ISACA Journal
Volume 4, 2,014 


A Social Approach to IT Governance: Incorporating Boundary Objects 

Giuliano Pozza 

Effective IT governance is a complex equilibrium of different factors. It can be described as a recipe in which four basic ingredients (and many more if needed) are vital to sustain a productive relationship among the key actors:

  • A sound and shared IT governance framework1, 2
  • Good communication among the primary actors3
  • Some basic shared competences and leadership on the IT and business sides, sometimes referred to as “e-leadership”4
  • A set of effective boundary objects

Figure 1The first ingredient is well known and further discussion is not needed here. The communication and e-leadership themes are two key points of the e-skills policies of the European community and many other countries. The topic is complex and challenging, but it, too, is not the target here. Instead, the focus here is on the fourth ingredient: boundary objects (BOs). Everybody working with IT governance is employing tenets of different BOs whether they know it or not. How does one best use BOs and measure IT governance and BO effectiveness?

Boundary Work and Boundary Objects

The concept of boundary work is rooted in studies about the demarcation between science and nonscience.5 The concept is not new. Scientists have long struggled over the peer-to-peer communication level and the scientist-to- nonscientist communication needs. Thomas F. Gieryn, a sociologist, gives an interesting example of boundary work as a means of boundary constructions. John Tyndall, a 19th century physicist, spent a lot of time and energy defining boundaries among science, religion and engineering mechanics.6

The classical definition of BOs can be used to define the concept:

Boundary objects are objects that are both plastic enough to adapt to local needs and constraints of the several parties employing them, yet robust enough to maintain a common identity across sites. They are weakly structured in common use, and become strongly structured in individual-site use. They may be abstract or concrete. They have different meanings in different social worlds, but their structure is common enough to more than one world to make them recognizable, a means of translation. The creation and management of boundary objects is key in developing and maintaining coherence across intersecting social worlds.7

To be more specific, there are four types of BOs: repository (i.e., a library or a museum), ideal (such as a diagram or an atlas), coincident (objects with the same boundary, but different contents) and standardized. The list is not exhaustive and in many articles,8 IT itself is considered a powerful BO.

A comparison between the Museum of Vertebrate Zoology (MVZ)9 (Berkeley, California, USA) and the IT governance processes and tools used at Fondazione Don Carlo Gnocchi Onlus (Fondazione, Milan, Italy) can be used to explain why BOs can be powerful tools for IT governance.

Before illustrating the case study, a couple notes of caution: First, many of the BOs presented are commonly used in enterprise processes and are part of IT governance in the majority of companies. Second, Fondazione is not presented as a best practice, but as an example of a complex organization with many boundaries between coexisting and extremely different cultures, as in the case of MVZ. In this sense, Fondazione could be considered an interesting case for IT governance and for the study of BO in IT governance.

So Different and Yet so Similar

Fondazione and MVZ are extremely dissimilar. MVZ was founded by philanthropist Annie Montague Alexander in 1908. Alexander recommended zoologist Joseph Grinnell as museum director, a position he held until his death in 1939. The museum became a center of authority for the study of vertebrate biology and evolution on the West Coast of the US, comparable to other major natural history museums in the US.

Fondazione was founded by Don Carlo Gnocchi10 to provide care, rehabilitation and social integration for children who lost limbs in the World War II. Fondazione has gradually expanded the scope of its operations over time. In the past half century, it has mainly dealt with disabled children who have acquired or congenital pathologies and patients of all ages who require neurological, orthopedic, cardiac and respiratory care. Since the 1980s, it has expanded to assisting elderly people who cannot look after themselves and, in the past few years, terminal cancer patients.

The differences between the two institutions are evident, but there are interesting commonalities as well. Both institutions were initiated by charismatic founders with strong visions that cross borders of traditional approaches. Both have a strong need for cooperation among actors with different cultures and objectives concurring on a common vision, including scientists, professionals, physicians and volunteers.

Boundary Objects at Work

The parallels between the two institutions described lead to an interesting consideration: Since IT governance is no more and no less than a part of corporate governance11 and since MVZ experimented with highly successful corporate governance techniques based on the extensive use of BOs, could the same approach also be applied to IT governance in an institution such as Fondazione, so different and yet so similar to MVZ?

Figure 2 offers a matrix of categorization of some useful BOs.12 The matrix is clearly a nonexhaustive list of potential BOs for IT governance, based partially on objects used in the context of Fondazione and partially on the author’s experience. It is striking how many regular activities of the chief information officer (CIO) and his/her staff can be potential BOs, even if their design and their use make the difference in enabling them to be real BOs, as will be explained later. Some of the objects are truly IT governance BOs; others, such as policy and procedures and service desk, are more IT operational governance,13 closer to management than to governance of IT.

Defining and Measuring Boundary Objects

Before addressing the topic of measurements for BOs, it is important to go back to a point introduced in the previous paragraph: The way one builds and deploys the object and the interaction among different parties involved in the use of the object can make the difference between a real boundary object or simply a training or a communication event.

Going back to the original definition,14 BOs should have four attributes. They should be:

  • Plastic enough to adapt to local needs and constraints of the several parties employing them
  • Robust enough to maintain a common identity across sites
  • Weakly structured in common use, becoming strongly structured in individual-site use
  • Built with a structure that is common enough to make them a recognizable means of translation

Figure 2

The point can be clarified with two examples. The first example is about the potential BO, presentations to business unit executives about the IT strategy and plans. If the presentation is a sporadic, one-way communication exercise performed through PowerPoint slides, full of technical details obscure to the nontechnical users, there is little chance that the event will be an effective BO. In fact, business unit executives could probably not employ the information presented in their context (attribute 1), the object will likely have an identity only for the CIO or the technical community (attribute 2), it will not have individual site use on the business unit side (attribute 3), and it will not be a means of translation (attribute 4). But the same event could be handled in a completely different way. If, for example, the format of the presentation is designed or agreed upon with business unit executives in such a way that they can re-use it to update their first-line staff on IT plans and progress to improve IT/business alignment and the language is clear enough (with a lot of translation effort to avoid jargon or to translate it when necessary), the business unit and IT could use the event as a periodic, useful BO.

The second example focuses on the use of a pioneering BO, such as a novel. There are two examples available in the context of IT governance.23, 24 A novel, albeit with an IT setting, is not automatically a BO. However, if the novel has certain attributes (i.e., incorporates features of translation of IT governance concepts between words, using, for example, thematic appendices or dictionaries) and the different groups of users (IT and non-IT executives) use it as a kind of concept translation media between the two worlds, it becomes a boundary object, at least in the realm of enlightenment.

This reasoning could be extended to almost all the cited BOs. In the author’s experience, cocreation involving all the parties and feedback questionnaires/interviews are powerful tools to build and manage effective BOs. In fact, more than a user-centered design approach based on an IT understanding of business users’ cooperation needs, a cocreation methodology25 is more likely to build effective BOs. Moreover, a cocreation strategy will create a cognitive empathy, which is a powerful aid in building strong relations with business unit leaders.26

Moving to the measurement problem, it is important to distinguish two groups of measures: effort measures and outcome measures. The level of difficulty increases exponentially moving from the first group to the second. However, the real power of measuring BOs is in correlating groups of measures. The path toward effective design, deployment and monitoring of BOs for IT governance could be described in five steps:

  1. Review and categorize existing practices in IT governance, identify which ones could be defined as BOs, and eventually reshape/redesign other practices to make them effective BOs. During the categorization phase, it is important to balance BOs of different kinds, considering that to design, implement and manage effective BOs is quite expensive in terms of effort required—among IT and non-IT staff and executives. Going back to the previous example, to give a short presentation about IT plans is an easy task for most CIOs; to change it into an effective BO requires a nonnegligible effort. The point is to have the right set of BOs, no more and no less.
  2. Develop measurements on the time and resources each BO requires, at least on the IT side (if possible, also on the business side).
  3. Develop outcome measurements on general IT governance outcomes and on specific BOs.
  4. Analyze data correlating the outcome measures with the cost (effort measures).
  5. Redesign or fine-tune existing BOs, and evaluate the need to introduce new ones.

The second and third steps are of paramount importance, since without measures, the extensive use of BOs could be useless or possibly even dangerous. For example, in the Fondazione case, the IT department time sheets for 2013 were used to quantify the resources (in percent of total worked days of the IT department) used for the main potential BOs (i.e., budget, contracts, procedures, IT strategic committee, IT strategic plans, service desk, cross-organization projects, local IT operating committee, meeting with key users, presentations to business unit executives). The result is that 15.5 percent of the CIO’s first-line time and 18.7 percent of IT specialists’ time (mainly on service desk and cross-organization projects) were devoted to potential BO work.

The first step in outcome measurements in Fordazione focused on the effectiveness of service-desk BOs. It was evaluated through a survey to all IT users after one year from the service’s start-up. The results were quite positive, with the number of “very satisfied” users ranging from 33 percent to 70 percent (depending on the evaluated item).

The next step in measuring BOs focused on outcomes perceived by the business managers and executives of Fondazione. The evaluation focused on four main BOs: the IT strategic committee, the local IT operating committee, meeting with key users and presentations to business unit executives. They were, in many cases, defined and codesigned with the business leaders and were used, albeit with different levels of effectiveness, as BOs. To measure the outcomes, the IT Governance Index27 was used. Basically, the index measures the outcome on four areas:

  • Cost-effective use of IT
  • Effective use of IT for growth
  • Effective use of IT for asset utilization
  • Effective use of IT for business flexibility

Figure 3For each area, the importance for business executives/managers and the influence of IT governance were measured. The final formula combines importance and influence in a weighted score.28 The maximum score is 100; the minimum is 20. The average score for 256 enterprises was 69,29 with the top one-third scoring greater than 74. Thirteen executives/managers (coming from different business units and regions) were interviewed. They were asked to answer the questionnaire evaluating the same themes in 2011 (before the work on IT governance and BOs began), 2012 (the first year of structured IT governance approach) and 2013, during one-on-one interviews. (Of course, it must be considered that collecting data from three years in a single interview may introduce a bias.) The final result showed an increase of the IT Governance Index from 31 percent (2011) to 60 percent (2012) to 73 percent (2013).

During the interview, the perceived value of the four main BOs was measured on a scale from 1 to 4 (figure 3).

Future developments in the use of BOs in Fondazione will include:

  • Analysis of outcome and effectiveness perception of BOs from the IT specialists/managers’ side and correlation with business-side perceptions
  • Analysis of correlation between the effort and outcomes of the current BO analysis of the profile of the most relevant boundary workers in the IT department using the eCF framework30
  • Review of the BOs with stronger focus on codesign with business leaders


The concept of BOs comes from social science, specifically from the study of settings where different cultures were asked (or sometimes forced) to communicate and cooperate. One of the key issues of IT governance is the difficulty of communication and cooperation between IT and business executives/professionals, a typical example of different cultures pressed to communicate and cooperate. Moreover, many of the common-sense IT governance practices and tools are intrinsically potential BOs. Social science can inspire IT professionals to design and operate BOs more effectively, allowing IT and business cultures to communicate and cooperate successfully.


1 Holt, A. L.; Governance of IT: An Executive Guide to ISO/IEC 38500, BCS, 2013
2 International Organization for Standardization (ISO), ISO 38500, 2008,
3 Pozza, G.; “Communicating IT Governance: Does It Matter?,” ISACA Journal, April 2014
4 European Committee for Standardization (CEN), The European e-Competence Framework, 2014,
5 Gieryn, T. F.; “Boundary-Work and the Demarcation of Science from Non-Science: Strains and Interests in Professional Ideologies of Scientists,” American Sociological Review, vol. 48, no. 6, December 1983, p. 781-795
6 Ibid.
7 Star, S.; J. Griesemer; “Institutional Ecology, ‘Translations’ and Boundary Objects: Amateurs and Professionals in Berkeley’s Museum of Vertebrate Zoology,” Social Studies of Science, vol. 19, no. 3, August 1989
8 Forgues, D.; L. Koskela; A. Lejeune; “Information Technology as Boundary Object for Transformational Learning,” Journal of Information Technology in Construction, March 2009,
9 Op cit, Star and Griesemer
10 Rumi, G.; E. Bressan; Don Carlo Gnocchi. Vita E Opere Di Un Grande Imprenditore Della Carita, Mondadori, 2002,
11 Parkinson, M. J.; N.J. Baker; “IT and Enterprise Governance,” Information Systems Control Journal, vol. 3, 2005
12 Clark, W. C., et al.; “Toward a General Theory of Boundary Work: Insights From the CGIAR’s Natural Resource Management Programs,” Center for International Development at Harvard University, 2010
13 Op cit, Holt
14 Op cit, Star and Griesemer
15 Ross, J. W.; P. Weill; Enterprise Architecture As Strategy, Harvard Business School Press, 2006
16 Weill, P.; J. W. Ross; IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, 2004
17 ECDL,
18 Halamka, J. D.; “Life as a Healthcare CIO,”
19 Halamka, J. D.; Geekdoctor: Life as a Healthcare CIO, HIMSS, 2014
20 Op cit, Holt
21 Austin, R. D.; R. L. Nolan, S. O’Donnell; Adventures of an IT Leader, Harvard Business School Press, 2009
22 Pozza, G.; J.D. Halamka; The Fifth Domain, self-published on CreateSpace, 2014
23 Op cit, Austin and Nolan
24 Op cit, Pozza and Halamka
25 Sanders, E. B. N.; P.J. Stappers; “Co-creation and the New Landscapes of Design,” CoDesign: International Journal of CoCreation in Design and the Arts, vol. 4, no. 1, 2008
26 Goleman, D.; “The Focused Leader,” Harvard Business Review, December 2013
27 Op cit, Weill and Ross
28 Ibid.
29 Ibid.
30 CEN, eCF, 2014,

Giuliano Pozza, a biomedical engineer by training, is the chief information officer (CIO) of Fondazione Don Carlo Gnocchi Onlus, one of the largest social care and rehabilitation entities in Italy. Previously, Pozza worked as the CIO of Istituto Clinico Humanitas. At the beginning of his career, Pozza worked in the health care practice of consulting firm Accenture. He can be reached at


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.