "identification of hidden patterns in data" and the "refinement of business processes"; replacing "data governance sources" with "apply data governance"; link "data quality", as a business benefit, to "setup of new data sources" and "apply data governance"; replace "identification of new opportunities" with "creation of new opportunities"; and replace "review system performance" with "overall system interaction".
Informatics 2022, 9, x 11 of 23 [20] Creativity surrounding the systems, the perceived innovativeness of the systems and the stability and order brought about by the system. [4] Enhances the employees' freedom and boosts their effectiveness. [19] Very efficient and effective when used in place of the formal and standard systems already present. [49] Important source of innovation. [17] Boosts productivity and enables faster and better collaboration and communication.
Instantaneous, agile, fast, dynamic, immediate, practical and speedy nature of the information. [5] Efficient and effective. [16] Supports users to increase performance and is innovative and flexible. [15] Creativity, innovation and improved business performance. [14] Beneficial to companies. [13] Increased employee responsiveness and decision-making speed. [12] Helps the circulation of information to be more instantaneous, agile, fast, dynamic and practical, all without the need of formal permission. [7] Source of creativity and innovation.  One of the interviewees suggested only one change, so we considered that contribution invalid. Our first interview was with a project manager (PM), who had over 20 years of experience in IT. They agreed with the proposed BDN, but suggested the following, as displayed in Figure 3: adding "update IT policies" to the enabling changes column; adding "increased productivity and efficiency" to the investment objectives; merging the action"; removing "improve business processes" from the investment objectives column; and removing "prevent fraud" from the investment objectives column.

Second Iteration
The second interview was with a solutions analyst, with over 15 years of experience in client success, while working mostly in the communications industry. Their suggestions were as follows: "review system performance" should be an IT enabler, as it is one of the first steps taken before implementing new solutions-it is a verification process; and "setup of new data sources"-in business changes-should be linked to "create new data policies" and "define new processes", as they are all related to implementation.

Third Iteration
This interview was with a team leader, with over 20 years of experience in IT consulting and business management. Their recommendations were as follows: adding "network infrastructure" as an enabling change; add "process automation" as an enabling change; "evidence-based action taking", "refinement of business processes" and "identification of flawed processes" should be linked to increased customer retention rate; the identification of flawed processes should be linked to "improved delivery times"; replace the "refinement of business processes" with "improved business processes"; adding environmental social governance (ESG) as an investment objective, linked to "improved

Fourth Iteration
The interviewee had eleven years of experience in IT and currently works as a head of IT operations. Regarding the suggested BDN, they recommended the following: adding "risk assessment and compliance" to the IT enablers column; adding "implementation of new IT policies" to the enabling changes column, and connecting it to the latter; merging "define new processes" with "create new data policies"; merging "refinement of business processes" and "identification of flawed processes"-from the business benefits column-with "improve business processes"-which would go from the investment objective column, into the business benefits column; and add "improved process visibility" as an investment objective-to be linked to improving business processes.

Fifth Iteration
The interviewee had over 30 years of experience in IT and currently works as a PM, they were familiar with SIT. While analyzing the proposed BDN, they suggested the following: adding "setup of backups" to the enabling changes column-to be linked with IT enabler system availability; adding "non-IT enablers" and "business understanding" to the IT enablers column; adding "IT support" and "setup of backups" to the enabling changes column; and adding "organizational control" as a business benefit.

Sixth Iteration
Our interviewee had over five years of experience in the IT field and currently works as a PM. They started by mentioning that all fields presented in the BDN were valid, but they also had some suggestions, such as the following: renaming "identification of new business models" as "business model innovation (BMI)"; linking "identification of new opportunities" with "identification of hidden patterns in data" and "identification of new business models"; linking "data quality" with "identification of hidden patterns in data"; and linking "identification of new business models" with "increase revenue" and "increase customer retention rate".

Seventh Iteration
Currently a team leader, with over 12 years of experience, this interviewee was very familiar with SIT, including experiencing it firsthand as an in-house developed tool, which went all the way to being accepted and utilized by the whole company, even though it was a lengthy process. Upon analyzing the proposed BDN, they suggested the following, as demonstrated in this step.: adding "reduced turnaround times" as a business benefit; adding "improved efficiency" as an investment objective; adding "adjustment of existing business processes" to the business changes column; linking "adjustment of existing business processes" to the setup of new training programs; and linking "define new processes" with "integration between various tools".

Eighth Iteration
This interviewee currently works as head of IT Security and oversees all company operations, being very familiar with SIT and its consequences for users and for the company. When discussing the proposed BDN, they suggested the following, as shown: removing "refinement of business processes", as it is not a business benefit and replacing it with "improve business processes"; removing "prevent fraud" from the investment objectives; adding "efficiency", "innovation", "organizational sustainability" and ESG as investment objectives; adding "attract and retain talent" to the business benefits and linking it to "organizational structure change" and the "identification of new opportunities"; replacing "network infrastructure" with "IT infrastructure"; merging "review system performance" with "review current technology"; linking "review current technology" with "setup new data sources", "new risk management procedures", "data governance sources" and "identification of new opportunities".

Design Iteration
With over 23 years of experience as a network architect and systems administrator, this interviewee claimed to have some knowledge on SIT and its impact on organizations. As displayed in this step, their suggestions were as follows: moving "improve business processes" from the investment objectives column, into the business benefits column and have it replace "refinement of business processes"; linking "improved business processes" with "improve delivery times"; adding "innovation" and "organizational sustainability" to the investment objectives and linking them with "improved business processes" and "gain competitive advantage"; replacing "network infrastructure" with "IT infrastructure"; merging "review system performance" and "review current technology" with the latter; linking "review system performance" with "identification of new opportunities", "new risk management" and "data governance sources"; and add "new communication channels" and link it with "improve business processes" and "identification of hidden patterns in data".

Tenth Iteration
Currently part of the executive team, this interviewee had vast experience in IT management and was very much aware of the existence of SIT and its negatives. When reviewing the proposed BDN, they suggested the following: replacing "refinement of business processes" and "identification of flawed processes" with "improve business processes"; adding ESG as an investment objective; linking "review system performance" with "data governance sources" and "data quality"; linking "review current technology" with "identification of new opportunities", "new risk management procedures", "data governance sources" and "data quality"; adding "review of systems landscape" and putting it in place of "review current technology"; replacing "network infrastructure" with "IT infrastructure"; adding "system scalability" as an enabling change and linking it with IT infrastructure; and replacing "prevent fraud" with "regulatory compliance".

Eleventh Iteration
This interviewee had vast experience in the IT field and currently works as the head of IT services. They were not very familiar with the specific terms of SIT, but admitted that it is something that they use multiple times. Their suggestions for the proposed BDN were as follows: adding "improve net promoter score (NPS)" to the investment objectives; moving "analysis of data that could not be analyzed previously" to the business changes and replace it with "providing better support and information"; replacing "refinement of business processes" with "improve business processes"; moving "improve delivery time" to the business benefits column; adding "ESG" as an investment objective; replacing "network infrastructure" with "IT infrastructure"; adding "review new technology and performance"-by moving "review system performance" to enabling changes and connecting it with "identification of new opportunities", "new risk management procedures" and "new communication channels"; and merging "evidence-based action taking" and "understanding the impact of previous decisions" to the latter.

Twelfth Iteration
This interviewee was familiar with SIT, however, they were not aware that it was widely seen as a risk, since their experience with it had been positive, so far. Upon discussion, after taking a look at the proposed BDN, they suggested the following: replacing the investment objectives column with ROI (return of investment); moving "improve business processes" to business changes and linking it to "refinement of business processes"; replacing "prevent fraud" with "mitigation of risks and security"; adding ESG to ROI and linking it to "evidence-based action taking"; and replacing "network infrastructure" with "IT infrastructure".

Thirteenth Iteration
The interviewee had vast experience in IT strategy, and, despite the fact that they were not familiar with SIT, they were very familiar with the BDN concepts. The suggestions made by them were as follows: reducing the number of investment objectives by prioritizing (preferably into three); removing "improve business processes" and "prevent fraud" from the investment objectives; adding "accelerate turnaround time" to the business changes; adding "transformation" to the business benefits and linking it with "accelerate turnaround times"; adding "mitigate risks" as a business benefit and linking it with "new risk management procedures"; linking "mitigate risks", "increased customer retention rate" and "gain competitive advantage"; linking "transformation" with "gain competitive advantage"; and linking "transformation" with "setup of new data sources" and "organizational structure change".

Fourteenth Iteration
With vast experience in IT management, this interviewee was familiar with the concepts of SIT. After a brief explanation they suggested the following: adding ESG as an investment objective; replacing "network infrastructure" with "IT infrastructure"; and making "improve business processes" a business benefit.

Data Saturation
For this particular situation, data saturation was observed to help determine the state of the artifact and to prepare it for the evaluation phase. During the qualitative research, the purpose was to understand when the data gathered were unnecessary, based on what had already been gathered and analyzed. The reason for the use of data saturation was due to a particular observation being repeated or similar comments seeming to be repeated, and, after 15 interviews [50,51] we had to stop because no new insights were added (Table 8).

Findings-Final Artifact
All the information was carefully analyzed based on the feedback received from our interviewees, and it was decided that, in order to validate a change or suggestion, it would have to be confirmed at least by three separate interviewees. As seen in Figure 4, new fields that were added to the BDN included the following: ESG was added as an investment objective; "network infrastructure" was replaced with "IT infrastructure" in the IT enablers; "evidence-based action taking" and "understanding the impact of previous decisions" were merged into the latter; "improve business processes" was removed from the investment objectives and placed as a business benefit, and "identification of flawed processes" and "refinement of business processes" was merged into it; "prevent fraud" was removed; and "review system performance" was merged with "review system performance" in the latter.
This section may be divided by subheadings. It should provide a concise and precise description of the experimental results and their interpretation, as well as the experimental conclusions that can be drawn. This section may be divided by subheadings. It should provide a concise and precise description of the experimental results and their interpretation, as well as the experimental conclusions that can be drawn.

Discussion
SIT is a socio-technical phenomenon [21], and whether it is good, bad or even neutral is not clear yet, as opinions diverge on what really happens in organizations, on how to handle it or if it is even worth the risk, as many times, in practice, the situation is often more complicated [12]. Aspects such as company data safety being more important than employee satisfaction or productivity, and profit being the main focus no matter the downside make the behavioral consequences of utilizing shadow IT ambiguous [37], as employees justify their use on the grounds of better productivity; however, on the other

Discussion
SIT is a socio-technical phenomenon [21], and whether it is good, bad or even neutral is not clear yet, as opinions diverge on what really happens in organizations, on how to handle it or if it is even worth the risk, as many times, in practice, the situation is often more complicated [12]. Aspects such as company data safety being more important than employee satisfaction or productivity, and profit being the main focus no matter the downside make the behavioral consequences of utilizing shadow IT ambiguous [37], as employees justify their use on the grounds of better productivity; however, on the other hand, management and IT departments spend a lot of time, effort and capital to ensure that the company system stays up-to-date and protected. There is no clear solution for this dilemma, as both sides have very valid reasons for why they are doing what they are doing, and the differences are sometimes abysmal, with multiple companies finding it difficult and often impossible to fill this gap on their own [23]. Often, organizations find themselves in an area of conflict, as IT integration might eliminate the benefits that SIT offers [21].
There is a need to try to find common ground, one where IT departments and employees are on the same page and where both work together towards productivity and dynamism. There is a need for consensus when it comes to SIT because it is not going away, but quite the opposite, there is an increase in its use as big tech companies focus more and more on the cloud and cloud-based services, which are interactive and friendly to the user-even the management use these solutions-which further strengthens the usage of SIT [23]. This is something that IT departments and management can use to improve the corporate IT landscape accordingly, which may have a positive impact on a company's progress. To summarize, SIT exists alongside formal enterprise systems and either complements, expands or supplements them [21].
Despite all the initiatives promoted by companies and IT departments, the rate at which employees still use SIT solutions for their daily tasks is a major concern for companies [12]. This explains how a lot of management still looks at this reality, as most of the time they see it as a risk, dangerous for system integrity and for the normal functioning of the company. SIT can be used by one individual or by a group of employees, which suggests two levels of use: individual and collective use [36]. More often than not, SIT is looked at as a liability, and this sometimes incites employees to use it, even though it is unapproved. Using SIT gives a sense of rebellion, and, at the same time, as it helps with tasks and to fulfill professional needs, employees look at it as a win-win situation. There needs to be further research in order to understand how it can be dealt with, so both the management and employees can benefit from this situation, diminish the gap between them and help companies to prosper. As it has been stated many times, SIT is only growing, so it has to be dealt with, instead of being abolished or banned. One of the main issues is that these shadow solutions and devices leave no blueprints behind, making it extremely difficult to assess their actual risk [19]-it undermines both the main system of a company and causes damages to organizational processes and information. There is still a lack of knowledge, so not many organizations are taking risks and would rather avoid SIT instead of considering embracing it. Often, organizations can solve these inefficiencies by converting SIT into business-managed IT [21].
Additionally, the fact that employees depend on their own knowledge and experience to address their daily tasks in a way they feel best fits their needs, while believing that the delivery of results will surpass the consequences of using SIT [9], is one of the biggest reasons why it is spreading so fast. Often, employees view IT departments as holding them back and not as an entity that can help, as some in-house built solutions are not as interactive or user friendly as some of the solutions being used in the "shadow". Even when the in-house solutions meet the employees' needs, issues such as bugs, FAQs and updates will still exist. As most employees still rely on the IT department to help resolve these issues, when they cannot access that help right away, they will resort back to the solutions they know best, so companies and their data then face the same risks and liabilities when it comes to SIT. Communication and politics play a role in all of this, as they play a critical part in the overall success of SIT and the organization, in general. Disagreements between departments or a lack of communication between the staff can all lead to a company failing to implement possible solutions to SIT. Some believe that the reason for this is because of social factors-for instance, the social presence-have a profound influence on the ways in which individuals perceive and use this technology [12].
The challenge for CIOs and IT departments is to identify the employee needs that are being filled by these solutions, and to find a way to adapt their company's policy so that they can be used without risk to employees or to the company itself. Being strict should not be a solution anymore as, eventually, employees find a way around the implemented systems and measures-especially against integrating systems, resistance to change or technical incompatibility [21]. Part of the solution must be understanding SIT fully in order to embrace it and adapt to it, instead of treating it as a liability. SIT requires not to be treated as the problem, but as part of the solution. In this respect, the research suggests that this is almost non-existent, even though some researchers already chose to see the positives in it and the positive outcomes it might bring for organizations when properly embraced.
Thereby, the occurrence of SIT is a phenomenon that has been insufficiently explored on one hand, and, on the other hand, one that is often misinterpreted [8]. This is a big reason why this subject deserves more attention from both organizations and the scientific world.
Regarding enterprise mobility today, BYOD is one of the most dangerous sources of shadow IT. Using a personal device for work always implies system interaction with unlicensed software, unwanted applications and possible malware.
However, the results of this study show that shadow IT can have a positive or a negative impact, depending on the organization. In the present study, the organization was a Fintech, and the context in which the company operates due to its culture of freedom to use different devices and to work with personal devices has benefits.

Conclusions
There is not a considerable amount of research currently being conducted at an individual level when it comes to the benefits of SIT and the reasons behind why employees choose to or do not choose to embrace it, and to what organizations should do about this ever-growing phenomenon. While the literature on SIT has increased over the last two years, the current knowledge is still severely limited. Past studies have put more focus on the consequences and the governance side of SIT in an organizational context, shedding no light on the antecedents, precedents, reasons and motivations behind the use of SIT adoption at multiple levels within organizations. This creates a big gap in understanding what works and what does not, or of what are the benefits and the risks when it comes to approaching the existence of SIT in organizations.
As SIT studies within an innovational context are also limited, in this research we wanted to bring attention to the world of possibilities and solutions that it has to offer and to their motivations and benefits, to give a better understanding of this phenomenon. We identified that most opinions about SIT were neutral or focused on its negative impact, instead of analyzing the potential and intangibles that it has. There is a rising need for organizations and IT departments, worldwide, to adapt to new trends and advances in IT, especially one that has the ability to motivate and improve productivity and creativity within their ranks.
Organizational focus should be on how to integrate, incorporate, explain, understand and encourage SIT in order to unleash employees' potential and to improve their production and their ability to deliver, instead of ignoring or fighting against its growth. This is what we wanted to achieve with this research, by shedding a light on the benefits of SIT in order to allow a clear analysis of what SIT is about and what it entails.
There are still some academics and IT professionals who believe that SIT is "undesirable" due to its risks, although more recent studies have stated that SIT "may be just what an organization needs". In times of constant change and digital transformation, organizations need to have agile procedures to support facts and proper adaptation. However, without a minimum of control, such solutions can be disastrous.
There will continue to be contradicting opinions when it comes to a topic such as SIT, but in a world that is constantly evolving, it is important that organizations and management have in mind that not everything that is new or unknown will bring more harm than good. The focus must be to maximize its potential in order to achieve success, and sometimes, on taking calculated risks because, even though SIT has its negatives, the benefits of SIT adoption are numerous and there will still be a need for end-users to complete their jobs.
This study was limited by the interviews only being made in one company and by the fact that many people of interest were not available for an interview. Any future work with a bigger and broader focus in doing more interviews should be encouraged. Therefore, this research concludes that there is a lot of potential and an upside to SIT adoption. In order to reach its benefits, there needs to be knowledge on what the system landscape of the company entails and a clear understanding of what the investment objectives are, as that is the starting point whenever taking a BDN approach in considering SIT adoption.

Limitations and Future Research
This research had some limitations. Firstly, the collected data were limited to one firm. Secondly, regarding the method used for data collection, in which in-depth interviews were adopted-other methods, such as a Delphi survey, could also be useful for this context. A longitudinal case study would also be interesting to analyze over a longer time-period, as well as in other types of industries. Further in-depth studies are also necessary to strengthen the outcomes for each benefit.