association for information systems ais electronic library
Post on 18-Oct-2021
2 Views
Preview:
TRANSCRIPT
Association for Information Systems Association for Information Systems
AIS Electronic Library (AISeL) AIS Electronic Library (AISeL)
Research Papers ECIS 2020 Proceedings
6-15-2020
How Control Configurations and Enactments Shape Legitimacy How Control Configurations and Enactments Shape Legitimacy
Perceptions and Compliance Intentions in IS Development Perceptions and Compliance Intentions in IS Development
Projects Projects
Roman Johann Walser Institute for Information Management and Control, roman.walser@wu.ac.at
W. Alec Cram University of Waterloo, wacram@uwaterloo.ca
Edward Bernroider WU Vienna University of Economics and Business, edward.bernroider@wu.ac.at
Martin Wiener TU Dresden, martin.wiener@tu-dresden.de
Follow this and additional works at: https://aisel.aisnet.org/ecis2020_rp
Recommended Citation Recommended Citation Walser, Roman Johann; Cram, W. Alec; Bernroider, Edward; and Wiener, Martin, "How Control Configurations and Enactments Shape Legitimacy Perceptions and Compliance Intentions in IS Development Projects" (2020). Research Papers. 151. https://aisel.aisnet.org/ecis2020_rp/151
This material is brought to you by the ECIS 2020 Proceedings at AIS Electronic Library (AISeL). It has been accepted for inclusion in Research Papers by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact elibrary@aisnet.org.
Walser et al. /ISD Control Legitimacy and Compliance
. 1
HOW CONTROL CONFIGURATIONS AND ENACTMENTS
SHAPE LEGITIMACY PERCEPTIONS AND COMPLIANCE
INTENTIONS IN IS DEVELOPMENT PROJECTS
Research paper
Walser, Roman, Vienna University of Economics and Business, Vienna, Austria,
roman.walser@wu.ac.at
Cram, Alec, University of Waterloo, Waterloo, Canada, wacram@uwaterloo.ca
Bernroider, Edward, Vienna University of Economics and Business, Vienna, Austria,
edward.bernroider@wu.ac.at
Wiener, Martin, Technische Universität Dresden, Dresden, Germany,
martin.wiener@tu-dresden.de
Abstract
Managers choose and implement controls to promote employee behavior that contributes to IS devel-
opment (ISD) project success. Still, ISD project failure rates remain high, suggesting that project con-
trols employed are often not effective. In this regard, existing IS project control research commonly
considers how managers configure controls (in terms of control modes and degree) and enact them
(control style), whereas the role of employees’ perceptions of the legitimacy of enacted controls re-
mains largely neglected. To address this shortcoming, we conducted a vignette study with 232 partici-
pants to quantitatively test a set of hypotheses on how different control modes, degrees, and styles im-
pact employees’ legitimacy perceptions, and ultimately their compliance intentions. Our analysis re-
veals a significant impact of all three control dimensions on legitimacy perceptions. Moreover, we
identify a positive link between legitimacy perceptions and compliance intentions. To increase control
effectiveness, our results thus suggest that managers should choose and implement ISD controls in a
way that employees perceive as being just and providing them with autonomy.
Keywords: IS project control, Control configuration and enactment, Legitimacy perceptions, Compli-
ance intentions.
1 Introduction
The concept of control has been extensively studied within the context of information systems (IS)
projects, as a means to aid managers in limiting risk and improving performance (Cram et al. 2016;
Wiener et al. 2016; McAvoy and Butler 2009). Within this body of research, control is defined as any
attempt to ensure that employees act in a manner that is consistent with organizational objectives
(Choudhury and Sabherwal 2003; Henderson and Lee 1992; Kirsch 1997). However, despite extensive
controls that are often enacted by managers to guide employee behavior, IS projects still fail at an
alarming rate (Dwivedi et al. 2015; Hughes et al. 2017), leaving both researchers and practitioners
puzzled about the root causes for the chronically high failure rate. As a result, the exercise of effective
controls continues to be a top concern for Chief Information Officers (Kappelman et al. 2019).
Past research on IS control historically builds on the concept of control modes (behavior, outcome,
clan, self) (e.g. Kirsch 1996, 1997). More recently, additional conceptualizations of control activities
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 2
have been examined, including control degree (Gregory et al. 2013) and control style (Wiener et al.
2016). These supplementary control concepts aid in clarifying the motivations of managers to choose
particular control configurations and how they go about enacting them in practice. Indeed, the majority
of IS control literature to date has been oriented around the perspective of the controller, in terms of
why managers decide to choose particular types of controls over others and how the choices drive or-
ganizational performance (Cram et al. 2016). However, as pointed out by recent commentators, such
as Cram and Wiener (2018), this approach ignores the perspective of the controllee and the impact that
IS controls have on socio-emotional aspects. Although managers may be selecting controls that they
feel are in the best interest of an IS project, they may in fact be deteriorating the morale and enthusi-
asm of the project team, which in turn contributes to poor performance. For example, one recent study
finds that controllees may demonstrate resistance behaviors associated with negative emotions caused
by shifts in a manager’s control style (Murungi et al. 2019).
A key concept that captures the perspective of the controllee is control legitimacy, which draws on
institutional theory to refer to the perception by subordinates that controls used within an organiza-
tional setting are appropriate, proper, and just (e.g. Bijlsma-Frankema and Costa 2010; Suchman 1995;
Tyler 2006). In general, past research outside of IS suggests that positive perceptions of legitimacy are
associated with adherence to organizational guidelines (Tyler and Blader 2005; Tyler et al. 2007),
while negative legitimacy perceptions are associated with reduced employee commitment (Schnedler
and Vadovic 2011; Workman 2009). From an IS project perspective, a recent qualitative study high-
lighted some initial links between control choices and control legitimacy (Cram and Wiener 2018), but
stopped short of establishing a clear link between legitimacy perceptions and employee compliance
with controls, or control effectiveness.
Against this backdrop, recent studies emphasize the continued need to increasingly clarify the role of
control legitimacy in organizational settings (Cardinal et al. 2017; Cram and Wiener 2018; Cram et al.
2017). The study at hand seeks to do so by examining the relationships between different configura-
tions and enactments of IS project controls (in terms of mode, degree, and style) and employees’ per-
ceptions of control legitimacy, as well as their intention to comply with those controls. In particular,
we pose two research questions: First, how do IS control choices by managers relate to employee per-
ceptions of control legitimacy? Second, to what extent do employee perceptions of control legitimacy
relate to compliance with IS controls? In order to address these questions, we conducted a vignette-
based survey of 232 United States-based participants with experience in IS development projects.
Two key contributions stem from this study. First, we extend the initial, qualitative inquiry of Cram
and Wiener (2018) by undertaking a larger-scale, quantitative examination of the control constructs
associated with control legitimacy. Second, we empirically examine the relationship between employ-
ee perceptions of control legitimacy with employee intentions to comply with IS controls. This rela-
tionship is of particular relevance to managers who wish to improve the compliance with their project
controls in an effort to prevent project failures.
This study is structured as follows. First, we introduce focal study concepts and develop the research
model and hypotheses. Next, we describe our methodology and present the analysis results. We con-
clude by discussing the study’s findings and contributions, including opportunities for future research.
2 Theoretical Background
Past research on control within IS projects primarily focuses on three complementary concepts: con-
trol modes, control degrees, and control styles. All three concepts are oriented around different aspects
of the control practices used by managers (controllers) in an attempt to ensure that employees (control-
lees) act in a manner that is consistent with organizational objectives. Refer to Table 1 for details on
each control concept.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 3
2.1 Conceptualizations of IS Control Activities
The study of control modes has the most extensive history in the IS control literature and is framed
around four core dimensions: behavior, output, clan, and self-control (Kirsch 1996, 1997). Fundamen-
tally, control modes examine ‘what’ controls are being enacted by a controller (Remus et al. 2015;
Wiener et al. 2016). Behavior control and output control are commonly grouped together as formal
controls, while clan control and self-control represent informal controls (Kirsch 1997).
A more recent control concept that has emerged within the literature is control degree, which considers
the quantity and intensity of controls in place (Gregory et al. 2013). In this context, a small number of
low-intensity controls represent a relaxed degree, whereas a large number of high-intensity controls
would represent a tight degree.
Finally, a third control concept is control style, which considers how controls are enacted by a supervi-
sor. Two dimensions of control style have been identified in the literature. A unilateral style (also re-
ferred to as an authoritative style) describes a top-down management approach where the controllee
has little influence on the design or implementation of the controls. Under a unilateral style, there is
little room for deviation in how the controls are designed and assessed. In contrast, a bilateral style
(also referred to as an enabling style) increasingly relies on controller-controllee feedback and control-
lees are provided with a rationale to aid in their understanding of enacted controls.
Concept Dimensions Definition Examples References
Control
modes
Behavior
control
A supervisor who oversees the
activities of subordinate employ-
ees.
A project manager requires a project
team to employ a waterfall develop-
ment methodology.
(Choudhury
and
Sabherwal
2003;
Kirsch
1996, 1997)
Output
control
A supervisor who monitors the
level of output of subordinate
employees.
A project manager requires each de-
veloper to complete the coding tasks
assigned to them each week.
Self-control Subordinate employees who are
granted autonomy by their man-
ager to make independent deci-
sions on their own activities.
A project manager permits each de-
veloper to independently determine
the extent of testing that is required
for the code they develop.
Clan control Subordinate employees engage
in social inter-actions with other
employees in order to develop
shared values and beliefs.
A project manager arranges for a
shared team lunch on a weekly basis
to build team spirit and shared per-
spectives.
Control
degrees
Relaxed A small number of low-intensity
controls are simultaneously in
place.
A project manager requires informal
updates from project team members
during the monthly status meeting.
(Gregory et
al. 2013)
Tight A large number of high-intensity
controls are simultaneously in
place
A project manager requires detailed,
daily memos on the status of a pro-
ject, alongside updated timing and
cost projections.
Control
styles
Unilateral
(Authorita-
tive)
Controllee behavior is influ-
enced through bureaucracy and
top-down commands.
A controller unilaterally decides that
an agile development methodology
will be employed on a project.
(Gregory et
al. 2013;
Heumann et
al. 2015;
Wiener et
al. 2016)
Bilateral
(Enabling)
Controllee behavior is influ-
enced through close and frequent
interaction between controller
and controllee.
A controller implements an agile
development methodology on a pro-
ject based on several discussions
with the development team members.
Table 1. Different conceptualizations of IS control activities: Control modes, degrees, styles
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 4
2.2 Control Legitimacy
The concept of legitimacy originates from institutional theory, which considers how norms and rou-
tines guide social behavior and order within organizations (Meyer and Rowan 1977). Legitimacy re-
fers to the perception that the actions of an authority are appropriate, proper, and just (Suchman 1995;
Tyler 2006). Past commentators have recognized the importance of legitimacy in exerting influence,
building trust, and convincing subordinates that a decision is ‘correct’ (Brenner and Ambos 2013).
When applied to the context of control, legitimacy infers that employees do not automatically assume
that controls implemented by their managers are always appropriate and just, but that employees make
judgements about a control based on their beliefs (Brenner and Ambos 2013). Bijlsma-Frankema and
Costa (2010) suggest that legitimacy stems from several sources, including perceptions of justice, au-
tonomy, group identification, and competence development. In this study, we focus our examination
of legitimacy on the elements of justice (i.e., a control is viewed as fair and reasonable) and autonomy
(i.e., a control is viewed as enabling independence and individuality), as they are most closely associ-
ated with the completion of IS projects and are most consistent with Tyler’s definition of legitimacy,
which is oriented around actions that are “appropriate, proper, and just” (Tyler 2006, p. 375).
2.3 Compliance with IS Controls
Although the IS control literature has intensively investigated the factors considered by managers in
selecting controls, as well as the characteristics of the controls themselves, there has been relatively
little focus on compliance with controls within an IS development project context (Cram et al. 2016).
Other areas of IS research, such as information security, have a much more extensive tradition of ex-
amining employee compliance with controls, which incorporate various theories including deterrence
theory, the theory of reasoned action, and protection motivation theory (Cram et al. 2017, 2019). For
example, Son et al. (2011) find a relationship between perceived legitimacy and employee compliance
with IS security policies. In the same vein, Bauer and Bernroider (2017) find that personal moral justi-
fication is related with IS security policy compliance and emphasize the importance of IS controls to
be perceived as reasonable and fair.
Despite the general lack of focus in the existing IS literature on compliance with project-related con-
trols, several past studies recognize the importance and relevance of the topic to managers. For exam-
ple, where controls are appropriately adhered to during a project, organizations recognize the attain-
ment of increases in efficiency, process compliance, and quality (Gopal and Gosain 2010; Jiang et al.
2004; Kulp et al. 2006). Because the achievement of these objectives is of key importance in facilitat-
ing a successful project, our study seeks to better understand how the choice of controls is related to
control legitimacy, and ultimately to the employee’s intention to comply with those controls. We out-
line our research model and related hypotheses in the next section.
3 Research Model and Hypotheses
Based on the three dominant IS control concepts (modes, degrees, styles), as well as the concepts of
control legitimacy and compliance with IS controls, we propose a set of hypotheses to be empirically
evaluated. Our research model is outlined in Figure 1.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 5
Figure 1. Research Model
3.1 Control Configurations/Enactments and Legitimacy Perceptions (RQ1)
Organizations typically implement a variety of controls to adjust their subordinates’ behavior (Kirsch
1997). To classify this variety of controls, researchers on IS control historically build on the concept of
control modes (behavior, outcome, clan, self) (e.g. Kirsch 1996, 1997). Previous research finds that
informal control, where authority is not formalized using a traditional bureaucratic hierarchy, is
viewed as more legitimate (Barker 1993; Cardinal et al. 2010). In the case of clan control, managers
use control mechanisms to promote the development of shared understandings and perspectives among
employees (Kirsch 1996, 1997). In doing so, the use of clan controls has the potential to enhance
communications and trust among team members, as well as reinforcing the social norms already in
place (Barker 1993; Eng et al. 2012; Kohli and Kettinger 2004). These norms play a key role in form-
ing a perception of legitimacy, where employees consider the extent that a control is fair and just
(Brenner and Ambos 2013). Successfully implemented clan control would typically result in a strong
sense of loyalty and commitment to the clan (O’Dwyer et al. 2013). Finally, self-controls allow em-
ployees to act more independently (Tiwana and Keil 2009), which can result in higher levels of em-
ployee satisfaction, motivation, and quality of work (Goldbach et al. 2018; Santana and Robey 1995).
Past research has provided preliminary insights into the relationship between control modes and con-
trol legitimacy. A study that has investigated this link in the IS literature is provided by Cram and
Wiener (2018), who conducted qualitative analysis using three cases. They find evidence of both high
and low control legitimacy with behavior controls and outcome controls, but no consistent relationship
emerged. However, in IS development practice, managers might often have the possibility to choose
controls among different control modes. To increase control legitimacy perceptions, it would be im-
portant for managers to know which control modes are perceived most legitimate. Our research model
supplements previous findings and introduces control legitimacy as an immediate outcome, which is
likely to act as mediator for compliant employee behavior (see H4). Thus, we hypothesize that:
H1: The use of informal (clan and self-) controls is associated with higher employee perceptions of
control legitimacy (in terms of justice and autonomy) in comparison to the use of formal (behavior and
outcome) controls.
Next, we consider the relationship between control degree (i.e., relaxed or tight) and control legitima-
cy. As Höffe (1995) observed in a political context, controls limit freedom of action, which is a disad-
vantage and thus requires legitimation. Taking this autonomy-limiting characteristic of control into
consideration, implementing control in a tight way in IS development would ask for even more legiti-
mation in order to avoid resistance behavior of subordinates or bypassing attempts. In a similar vein,
Gregory et al. (2013) position the use of a relaxed control degree as an approach that requires a high
level of controller-controllee trust and understanding. Within a IS development context, case study
findings by Cram and Wiener (2018) suggest that in situations where control degrees are tight, em-
ployees find controls less legitimate in comparison with situations operating on relaxed degree con-
trols. Their findings are more conclusive in terms of justice in relation to autonomy. Taken together,
there is evidence supporting the view that employees who perceive controls as providing more inde-
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 6
pendence from controllers (due to a relaxed degree) also have higher perceptions of control legitima-
cy. In contrast, we expect controls hampering the ability of employees in terms of independently doing
their work (due to a tight degree) will lead to lower legitimacy perceptions. Thus, we offer the follow-
ing hypothesis to be empirically tested with a set of four concrete control scenarios:
H2: The use of a relaxed control degree is associated with higher employee perceptions of control
legitimacy (in terms of justice and autonomy) in comparison to the use of a tight control degree.
The relationship between control style and control legitimacy focuses on the impact that the approach
used to enact a control can have on controllees. For example, when using a bilateral style, controllers
provide controllees with a rationale for the enacted controls and the opportunity to provide feedback
(Wiener et al. 2016). Chua & Myers (2018) consider the importance of this negotiation between the
controller and controllee in shaping the social and organizational structure of controls. When control-
lees can participate in such bilateral interactions, they should be more likely to influence and contrib-
ute to the design and implementation of controls, thus increasing perceptions of fairness and justice.
In contrast, controllers who utilize a unilateral style focus on the specification and communication of
controls, rather than on interactions with controllees (Wiener et al. 2016). Since controllees have little
influence on the configuration or enactment of the controls, they are more likely to view them as un-
fair and unjust. One explanation for this relationship is the negative impact on the socio-emotional
well-being of controllees (e.g. Cram et al. 2016). Wiener et al. (2016) reinforce this view by suggest-
ing that a unilateral control style may lead to negative socio-emotional feelings by controllees (e.g.
dissatisfaction), whereas a bilateral style is likely to reduce such consequences. In past qualitative re-
search investigating the relationship between control style and legitimacy in IS development, Cram
and Wiener (2018) find a relationship between a bilateral control style and high control legitimacy, as
well as between a unilateral style and low control legitimacy. Therefore, we hypothesize that:
H3: The use of a bilateral control style is associated with higher employee perceptions of control le-
gitimacy (in terms of justice and autonomy) in comparison to the use of a unilateral control style.
3.2 Control Legitimacy Perceptions and Compliance Intentions (RQ2)
Of primary practical concern to organizations is obtaining clarity on the behavioral consequences that
result from an employee who has particularly strong or weak perceptions of control legitimacy (in
terms of justice and autonomy). For example, in the context of platform control/governance, past re-
search finds that perceived autonomy is an important driver of IS developers’ continuance intentions
and quality of work. Past research that examines employee compliance intentions within the IS litera-
ture falls primarily within the study of information security policies (e.g. Cram et al. 2017, 2019). In
this body of work, the results show a positive relationship between an employee’s perception that a
control is legitimate and their intention to comply with that control, or a negative relationship with
their intention to violate the control (Posey et al. 2011; Son 2011; Bauer and Bernroider 2017). Similar
results have been found by management studies (e.g., Tyler and Blader 2005).
Likewise, Chua and Myers (2018) suggest that the enactment of controls comes with a cost in terms of
time investments (e.g., controller-controllee meetings). As employees have a limited amount of time to
dedicate to their IS project work, in cases where a controllee does not perceive a control as legitimate,
they may be more inclined to resist participating in a control or pursuing a work-around (Woltjer
2017). Similarly, Wiener et al. (2016) note that committed and motivated employees will be less in-
clined to resist controls. Based on the above considerations, we hypothesize that:
H4: Perceptions of control legitimacy positively influence an employee’s intentions to comply with the
IS project controls.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 7
4 Methodology
To test our research model, we conducted a factorial survey (also referred to as vignette study). In the
1980s, Rossi and Anderson (1982) introduced a novel approach to uncover the principles behind hu-
man evaluations or judgements: vignette studies. By combining vignette experiments with traditional
surveys, the researchers wanted to maximize both internal and external validity. In short, vignettes are
brief, constructed descriptions of persons, objects or situations, which include a set of independent
variables that are systematically manipulated (Atzmüller and Steiner 2010). The resulting (different)
vignettes (i.e. the vignette universe) is equal to the cartesian product of the variables under investiga-
tion and all levels for these variables. The survey respondents are then presented with the vignettes
and asked for their assessment of the described situation. Vignette studies allow for the simultaneous
presentation of several situations with various explanatory and contextual factors, what makes them a
powerful method to investigate causalities of respondent judgements. Moreover, the inclusion of sev-
eral factors makes the described situations more realistic to respondents, as compared to typical sur-
veys (Atzmüller and Steiner 2010).
4.1 Vignette Preparation and Partitioning
The careful preparation of realistic and relevant vignettes can be seen as a first crucial step for con-
ducting successful vignette studies (Siponen and Vance 2014). Therefore, our author team built on the
expertise of two additional experienced researchers to optimize our vignette descriptions. For our
study, three variables were manipulated. The first variable, control mode, was manipulated in four
ways (representing either behavior, outcome, clan, or self-control). The other two variables, control
style and control degree, varied in two ways each (representing a tight or relaxed control degree and a
bilateral or unilateral control style). This resulted in a cartesian product of 16 vignettes (4 x 2 x 2). Ta-
ble 1 gives an overview of all factors and includes more detail about the respective factor levels.
To align the perception of potential survey respondents with the perception of the vignette writers, we
evaluated our vignettes with a group of 20 graduate students, majoring in IS. First, we gave the stu-
dents a short introduction to IS project control and the relevant concepts of control mode, degree and
style. Then, using five-point Likert scales, we asked the students to what extent they recognize the in-
tended control modes, degrees, and styles within the vignette descriptions. Moreover, we added text
boxes next to each Likert scale and asked them to justify all of their choices. Each of the 16 vignettes
was evaluated by at least five different students (regarding mode, degree, and style), where 1 indicated
a very good match and 5 indicated a not so good match. We calculated the resulting arithmetic means
of all students’ evaluations and created a heat map. Only five out of the 48 arithmetic means (16 vi-
gnettes with three evaluations each) were above three; that is, 43 means were below three, indicating a
good match between intended and perceived factor levels. The evaluation led to minor adaptions of
some vignettes. For instance, the control degree of one vignette was perceived more relaxed than in-
tended. In this case, we made the control tighter by increasing the control frequency.
To avoid overloading survey participants, we halved the vignette universe into two equally sized sets
of eight vignettes each. Vignette populations may be partitioned either systematically or randomly.
Given the rather low overall sum of vignettes and the suitable number of factor levels, we split the vi-
gnette universe systematically into two orthogonal and balanced sets. This means that all factor levels
and pairs of levels occur equally often in the vignette sets (Steiner et al. 2017). This approach aims to
reduce confounding of interaction effects with main effects and is recommended for rather small vi-
gnette universes (Atzmüller and Steiner 2010). Also, there was no need to eliminate any vignettes as
the number of vignettes was manageable and we could not identify implausible factor-level combina-
tions. Through maximizing variance of the factor levels while preserving orthogonality and factor bal-
ance, we arrived at a so-called D-efficient design (Dülmer 2016). D-efficient designs are preferable as
they reduce the generalized variance of the estimated parameter estimators.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 8
4.2 Conducting the Survey
For this study, we decided to recruit respondents with experience on IS development projects on Ama-
zon Mechanical Turk (MTurk), an online crowdsourcing market (OCM). We awarded the workload of
approximately 10 to 15 minutes for completed participation with USD 2.00. Some researchers argue
that online crowd workers might not be paying full attention or highly experienced respondents may
distort results (Lowry et al. 2016). However, a recent study has shown that surveying MTurk partici-
pants leads to similar statistical conclusions as compared to students and consumer panels (Steelman et
al. 2014). Moreover, some researchers conclude that MTurk participants show even higher attentive-
ness to instructions and showed larger effects in response to a minute text manipulation compared to
traditional subject pool samples (Hauser and Schwarz 2016).
To assure that our participants read the survey instructions carefully and recognized the differences in
the vignettes, we implemented an instructional manipulation check (IMC) at the beginning of our sur-
vey, as suggested by Oppenheimer et al. (2009). Put simply, an IMC is a sort of trick question. If re-
spondents do not follow the given instructions and fail to answer the trick question correctly, it can be
assumed that they did not process the instructions carefully enough and thus should be excluded from
the survey. To further increase data validity and based on professional judgement, we also removed all
respondents who obviously rushed through the survey (i.e. participants who spent less than 20 seconds
for answering the questions regarding any of the eight vignettes presented in the survey). This is be-
cause we saw no possibility to read the vignette description and answer the related questions in less
than 20 seconds.
5 Data Analysis
Factorial surveys produce hierarchical and multilevel data (Hox et al. 1991), having variables of both
the respondent level (e.g. age, gender, nationality) and the vignette level (i.e. control mode, degree,
and style). The aim of our vignette study was to focus on the vignette level. Consequently, we limited
our analysis to the 232 respondents currently living in the USA to minimize cultural bias. We also ran
non-parametric Kruskal-Wallis tests to identify any general differences between the respondent
groups’ mean evaluations, which could be traced back to the remaining control variables (i.e. age,
gender, work experience, development methodology, company size, education). Afterwards, we per-
formed ordinal regression analyses where we included the control variables to see if they significantly
affect the parameter estimators of the respondent’s legitimacy perceptions and compliance intentions.
In our case, neither the residuals of our regression model were normally distributed (P-P/Q-Q plot
analysis and Kolmogorov-Smirnov test, p<0.001), nor was the relationship between independent and
dependent variables linear. Thus, we carried out an ordinal logistic regression using SPSS v25 to test
our hypotheses. Put simply, the ordinal regression procedure is an extension of the general linear mod-
el to ordinal categorical data (Norusis 2012), which is able to handle the ordinal scaling of dependent
variables. For the analysis of H1-3, we aggregated the 11-point Likert scales to five categories (1-2:
very low, 3-4: low, 5-7: medium, 8-9: high, 10-11: very high) in order to keep the number of empty
cells low (i.e. dependent-variable levels by combinations of predictor-variable values), as this could
seriously harm the results of the analyses (Norusis 2012).
Table 2 provides descriptive statistics on our data sample. We carried out Mann-Whitney U tests (2
variable levels) and Kruskal-Wallis tests (>2 variable levels) to assess the relevance of our socio-
demographic control variables. Those non-parametric tests for independent samples indicate whether
there are significant discrepancies between the mean answers of different respondent groups (e.g. fe-
male vs. male). From this analysis, it can be concluded that perceived control legitimacy (in terms of
justice and autonomy) is not significantly different in the groups defined by gender and work experi-
ence. However, the mean ranks for justice and autonomy are significantly different in subgroups de-
fined by age (p<0.05 and p<0.01, respectively), education (p<0.01 and p<0.05, respectively), and IS
methodology (p<0.001 for legitimacy and autonomy. Ordinal logistic regression analyses including
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 9
those test variables further revealed that neither gender, work experience, education, nor the systems
development methodology significantly influenced the parameter estimates. While setting age as a
single factor led to significant results, including it as a covariate did not help improve any of our mod-
els. Thus, we conclude that just analyzing respondents living in the USA results in a sufficiently ho-
mogenous group for our analysis of the parameter estimates.
Table 2. Survey participants’ sociodemographic information (in percent)
5.1 Control Modes and Control Legitimacy (H1)
Table 3 summarizes the analysis results for control modes as a predictor of perceived control legitima-
cy (dependent variable). Ordinal logistic regression results suggest that control modes have a signifi-
cant impact on employees’ perceived level of control legitimacy in terms of both justice and autonomy
(model fit p<0.001). To give an example, only 9.6 percent of our respondents perceived self-control as
very illegitimate, whereas 16.6 percent assessed clan control as very illegitimate (related to justice).
The parameter estimates for behavior, outcome, and clan controls are also significant (p<0.001, self-
control served as a reference category). The non-significant values of the intercepts at the medium le-
gitimacy level can be neglected because the parameter estimates for all control modes are significant
(the parameter estimates equate to the differences between the intercepts given in Table 3).
Legitimacy
Perceptions
Legitimacy Dimension: Justice Legitimacy Dimension: Autonomy
Par. Est. Prob. Wald Sig. Par. Est. Prob. Wald Sig.
Very Low
Behavior
Outcome
Clan
Self
-2.720
-2.724
-2.874
-2.243
.146
.147
.166
.096
485.0 .000
***
Behavior
Outcome
Clan
Self
-2.775
-3.004
-3,186
-2.454
.106
.130
.152
.079
538.2 .000
***
Low
Behavior
Outcome
Clan
Self
-1.663
-1.667
-1.817
-1.186
.184
.184
.198
.138
174.0 .000
***
Behavior
Outcome
Clan
Self
-1.550
-1.779
-1.961
-1,229
.182
.207
.227
.147
184.9 .000
***
Medium
Behavior
Outcome
Clan
Self
-.433
-.437
-.587
.044
.298
.298
.298
.277
0.3 .605
n.s.
Behavior
Outcome
Clan
Self
-.241
-.470
-.652
.080
.311
.316
.314
.294
0.9 .349
n.s.
High
Behavior
Outcome
Clan
Self
.738
.734
.584
1.215
.217
.217
.201
.260
175.1 .000
***
Behavior
Outcome
Clan
Self
0.937
0.708
0.526
1.258
.230
.207
.187
.259
185.2 .000
***
Very High
Behavior
Outcome
Clan
Self
-
.156
.155
.136
.229
- -
Behavior
Outcome
Clan
Self
-
.171
.141
.120
.221
- -
Model Fit-
ting Info
-2 Log Likelihood:
Chi-Square:
Sig.:
105.426
33.424
.000***
-2 Log Likelihood:
Chi-Square:
Sig.:
112.545
43.796
.000***
Table 3. Hypothesis test results: Control modes
Gender Age (years) Work Exp. (yrs) Education IS Methodology
Female
Male
Prefer not
to answer
28.4
71.1
0.4
18-24
25-34
35-44
45-54
55+
7.3
32.3
34.1
17.7
8.2
< 3
3-6
7-10
11-14
> 15
13.8
31.5
15.1
11.6
28.0
No degree
High School
Undergraduate
Postgraduate
Other
15.9
5.2
61.2
17.2
0.4
Agile
Waterfall
Hybrid
Other
42.2
16.8
37.9
3.0
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 10
Based on the data, we can thus conclude that H1 is partially supported because (informal) self-control
led to significantly higher legitimacy perceptions (this can be seen by the higher parameter estimates
of self-control in Table 3). However, this does not hold true for clan control (the other informal control
mode), which got the lowest legitimacy assessments out of the four control modes.
5.2 Control Degrees and Control Legitimacy (H2)
To test the relationship between control degrees and controllees’ level of perceived control legitimacy,
we again included the respective variables in an ordinal logistic regression model. The results (Table
4) demonstrate that the control degrees represented in the vignette descriptions had a significant im-
pact on both aspects of legitimacy. The model fitting information (p<0.01) indicates that the control
degree is a good predictor for the level of perceived legitimacy. Moreover, the parameter estimates for
the relaxed control degree are higher compared with the parameter estimates for the tight degree (see
Table 4). Additional tests (not reported) led to significant differences (p<0.01) between the parameter
estimators of relaxed and tight control degrees. Thus, control enacted in a more relaxed way indeed
resulted in significantly higher legitimacy perceptions, providing support for H2.
Table 4. Hypothesis test results: Control degrees
5.3 Control Styles and Control Legitimacy (H3)
Table 5. Hypothesis test results: Control styles
Legitimacy
Perceptions
Legitimacy Dimension: Justice Legitimacy Dimension: Autonomy
Par. Est. Prob. Wald Sig. Par. Est. Prob. Wald Sig.
Very Low tight
relaxed -1.649
-1.365
.161
.126 534.3
.000
***
tight
relaxed -1.895
-1.616
.131
.102 534.3
.000
***
Low tight
relaxed
-.643
-.359
.184
.158 112.2
.000
***
tight
relaxed
-.681
-.402
.203
.173 112.2
.000
***
Medium tight
relaxed
.578
.862
.296
.289 92.1
.000
***
tight
relaxed
.613
.892
.315
.308 92.1
.000
***
High tight
relaxed
1.741
2.025
.210
.238 537.5
.000
***
tight
relaxed
1.780
2.059
.207
.235 537.5
.000
***
Very High tight
relaxed -
.149
.189 - -
tight
relaxed -
.144
.182 - -
Model Fit-
ting Info
-2 Log Likelihood:
Chi-Square:
Sig.:
54.332
11.833
.001***
-2 Log Likelihood:
Chi-Square:
Sig.:
54.012
11.395
.001***
Legitimacy
Perceptions
Legitimacy Dimension: Justice Legitimacy Dimension: Autonomy
Par. Est. Prob. Wald Sig. Par. Est. Prob. Wald Sig.
Very Low unilat.
bilat. -1.729
-1.519
.151
.126 534.3
.000
***
unilat.
bilat. -1.889
-1.594
.131
.101 531.5
.000
***
Low unilat.
bilat.
-.682
-.472
.185
.165 112.2
.000
***
unilat.
bilat.
-.674
-.379
.207
.174 110.1
.000
***
Medium unilat.
bilat.
.535
.745
.295
.290 92.1
.000
***
unilat.
bilat.
.621
.916
.312
.306 94.3
.000
***
High unilat.
bilat.
1.697
1.907
.214
.235 537.5
.000
***
unilat.
bilat.
1.788
2.083
.207
.236 541.1
.000
***
Very High unilat.
bilat. -
.155
.184 - -
unilat.
bilat. -
.143
.183 - -
Model Fit-
ting Info
-2 Log Likelihood:
Chi-Square:
Sig.:
69.589
6.453
.011*
-2 Log Likelihood:
Chi-Square:
Sig.:
53.646
12.688
.000***
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 11
Our regression analysis regarding the link between control styles and controllees’ legitimacy percep-
tions yields significant results for both legitimacy dimensions as well (see Table 5). However, the pos-
itive relationship between a bilateral control style and perceived control legitimacy is less clear for the
justice dimension than for autonomy (model fit: p<0.05 for justice, p<0.001 for autonomy). This re-
sults in higher differences between the parameter estimates in the autonomy model compared to the
justice model. We can therefore conclude that a bilateral control style is associated with significantly
higher control legitimacy perceptions than a unilateral control style, which means that H3 is supported.
5.4 Control Legitimacy and Compliance Intentions (H4)
Finally, we analyzed how controllees’ control legitimacy perceptions shape their intention to comply
with the controls enacted (as described in the vignette descriptions). To improve the quality of the sta-
tistical analyses, we reduced the number of empty cells by further aggregating the number of levels to
3 (i.e. high, medium, low). The parameter estimates for the different legitimacy groups were signifi-
cant (p<0.001 for all, see Table 6). To give an example: from the results, we can see that subordinates
with high legitimacy perceptions (in terms of autonomy—see right table column) show much higher
intentions to comply with the enacted controls (probability of about 60%) than subordinates with a low
level of perceived autonomy (probability of about 37%).
Compliance
Intentions
Legitimacy Dimension: Justice Legitimacy Dimension: Autonomy
Par. Est. Prob. Wald Sig. Par. Est. Prob. Wald Sig.
Low
low
medium
high
-.2884
-3.072
-2.259
.163
.191
.095
466.2 .000
***
low
medium
high
-3.117
-2.772
-2.193
.219
.166
.100
438.4 .000
***
Medium
low
medium
high
-1.090
-1.280
-.467
.376
.395
.291
26.9 .000
***
low
medium
high
-1.327
-.982
-.403
.408
.378
.300
19.8 .000
***
High
low
medium
high
-
.461
.414
.615
- .000
***
low
medium
high
-
.373
.456
.599
- .000
***
Model Fit-
ting Info
-2 Log Likelihood:
Chi-Square:
Sig.:
91.291
57.805
.000***
-2 Log Likelihood:
Chi-Square:
Sig.:
75.871
51.222
.000***
Table 6. Hypothesis test results: Compliance intentions
Goodness-of-fit tests and Test of Parallel Lines (not reported above) in relation to H1-3 led to signifi-
cant results (p<0.01), which suggests that the models provide room for improvement. As we can see at
the medium levels, there are some ambiguities that might lead to those significant values, requiring
additional analyses. For example, looking at the justice dimension of control legitimacy, the estimates
at the medium levels are not laying between the low and high levels. To further analyze the relation-
ship between subordinates’ legitimacy perceptions and their compliance intentions, we ran non-
parametric Mann-Whitney U tests (see Table 7). The results show that, leaving out the medium levels,
the average rank for compliance intentions is significantly higher in the case of high control legitimacy
perceptions than in the case of low legitimacy perceptions (asymptotic significance p<0.001 for both
legitimacy dimensions), offering support for H4. This positive link is more pronounced for one legiti-
macy dimension (autonomy) than for the other dimension (justice).
Intention to Comply Legitimacy: Justice Legitimacy: Autonomy
N Average Rank Rank Sum N Average Rank Rank Sum
Low
High
470
550
476.8
539.3
224,113
296,597
420
526
422.8
514.0
177,594
270,337
Asymptotic Sig. .000*** .000***
Table 7. Mann-Whitney U test results for compliance intentions
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 12
6 Discussion
The study’s objective was to examine how different control configurations and enactments shape con-
trol legitimacy perceptions and compliance intentions in the specific context of IS development pro-
jects. Drawing on a vignette study with 232 participants, we find support for all hypothesized relation-
ships (except for one hypothesis, H1, which is only partially supported). On this basis, our study
makes several important contributions to the IS project control literature. The first contribution lies in
quantitatively analyzing the relationships between three focal control concepts commonly used to de-
scribe IS project control activities—namely, control modes and degrees (configurations) and control
styles (enactments)—and subordinates’ perceptions of control legitimacy (in terms of justice and au-
tonomy), thereby supplementing and extending prior (qualitative) research in the area (e.g., Cram and
Wiener 2018). In particular, with regard to the impact of control modes on legitimacy perceptions
(H1), we find that self-control (an informal control mode) is perceived to be the most legitimate mode,
whereas the other informal control, clan control, is perceived to be the least legitimate mode, in terms
of both justice and autonomy. The two formal control modes (behavior and outcome control) are
found to be associated with similar legitimacy perceptions, falling in between those of clan and self-
control. Our study results thus confirm, and at the same time contrast, the case study findings by Cram
and Wiener (2018), who find that informal controls in general are perceived to be more legitimate than
formal controls. Regarding the link between different control degrees and subordinates’ legitimacy
perceptions (H2), our study confirms the qualitative findings by Cram and Wiener (2018), which sug-
gest that a relaxed degree increases control legitimacy perceptions, whereas a tight degree decreases
such perceptions. Our semi-quantitative analysis shows that these relationships are significant for both
of the legitimacy dimensions we studied (i.e. justice and autonomy). In addition, our study adds new
insights to the extant body of knowledge by quantitatively assessing the importance of control degree
(relative to control mode) in predicting control legitimacy perceptions. This can be seen at the differ-
ences between the parameter estimates. For example, with a difference of 0.284, control degree had a
lower impact on legitimacy perceptions than control modes, which showed differences in the parame-
ter estimates of up to 0.631 (clan control vs. self-control). Similarly, with regard to the link between
the two basic control styles (unilateral vs. bilateral) and subordinates’ legitimacy perceptions (H3), our
study findings are largely in line with the case-study findings of Cram and Wiener (2018). Specifical-
ly, our study findings confirm that a bilateral (enabling) control style leads to greater perceptions of
justice and autonomy than a unilateral (authoritative) control style. However, contrasting earlier re-
search, our analysis results suggest that, when compared to the other two focal control concepts under
investigation (i.e. control modes and degrees), control styles have the lowest (though still a significant)
impact on control legitimacy perceptions.
A second and related study contribution concerns the link between subordinates’ legitimacy percep-
tions of enacted controls and their intention to comply with those controls. In IS security policy litera-
ture, various studies exist that find a link between legitimacy perceptions and compliance intentions
(e.g., Son 2011; Hu et al. 2012). However, at this point, we are not aware of any studies in the IS pro-
ject control literature that have empirically analyzed this link. Our study therefore contributes to this
literature by providing empirical support for the positive relationship between control legitimacy per-
ceptions and compliance intentions in the specific context of IS development projects. Here, our re-
sults point to an interesting pattern; in particular, they suggest that subordinates’ perceptions of auton-
omy appear to be more important for compliance intentions than their justice perceptions.
Another potentially important contribution of our study lies in expanding the methodological ‘toolbox’
of IS project control research. In particular, while extant research in the area shows a strong focus on
qualitative case studies and quantitative field surveys (Wiener et al. 2016), the study at hand uses a
semi-quantitative vignette study design, which aims at combining the strengths of both qualitative and
quantitative approaches. By doing so, our findings are likely to come with higher internal and external
validity (Auspurg and Hinz 2014).
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 13
Finally, shedding light on the antecedents and consequences of control legitimacy perceptions, the re-
sults of our study also have some important implications for managers. In particular, configuring and
enacting IS project controls in a way that is perceived to be legitimate by subordinates is important for
two main reasons: First, extant research finds that controls can have both positive and negative effects
on subordinates’ socio-emotional state (Fitzgerald 1996; Santana and Robey 1995). Consequently,
managers are well advised to select and enact controls that maximize factors such as job satisfaction,
motivation, and creativity. Second, as noted above, our study provides empirical support for the link
between subordinates’ legitimacy perceptions of enacted controls and their intentions to comply with
those controls. The results of our study thus serve as a reminder to managers that they need to config-
ure and enact controls with an eye toward subordinates’ justice and autonomy perceptions in order to
avoid (active) resistance behavior, on one hand, and to increase compliance intentions and thus control
effectiveness, on the other hand.
6.1 Limitations and Future Research
The results and contributions of our study should be interpreted with some limitations in mind. Several
of these limitations also present promising opportunities for future research. First, for the vignette
study, we had to prepare simplified descriptions of control situations as they may occur in real-life IS
development projects. Although we put considerable efforts in formulating, testing, and refining the
vignettes in order to ensure that they accurately represent the control concepts studied in our research,
some of the study participants might still have misinterpreted them, potentially biasing the results.
Second, our study focused on two key dimensions of control legitimacy, namely, justice and autono-
my. Here, future research may want to consider group identification and competence development as
two additional sources of legitimacy, as also suggested by Bijlsma-Frankema and Costa (2010). More-
over, studies in the context of security policies, such as the one by Son (2011), suggest that there
might be other factors that shape subordinates’ willingness to comply with controls/policies, including
an employee’s perceived value congruence with her or his manager.
Finally, our study measured subordinates’ compliance intentions. Also, while asking study participants
about their level of understanding (or empathy) for our vignette protagonist’s non-compliance with the
controls described is a good way to reduce social desirability bias, actual behaviors might still deviate
from mere compliance intentions. Thus, another interesting opportunity for further research would be
trying to measure participants’ actual compliance with enacted controls. In this regard, a field experi-
ment could be a promising approach to measure how subordinates will actually behave.
7 Conclusion
IS projects are continuing to fail at an alarmingly high rate, suggesting that project controls are often
not configured and enacted in an effective manner. Against this backdrop, the overarching goal of this
study was to shed light on the impact of different IS project control configurations (in terms of modes
and degrees) and control enactments (styles) on subordinates’ legitimacy perceptions, and ultimately
on their compliance intentions. To reach this goal, we conducted a vignette study with 232 participants
from the US and then used ordinal logistic regression to analyze our data sample and test our research
model. The analysis results provide strong support for the hypothesized relationships. In particular,
they suggest that self-control (informal control mode), a relaxed control degree, and a bilateral control
style are significantly associated with high perceptions of control legitimacy, and that control modes in
general represent the strongest predictor of subordinates’ legitimacy perceptions. In addition, our study
offers empirical support for a direct and significantly positive relationship between control legitimacy
perceptions and compliance intentions. With this study, we thus contribute to the growing body of re-
search on the antecedents and consequences of control legitimacy perceptions, thereby also providing
managers with guidance on how to configure and enact “legit” controls that are perceived by IS pro-
ject team members as being just and autonomy-preserving.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 14
References
Atzmüller, Christiane, and Peter M. Steiner. 2010. “Experimental Vignette Studies in Survey
Research.” Methodology 6 (3), pp. 128–38.
Auspurg, Katrin, and Thomas Hinz. 2014. Factorial Survey Experiments. Series Quantitative
Applications in the Social Sciences No. 175. Edited by SAGE.
Barker, James R. 1993. “Tightening the Iron Cage: Concertive Control in Self-Managing Teams.”
Administrative Science Quarterly 38 (3), pp. 408–37.
Bauer, Stefan, and Edward W.N. Bernroider. 2017. “From Information Security Awareness to
Reasoned Compliant Action.” ACM SIGMIS Database: The DATABASE for Advances in
Information Systems 48 (3), pp. 44–68.
Bijlsma-Frankema, Katinka M., and Ana Cristina Costa. 2010. “Consequences and Antecedents of
Managerial and Employee Legitimacy Interpretations of Control: A Natural Open System
Approach.” In Organizational Control, edited by Sim B Sitkin, Laura B. Cardinal, and Katinka
M. Bijlsma-Frankema, 396–433. Cambridge: Cambridge University Press.
Brenner, Barbara, and Björn Ambos. 2013. “A Question of Legitimacy? A Dynamic Perspective on
Multinational Firm Control.” Organization Science 24 (3), pp. 773–95.
Cardinal, Laura B., Markus Kreutzer, and C. Chet Miller. 2017. “An Aspirational View of
Organizational Control Research: Re-Invigorating Empirical Work to Better Meet the Challenges
of 21st Century Organizations.” Academy of Management Annals 11 (2), pp. 559–92.
Cardinal, Laura B., Sim B. Sitkin, and Chris P. Long. 2010. Organizational Control. Edited by Sim B
Sitkin, Laura B. Cardinal, and Katinka M. Bijlsma-Frankema. Organizational Control.
Cambridge: Cambridge University Press.
Choudhury, Vivek, and Rajiv Sabherwal. 2003. “Portfolios of Control in Outsourced Software
Development Projects.” Information Systems Research 14 (3), pp. 291–314.
Cram, W. Alec, Kathryn Brohman, and R. Brent Gallupe. 2016. “Information Systems Control: A
Review and Framework for Emerging Information Systems Processes.” Journal of the
Association for Information Systems 17 (4), pp. 216–66.
Cram, W. Alec, John D’Arcy, and Jeffrey G. Proudfoot. 2019. “Seeing the Forest and the Trees: A
Meta-Analysis of the Antecedents to Information Security Policy Compliance.” MIS Quarterly
43 (2), pp. 525–54.
Cram, W. Alec, Jeffrey G. Proudfoot, and John D’Arcy. 2017. “Organizational Information Security
Policies: A Review and Research Framework.” European Journal of Information Systems 26 (6),
pp. 605–41.
Cram, W. Alec, and Martin Wiener. 2018. “Perceptions of Control Legitimacy in Information Systems
Development.” Information Technology & People 31 (3), pp. 712–40.
Dülmer, Hermann. 2016. “The Factorial Survey.” Sociological Methods & Research 45 (2), pp. 304–
47.
Dwivedi, Yogesh K., David Wastell, Sven Laumer, Helle Zinner Henriksen, Michael D. Myers,
Deborah Bunker, Amany Elbanna, M. N. Ravishankar, and Shirish C. Srivastava. 2015.
“Research on Information Systems Failures and Successes: Status Update and Future
Directions.” Information Systems Frontiers 17 (1), pp. 143–57.
Eng, Cecil, Wee-Kiat Lim, Christina Soh, and Siew Kien. 2012. “Enacting Clan Control in Complex It
Projects: A Social Capital Perspective.” MIS Quarterly 36 (2), pp. 577–600.
Fitzgerald, Brian. 1996. “Formalized Systems Development Methodologies: A Critical Perspective.”
Information Systems Journal 6 (1), pp. 3–23.
Goldbach, Tobias, Alexander Benlian, and Peter Buxmann. 2018. “Differential Effects of Formal and
Self-Control in Mobile Platform Ecosystems: Multi-Method Findings on Third-Party
Developers’ Continuance Intentions and Application Quality.” Information & Management 55
(3), pp. 271–84.
Gopal, Anandasivam, and Sanjay Gosain. 2010. “The Role of Organizational Controls and Boundary
Spanning in Software Development Outsourcing: Implications for Project Performance.”
Information Systems Research 21 (4), pp. 960–82.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 15
Gregory, Robert Wayne, Roman Beck, and Mark Keil. 2013. “Control Balancing in Information
Systems Development Offshoring Projects.” MIS Quarterly 37 (4), pp. 1211–32.
Hauser, David J., and Norbert Schwarz. 2016. “Attentive Turkers: MTurk Participants Perform Better
on Online Attention Checks than Do Subject Pool Participants.” Behavior Research Methods 48
(1), pp. 400–407.
Henderson, John C., and Soonchul Lee. 1992. “Managing I/S Design Teams: A Control Theories
Perspective.” Management Science 38 (6), pp. 757–77.
Heumann, Jakob, Martin Wiener, Ulrich Remus, and Magnus Mähring. 2015. “To Coerce or to
Enable? Exercising Formal Control in a Large Information Systems Project.” Journal of
Information Technology 30 (4), pp. 337–51.
Höffe, Ottfried. 1995. Political Justice: Foundations for a Critical Philosophy of Law and the State.
Polity Press.
Hox, Joop J., Ita G.G. Kreft, and Piet L.J. Hermkens. 1991. “The Analysis of Factorial Surveys.”
Sociological Methods & Research 19 (4), pp. 493–510.
Hu, Qing, Tamara Dinev, Paul Hart, and Donna Cooke. 2012. “Managing Employee Compliance with
Information Security Policies: The Critical Role of Top Management and Organizational
Culture*.” Decision Sciences 43 (4), pp. 615–60.
Huang Chua, Cecil Eng, and Michael D. Myers. 2018. “Social Control in Information Systems
Development: A Negotiated Order Perspective.” Journal of Information Technology 33 (3), pp.
173–87.
Hughes, D. Laurie, Nripendra P. Rana, and Antonis C. Simintiras. 2017. “The Changing Landscape of
IS Project Failure: An Examination of the Key Factors.” Journal of Enterprise Information
Management 30 (1), pp. 142–65.
Jiang, James J., Gary Klein, Hsin-Ginn Hwang, Jack Huang, and Shin-Yuan Hung. 2004. “An
Exploration of the Relationship Between Software Development Process Maturity and Project
Performance.” Information & Management 41 (3), pp. 279–88.
Kappelman, Leon, Russell Torres, Ephraim McLean, Chris Maurer, Vess Johnson, and Kevin Kim.
2019. “The 2018 SIM IT Issues and Trends Study.” MIS Quarterly Executive 18 (1), pp. 53–88.
Kirsch, Laurie J. 1996. “The Management of Complex Tasks in Organizations: Controlling the
Systems Development Process.” Organization Science 7 (1), pp. 1–21.
———. 1997. “Portfolios of Control Modes and IS Project Management.” Information Systems
Research 8 (3), pp. 215–39.
Kohli, Rajiv, and William Kettinger. 2004. “Informating the Clan: Controlling Physicians’ Costs and
Outcomes.” MIS Quarterly 28 (3), pp. 363–94.
Kulp, Susan L, Taylor Randall, Gregg Brandyberry, and Kevin Potts. 2006. “Using Organizational
Control Mechanisms to Enhance Procurement Efficiency: How GlaxoSmithKline Improved the
Effectiveness of E-Procurement.” Interfaces 36 (3), pp. 209–19.
Lowry, Paul Benjamin, John D’Arcy, Bryan Hammer, and Gregory D. Moody. 2016. “‘Cargo Cult’
Science in Traditional Organization and Information Systems Survey Research: A Case for
Using Nontraditional Methods of Data Collection, Including Mechanical Turk and Online
Panels.” The Journal of Strategic Information Systems 25 (3), pp. 232–40.
McAvoy, John, and Tom Butler. 2009. “The Dilution of Effort in Self-Evaluating Development
Teams: Agile Loafing.” Electronic Journal of Information Systems Evaluation 12 (2), pp. 161–
71.
Meyer, John, and Brian Rowan. 1977. “Institutionalized Organizations: Formal Structure as Myth and
Ceremony.” American Journal of Sociology 83 (2), pp. 340–63.
Murungi, David, Martin Wiener, and Marco Marabelli. 2019. “Control and Emotions: Understanding
the Dynamics of Controllee Behaviours in a Health Care Information Systems Project.”
Information Systems Journal, no. January (February), pp. 1–25.
Norusis, Marija. 2012. “Ordinal Regression.” In IBM SPSS Statistics 19 Advanced Statistical
Procedures Companion, 1:69–89. Prentice Hall.
O’Dwyer, Orla, Kieran Conboy, and Michael Lang. 2013. “A Conceptual Framework for
Understanding Clan Control in Isd Project Teams.” ECIS 2013 - Proceedings of the 21st
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
Walser et al. /ISD Control Legitimacy and Compliance
. 16
European Conference on Information Systems.
Oppenheimer, Daniel M., Tom Meyvis, and Nicolas Davidenko. 2009. “Instructional Manipulation
Checks: Detecting Satisficing to Increase Statistical Power.” Journal of Experimental Social
Psychology 45 (4), pp. 867–72.
Posey, Clay, Rebecca J Bennett, Tom L Roberts, and Paul Benjamin Lowry. 2011. “When Computer
Monitoring Backfires.” Journal of Information System Security 7 (1), pp. 24–47.
Remus, Ulrich, Martin Wiener, Magnus Mähring, Carol Saunders, and Alec Cram. 2015. “Why Do
You Control? The Concept of Control Purpose and Its Implications for Is Project Control
Research.” 36th International Conference on Information Systems (2015), 1–19.
Rossi, Peter, and Andy Anderson. 1982. “The Factorial Survey Approach: An Introduction.” In
Measuring Social Judgments: The Factorial Survey Approach, 1–25. Beverly Hills: SAGE
Publications Inc.
Santana, Martin, and Daniel Robey. 1995. “Perceptions of Control During Systems Development:
Effects on Job Satisfaction of Systems Professionals.” Computer Personnel 16 (1), pp. 20–34.
Schnedler, Wendelin, and Radovan Vadovic. 2011. “Legitimacy of Control.” Journal of Economics &
Management Strategy 20 (4), pp. 985–1009.
Siponen, Mikko, and Anthony Vance. 2014. “Guidelines for Improving the Contextual Relevance of
Field Surveys: The Case of Information Security Policy Violations.” European Journal of
Information Systems 23 (3), pp. 289–305.
Son, Jai-Yeol. 2011. “Out of Fear or Desire? Toward a Better Understanding of Employees’
Motivation to Follow IS Security Policies.” Information & Management 48 (7), pp. 296–302.
Steelman, Zachary R, Bryan I. Hammer, and Moez Limayem. 2014. “Data Collection in the Digital
Age: Innovative Alternatives to Student Samples.” MIS Quarterly 38 (2), pp. 355–78.
Steiner, Peter M., Christiane Atzmüller, and Dan Su. 2017. “Designing Valid and Reliable Vignette
Experiments for Survey Research: A Case Study on the Fair Gender Income Gap.” Journal of
Methods and Measurement in the Social Sciences 7 (2), pp. 52–94.
Suchman, Mark C. 1995. “Managing Legitimacy: Strategic and Institutional Approaches.” The
Academy of Management Review 20 (3), pp. 571–610.
Tiwana, Amrit, and Mark Keil. 2009. “Control in Internal and Outsourced Software Projects.” Journal
of Management Information Systems 26 (3), pp. 9–44.
Tyler, Tom R. 2006. “Psychological Perspectives on Legitimacy and Legitimation.” Annual Review of
Psychology 57 (1), pp. 375–400.
Tyler, Tom R., and Steven L. Blader. 2005. “Can Businesses Effectively Regulate Employee
Conduct? The Antecedents of Rule Following in Work Settings.” Academy of Management
Journal 48 (6), pp. 1143–58.
Tyler, Tom R, Patrick E Callahan, and Jeffrey Frost. 2007. “Armed, and Dangerous (?): Motivating
Rule Adherence Among Agents of Social Control.” Law & Society Review 41 (2), pp. 457–92.
Wiener, Martin, Magnus Mährich, Ulrich Remus, and Carol Saunders. 2016. “Control Configuration
and Control Enactment in Information Systems Projects: Review and Expanded Theoretical
Framework.” MIS Quarterly 40 (3), pp. 741–74.
Woltjer, Rogier. 2017. “Workarounds and Trade-Offs in Information Security – An Exploratory
Study.” Edited by Steven Furnell. Information and Computer Security 25 (4), pp. 402–20.
Workman, Michael. 2009. “A Field Study of Corporate Employee Monitoring: Attitudes,
Absenteeism, and the Moderating Influences of Procedural Justice Perceptions.” Information and
Organization 19 (4), pp. 218–32.
Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.
top related