Abstract
it is common to encounter formations of IT processes that locate in and are operated by business units, outside of IT units’ control, so called shadow IT. Although it has several advantages, it also brings us a grey area that needs to be controlled properly. Otherwise, it can lead to high risks, financial and reputational losses. In this paper, we present the development of an IT governance and management system including an accompanying control approach for shadow IT in Kuveyt Turk Participation Bank based on the two main projects experienced by the bank. After defining shadow IT for the bank, we deliver the problem with a risk aspect, then, elaborate on selected control approach with its reasoning, convey establishment of related governance model and processes and finally discuss on the topic with general terms, to further give insights to organizations in the similar context. Controlling shadow IT has largely been under-emphasized so far in the literature, especially for the finance sector. Hopefully, this study sheds light on both practitioners and researchers by filling this gap, a bit.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
