association for information systems ais electronic library

Association for Information Systems Association for Information Systems

AIS Electronic Library (AISeL) AIS Electronic Library (AISeL)

Research Papers ECIS 2020 Proceedings

6-15-2020

How Control Configurations and Enactments Shape Legitimacy How Control Configurations and Enactments Shape Legitimacy

Perceptions and Compliance Intentions in IS Development Perceptions and Compliance Intentions in IS Development

Projects Projects

Roman Johann Walser Institute for Information Management and Control, [email protected]

W. Alec Cram University of Waterloo, [email protected]

Edward Bernroider WU Vienna University of Economics and Business, [email protected]

Martin Wiener TU Dresden, [email protected]

Follow this and additional works at: https://aisel.aisnet.org/ecis2020_rp

Recommended Citation Recommended Citation Walser, Roman Johann; Cram, W. Alec; Bernroider, Edward; and Wiener, Martin, "How Control Configurations and Enactments Shape Legitimacy Perceptions and Compliance Intentions in IS Development Projects" (2020). Research Papers. 151. https://aisel.aisnet.org/ecis2020_rp/151

This material is brought to you by the ECIS 2020 Proceedings at AIS Electronic Library (AISeL). It has been accepted for inclusion in Research Papers by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact [email protected].

https://aisel.aisnet.org/

https://aisel.aisnet.org/ecis2020_rp

https://aisel.aisnet.org/ecis2020

https://aisel.aisnet.org/ecis2020_rp?utm_source=aisel.aisnet.org%2Fecis2020_rp%2F151&utm_medium=PDF&utm_campaign=PDFCoverPages

https://aisel.aisnet.org/ecis2020_rp/151?utm_source=aisel.aisnet.org%2Fecis2020_rp%2F151&utm_medium=PDF&utm_campaign=PDFCoverPages

mailto:[email protected]%3E

Walser et al. /ISD Control Legitimacy and Compliance

. 1

HOW CONTROL CONFIGURATIONS AND ENACTMENTS

SHAPE LEGITIMACY PERCEPTIONS AND COMPLIANCE

INTENTIONS IN IS DEVELOPMENT PROJECTS

Research paper

Walser, Roman, Vienna University of Economics and Business, Vienna, Austria,

[email protected]

Cram, Alec, University of Waterloo, Waterloo, Canada, [email protected]

Bernroider, Edward, Vienna University of Economics and Business, Vienna, Austria,

[email protected]

Wiener, Martin, Technische Universität Dresden, Dresden, Germany,

[email protected]

Abstract

Managers choose and implement controls to promote employee behavior that contributes to IS devel-

opment (ISD) project success. Still, ISD project failure rates remain high, suggesting that project con-

trols employed are often not effective. In this regard, existing IS project control research commonly

considers how managers configure controls (in terms of control modes and degree) and enact them

(control style), whereas the role of employees’ perceptions of the legitimacy of enacted controls re-

mains largely neglected. To address this shortcoming, we conducted a vignette study with 232 partici-

pants to quantitatively test a set of hypotheses on how different control modes, degrees, and styles im-

pact employees’ legitimacy perceptions, and ultimately their compliance intentions. Our analysis re-

veals a significant impact of all three control dimensions on legitimacy perceptions. Moreover, we

identify a positive link between legitimacy perceptions and compliance intentions. To increase control

effectiveness, our results thus suggest that managers should choose and implement ISD controls in a

way that employees perceive as being just and providing them with autonomy.

Keywords: IS project control, Control configuration and enactment, Legitimacy perceptions, Compli-

ance intentions.

1 Introduction

The concept of control has been extensively studied within the context of information systems (IS)

projects, as a means to aid managers in limiting risk and improving performance (Cram et al. 2016;

Wiener et al. 2016; McAvoy and Butler 2009). Within this body of research, control is defined as any

attempt to ensure that employees act in a manner that is consistent with organizational objectives

(Choudhury and Sabherwal 2003; Henderson and Lee 1992; Kirsch 1997). However, despite extensive

controls that are often enacted by managers to guide employee behavior, IS projects still fail at an

alarming rate (Dwivedi et al. 2015; Hughes et al. 2017), leaving both researchers and practitioners

puzzled about the root causes for the chronically high failure rate. As a result, the exercise of effective

controls continues to be a top concern for Chief Information Officers (Kappelman et al. 2019).

Past research on IS control historically builds on the concept of control modes (behavior, outcome,

clan, self) (e.g. Kirsch 1996, 1997). More recently, additional conceptualizations of control activities

Twenty-Eighth European Conference on Information Systems (ECIS2020) – A Virtual AIS Conference.


. 2

have been examined, including control degree (Gregory et al. 2013) and control style (Wiener et al.

2016). These supplementary control concepts aid in clarifying the motivations of managers to choose

particular control configurations and how they go about enacting them in practice. Indeed, the majority

of IS control literature to date has been oriented around the perspective of the controller, in terms of

why managers decide to choose particular types of controls over others and how the choices drive or-

ganizational performance (Cram et al. 2016). However, as pointed out by recent commentators, such

as Cram and Wiener (2018), this approach ignores the perspective of the controllee and the impact that

IS controls have on socio-emotional aspects. Although managers may be selecting controls that they

feel are in the best interest of an IS project, they may in fact be deteriorating the morale and enthusi-

asm of the project team, which in turn contributes to poor performance. For example, one recent study

finds that controllees may demonstrate resistance behaviors associated with negative emotions caused

by shifts in a manager’s control style (Murungi et al. 2019).

A key concept that captures the perspective of the controllee is control legitimacy, which draws on

institutional theory to refer to the perception by subordinates that controls used within an organiza-

tional setting are appropriate, proper, and just (e.g. Bijlsma-Frankema and Costa 2010; Suchman 1995;

Tyler 2006). In general, past research outside of IS suggests that positive perceptions of legitimacy are

associated with adherence to organizational guidelines (Tyler and Blader 2005; Tyler et al. 2007),

while negative legitimacy perceptions are associated with reduced employee commitment (Schnedler

and Vadovic 2011; Workman 2009). From an IS project perspective, a recent qualitative study high-

lighted some initial links between control choices and control legitimacy (Cram and Wiener 2018), but

stopped short of establishing a clear link between legitimacy perceptions and employee compliance

with controls, or control effectiveness.

Against this backdrop, recent studies emphasize the continued need to increasingly clarify the role of

control legitimacy in organizational settings (Cardinal et al. 2017; Cram and Wiener 2018; Cram et al.

2017). The study at hand seeks to do so by examining the relationships between different configura-

tions and enactments of IS project controls (in terms of mode, degree, and style) and employees’ per-

ceptions of control legitimacy, as well as their intention to comply with those controls. In particular,

we pose two research questions: First, how do IS control choices by managers relate to employee per-

ceptions of control legitimacy? Second, to what extent do employee perceptions of control legitimacy

relate to compliance with IS controls? In order to address these questions, we conducted a vignette-

based survey of 232 United States-based participants with experience in IS development projects.

Two key contributions stem from this study. First, we extend the initial, qualitative inquiry of Cram

and Wiener (2018) by undertaking a larger-scale, quantitative examination of the control constructs

associated with control legitimacy. Second, we empirically examine the relationship between employ-

ee perceptions of control legitimacy with employee intentions to comply with IS controls. This rela-

tionship is of particular relevance to managers who wish to improve the compliance with their project

controls in an effort to prevent project failures.

This study is structured as follows. First, we introduce focal study concepts and develop the research

model and hypotheses. Next, we describe our methodology and present the analysis results. We con-

clude by discussing the study’s findings and contributions, including opportunities for future research.

2 Theoretical Background

Past research on control within IS projects primarily focuses on three complementary concepts: con-

trol modes, control degrees, and control styles. All three concepts are oriented around different aspects

of the control practices used by managers (controllers) in an attempt to ensure that employees (control-

lees) act in a manner that is consistent with organizational objectives. Refer to Table 1 for details on

each control concept.



. 3

2.1 Conceptualizations of IS Control Activities

The study of control modes has the most extensive history in the IS control literature and is framed

around four core dimensions: behavior, output, clan, and self-control (Kirsch 1996, 1997). Fundamen-

tally, control modes examine ‘what’ controls are being enacted by a controller (Remus et al. 2015;

Wiener et al. 2016). Behavior control and output control are commonly grouped together as formal

controls, while clan control and self-control represent informal controls (Kirsch 1997).

A more recent control concept that has emerged within the literature is control degree, which considers

the quantity and intensity of controls in place (Gregory et al. 2013). In this context, a small number of

low-intensity controls represent a relaxed degree, whereas a large number of high-intensity controls

would represent a tight degree.

Finally, a third control concept is control style, which considers how controls are enacted by a supervi-

sor. Two dimensions of control style have been identified in the literature. A unilateral style (also re-

ferred to as an authoritative style) describes a top-down management approach where the controllee

has little influence on the design or implementation of the controls. Under a unilateral style, there is

little room for deviation in how the controls are designed and assessed. In contrast, a bilateral style

(also referred to as an enabling style) increasingly relies on controller-controllee feedback and control-

lees are provided with a rationale to aid in their understanding of enacted controls.

Concept Dimensions Definition Examples References

Control

modes

Behavior

control

A supervisor who oversees the

activities of subordinate employ-

ees.

A project manager requires a project

team to employ a waterfall develop-

ment methodology.

(Choudhury

and

Sabherwal

2003;

Kirsch

1996, 1997)

Output

control

A supervisor who monitors the

level of output of subordinate

employees.

A project manager requires each de-

veloper to complete the coding tasks

assigned to them each week.

Self-control Subordinate employees who are

granted autonomy by their man-

ager to make independent deci-

sions on their own activities.

A project manager permits each de-

veloper to independently determine

the extent of testing that is required

for the code they develop.

Clan control Subordinate employees engage

in social inter-actions with other

employees in order to develop

shared values and beliefs.

A project manager arranges for a

shared team lunch on a weekly basis

to build team spirit and shared per-

spectives.

Control

degrees

Relaxed A small number of low-intensity

controls are simultaneously in

place.

A project manager requires informal

updates from project team members

during the monthly status meeting.

(Gregory et

al. 2013)

Tight A large number of high-intensity

controls are simultaneously in

place

A project manager requires detailed,

daily memos on the status of a pro-

ject, alongside updated timing and

cost projections.

Control

styles

Unilateral

(Authorita-

tive)

Controllee behavior is influ-

enced through bureaucracy and

top-down commands.

A controller unilaterally decides that

an agile development methodology

will be employed on a project.

(Gregory et

al. 2013;

Heumann et

al. 2015;

Wiener et

al. 2016)

Bilateral

(Enabling)

Controllee behavior is influ-

enced through close and frequent

interaction between controller

and controllee.

A controller implements an agile

development methodology on a pro-

ject based on several discussions

with the development team members.

Table 1. Different conceptualizations of IS control activities: Control modes, degrees, styles



. 4

2.2 Control Legitimacy

The concept of legitimacy originates from institutional theory, which considers how norms and rou-

tines guide social behavior and order within organizations (Meyer and Rowan 1977). Legitimacy re-

fers to the perception that the actions of an authority are appropriate, proper, and just (Suchman 1995;

Tyler 2006). Past commentators have recognized the importance of legitimacy in exerting influence,

building trust, and convincing subordinates that a decision is ‘correct’ (Brenner and Ambos 2013).

When applied to the context of control, legitimacy infers that employees do not automatically assume

that controls implemented by their managers are always appropriate and just, but that employees make

judgements about a control based on their beliefs (Brenner and Ambos 2013). Bijlsma-Frankema and

Costa (2010) suggest that legitimacy stems from several sources, including perceptions of justice, au-

tonomy, group identification, and competence development. In this study, we focus our examination

of legitimacy on the elements of justice (i.e., a control is viewed as fair and reasonable) and autonomy

(i.e., a control is viewed as enabling independence and individuality), as they are most closely associ-

ated with the completion of IS projects and are most consistent with Tyler’s definition of legitimacy,

which is oriented around actions that are “appropriate, proper, and just” (Tyler 2006, p. 375).

2.3 Compliance with IS Controls

Although the IS control literature has intensively investigated the factors considered by managers in

selecting controls, as well as the characteristics of the controls themselves, there has been relatively

little focus on compliance with controls within an IS development project context (Cram et al. 2016).

Other areas of IS research, such as information security, have a much more extensive tradition of ex-

amining employee compliance with controls, which incorporate various theories including deterrence

theory, the theory of reasoned action, and protection motivation theory (Cram et al. 2017, 2019). For

example, Son et al. (2011) find a relationship between perceived legitimacy and employee compliance

with IS security policies. In the same vein, Bauer and Bernroider (2017) find that personal moral justi-

fication is related with IS security policy compliance and emphasize the importance of IS controls to

be perceived as reasonable and fair.

Despite the general lack of focus in the existing IS literature on compliance with project-related con-

trols, several past studies recognize the importance and relevance of the topic to managers. For exam-

ple, where controls are appropriately adhered to during a project, organizations recognize the attain-

ment of increases in efficiency, process compliance, and quality (Gopal and Gosain 2010; Jiang et al.

2004; Kulp et al. 2006). Because the achievement of these objectives is of key importance in facilitat-

ing a successful project, our study seeks to better understand how the choice of controls is related to

control legitimacy, and ultimately to the employee’s intention to comply with those controls. We out-

line our research model and related hypotheses in the next section.

3 Research Model and Hypotheses

Based on the three dominant IS control concepts (modes, degrees, styles), as well as the concepts of

control legitimacy and compliance with IS controls, we propose a set of hypotheses to be empirically

evaluated. Our research model is outlined in Figure 1.



. 5

Figure 1. Research Model

3.1 Control Configurations/Enactments and Legitimacy Perceptions (RQ1)

Organizations typically implement a variety of controls to adjust their subordinates’ behavior (Kirsch

1997). To classify this variety of controls, researchers on IS control historically build on the concept of

control modes (behavior, outcome, clan, self) (e.g. Kirsch 1996, 1997). Previous research finds that

informal control, where authority is not formalized using a traditional bureaucratic hierarchy, is

viewed as more legitimate (Barker 1993; Cardinal et al. 2010). In the case of clan control, managers

use control mechanisms to promote the development of shared understandings and perspectives among

employees (Kirsch 1996, 1997). In doing so, the use of clan controls has the potential to enhance

communications and trust among team members, as well as reinforcing the social norms already in

place (Barker 1993; Eng et al. 2012; Kohli and Kettinger 2004). These norms play a key role in form-

ing a perception of legitimacy, where employees consider the extent that a control is fair and just

(Brenner and Ambos 2013). Successfully implemented clan control would typically result in a strong

sense of loyalty and commitment to the clan (O’Dwyer et al. 2013). Finally, self-controls allow em-

ployees to act more independently (Tiwana and Keil 2009), which can result in higher levels of em-

ployee satisfaction, motivation, and quality of work (Goldbach et al. 2018; Santana and Robey 1995).

Past research has provided preliminary insights into the relationship between control modes and con-

trol legitimacy. A study that has investigated this link in the IS literature is provided by Cram and

Wiener (2018), who conducted qualitative analysis using three cases. They find evidence of both high

and low control legitimacy with behavior controls and outcome controls, but no consistent relationship

emerged. However, in IS development practice, managers might often have the possibility to choose

controls among different control modes. To increase control legitimacy perceptions, it would be im-

portant for managers to know which control modes are perceived most legitimate. Our research model

supplements previous findings and introduces control legitimacy as an immediate outcome, which is

likely to act as mediator for compliant employee behavior (see H4). Thus, we hypothesize that:

H1: The use of informal (clan and self-) controls is associated with higher employee perceptions of

control legitimacy (in terms of justice and autonomy) in comparison to the use of formal (behavior and

outcome) controls.

Next, we consider the relationship between control degree (i.e., relaxed or tight) and control legitima-

cy. As Höffe (1995) observed in a political context, controls limit freedom of action, which is a disad-

vantage and thus requires legitimation. Taking this autonomy-limiting characteristic of control into

consideration, implementing control in a tight way in IS development would ask for even more legiti-

mation in order to avoid resistance behavior of subordinates or bypassing attempts. In a similar vein,

Gregory et al. (2013) position the use of a relaxed control degree as an approach that requires a high

level of controller-controllee trust and understanding. Within a IS development context, case study

findings by Cram and Wiener (2018) suggest that in situations where control degrees are tight, em-

ployees find controls less legitimate in comparison with situations operating on relaxed degree con-

trols. Their findings are more conclusive in terms of justice in relation to autonomy. Taken together,

there is evidence supporting the view that employees who perceive controls as providing more inde-



. 6

pendence from controllers (due to a relaxed degree) also have higher perceptions of control legitima-

cy. In contrast, we expect controls hampering the ability of employees in terms of independently doing

their work (due to a tight degree) will lead to lower legitimacy perceptions. Thus, we offer the follow-

ing hypothesis to be empirically tested with a set of four concrete control scenarios:

H2: The use of a relaxed control degree is associated with higher employee perceptions of control

legitimacy (in terms of justice and autonomy) in comparison to the use of a tight control degree.

The relationship between control style and control legitimacy focuses on the impact that the approach

used to enact a control can have on controllees. For example, when using a bilateral style, controllers

provide controllees with a rationale for the enacted controls and the opportunity to provide feedback

(Wiener et al. 2016). Chua & Myers (2018) consider the importance of this negotiation between the

controller and controllee in shaping the social and organizational structure of controls. When control-

lees can participate in such bilateral interactions, they should be more likely to influence and contrib-

ute to the design and implementation of controls, thus increasing perceptions of fairness and justice.

In contrast, controllers who utilize a unilateral style focus on the specification and communication of

controls, rather than on interactions with controllees (Wiener et al. 2016). Since controllees have little

influence on the configuration or enactment of the controls, they are more likely to view them as un-

fair and unjust. One explanation for this relationship is the negative impact on the socio-emotional

well-being of controllees (e.g. Cram et al. 2016). Wiener et al. (2016) reinforce this view by suggest-

ing that a unilateral control style may lead to negative socio-emotional feelings by controllees (e.g.

dissatisfaction), whereas a bilateral style is likely to reduce such consequences. In past qualitative re-

search investigating the relationship between control style and legitimacy in IS development, Cram

and Wiener (2018) find a relationship between a bilateral control style and high control legitimacy, as

well as between a unilateral style and low control legitimacy. Therefore, we hypothesize that:

H3: The use of a bilateral control style is associated with higher employee perceptions of control le-

gitimacy (in terms of justice and autonomy) in comparison to the use of a unilateral control style.

3.2 Control Legitimacy Perceptions and Compliance Intentions (RQ2)

Of primary practical concern to organizations is obtaining clarity on the behavioral consequences that

result from an employee who has particularly strong or weak perceptions of control legitimacy (in

terms of justice and autonomy). For example, in the context of platform control/governance, past re-

search finds that perceived autonomy is an important driver of IS developers’ continuance intentions

and quality of work. Past research that examines employee compliance intentions within the IS litera-

ture falls primarily within the study of information security policies (e.g. Cram et al. 2017, 2019). In

this body of work, the results show a positive relationship between an employee’s perception that a

control is legitimate and their intention to comply with that control, or a negative relationship with

their intention to violate the control (Posey et al. 2011; Son 2011; Bauer and Bernroider 2017). Similar

results have been found by management studies (e.g., Tyler and Blader 2005).

Likewise, Chua and Myers (2018) suggest that the enactment of controls comes with a cost in terms of

time investments (e.g., controller-controllee meetings). As employees have a limited amount of time to

dedicate to their IS project work, in cases where a controllee does not perceive a control as legitimate,

they may be more inclined to resist participating in a control or pursuing a work-around (Woltjer

2017). Similarly, Wiener et al. (2016) note that committed and motivated employees will be less in-

clined to resist controls. Based on the above considerations, we hypothesize that:

H4: Perceptions of control legitimacy positively influence an employee’s intentions to comply with the

IS project controls.



. 7

4 Methodology

To test our research model, we conducted a factorial survey (also referred to as vignette study). In the

1980s, Rossi and Anderson (1982) introduced a novel approach to uncover the principles behind hu-

man evaluations or judgements: vignette studies. By combining vignette experiments with traditional

surveys, the researchers wanted to maximize both internal and external validity. In short, vignettes are

brief, constructed descriptions of persons, objects or situations, which include a set of independent

variables that are systematically manipulated (Atzmüller and Steiner 2010). The resulting (different)

vignettes (i.e. the vignette universe) is equal to the cartesian product of the variables under investiga-

tion and all levels for these variables. The survey respondents are then presented with the vignettes

and asked for their assessment of the described situation. Vignette studies allow for the simultaneous

presentation of several situations with various explanatory and contextual factors, what makes them a

powerful method to investigate causalities of respondent judgements. Moreover, the inclusion of sev-

eral factors makes the described situations more realistic to respondents, as compared to typical sur-

veys (Atzmüller and Steiner 2010).

4.1 Vignette Preparation and Partitioning

The careful preparation of realistic and relevant vignettes can be seen as a first crucial step for con-

ducting successful vignette studies (Siponen and Vance 2014). Therefore, our author team built on the

expertise of two additional experienced researchers to optimize our vignette descriptions. For our

study, three variables were manipulated. The first variable, control mode, was manipulated in four

ways (representing either behavior, outcome, clan, or self-control). The other two variables, control

style and control degree, varied in two ways each (representing a tight or relaxed control degree and a

bilateral or unilateral control style). This resulted in a cartesian product of 16 vignettes (4 x 2 x 2). Ta-

ble 1 gives an overview of all factors and includes more detail about the respective factor levels.

To align the perception of potential survey respondents with the perception of the vignette writers, we

evaluated our vignettes with a group of 20 graduate students, majoring in IS. First, we gave the stu-

dents a short introduction to IS project control and the relevant concepts of control mode, degree and

style. Then, using five-point Likert scales, we asked the students to what extent they recognize the in-

tended control modes, degrees, and styles within the vignette descriptions. Moreover, we added text

boxes next to each Likert scale and asked them to justify all of their choices. Each of the 16 vignettes

was evaluated by at least five different students (regarding mode, degree, and style), where 1 indicated

a very good match and 5 indicated a not so good match. We calculated the resulting arithmetic means

of all students’ evaluations and created a heat map. Only five out of the 48 arithmetic means (16 vi-

gnettes with three evaluations each) were above three; that is, 43 means were below three, indicating a

good match between intended and perceived factor levels. The evaluation led to minor adaptions of

some vignettes. For instance, the control degree of one vignette was perceived more relaxed than in-

tended. In this case, we made the control tighter by increasing the control frequency.

To avoid overloading survey participants, we halved the vignette universe into two equally sized sets

of eight vignettes each. Vignette populations may be partitioned either systematically or randomly.

Given the rather low overall sum of vignettes and the suitable number of factor levels, we split the vi-

gnette universe systematically into two orthogonal and balanced sets. This means that all factor levels

and pairs of levels occur equally often in the vignette sets (Steiner et al. 2017). This approach aims to

reduce confounding of interaction effects with main effects and is recommended for rather small vi-

gnette universes (Atzmüller and Steiner 2010). Also, there was no need to eliminate any vignettes as

the number of vignettes was manageable and we could not identify implausible factor-level combina-

tions. Through maximizing variance of the factor levels while preserving orthogonality and factor bal-

ance, we arrived at a so-called D-efficient design (Dülmer 2016). D-efficient designs are preferable as

they reduce the generalized variance of the estimated parameter estimators.



. 8

4.2 Conducting the Survey

For this study, we decided to recruit respondents with experience on IS development projects on Ama-

zon Mechanical Turk (MTurk), an online crowdsourcing market (OCM). We awarded the workload of

approximately 10 to 15 minutes for completed participation with USD 2.00. Some researchers argue

that online crowd workers might not be paying full attention or highly experienced respondents may

distort results (Lowry et al. 2016). However, a recent study has shown that surveying MTurk partici-

pants leads to similar statistical conclusions as compared to students and consumer panels (Steelman et

al. 2014). Moreover, some researchers conclude that MTurk participants show even higher attentive-

ness to instructions and showed larger effects in response to a minute text manipulation compared to

traditional subject pool samples (Hauser and Schwarz 2016).

To assure that our participants read the survey instructions carefully and recognized the differences in

the vignettes, we implemented an instructional manipulation check (IMC) at the beginning of our sur-

vey, as suggested by Oppenheimer et al. (2009). Put simply, an IMC is a sort of trick question. If re-

spondents do not follow the given instructions and fail to answer the trick question correctly, it can be

assumed that they did not process the instructions carefully enough and thus should be excluded from

the survey. To further increase data validity and based on professional judgement, we also removed all

respondents who obviously rushed through the survey (i.e. participants who spent less than 20 seconds

for answering the questions regarding any of the eight vignettes presented in the survey). This is be-

cause we saw no possibility to read the vignette description and answer the related questions in less

than 20 seconds.

5 Data Analysis

Factorial surveys produce hierarchical and multilevel data (Hox et al. 1991), having variables of both

the respondent level (e.g. age, gender, nationality) and the vignette level (i.e. control mode, degree,

and style). The aim of our vignette study was to focus on the vignette level. Consequently, we limited

our analysis to the 232 respondents currently living in the USA to minimize cultural bias. We also ran

non-parametric Kruskal-Wallis tests to identify any general differences between the respondent

groups’ mean evaluations, which could be traced back to the remaining control variables (i.e. age,

gender, work experience, development methodology, company size, education). Afterwards, we per-

formed ordinal regression analyses where we included the control variables to see if they significantly

affect the parameter estimators of the respondent’s legitimacy perceptions and compliance intentions.

In our case, neither the residuals of our regression model were normally distributed (P-P/Q-Q plot

analysis and Kolmogorov-Smirnov test, p<0.001), nor was the relationship between independent and

dependent variables linear. Thus, we carried out an ordinal logistic regression using SPSS v25 to test

our hypotheses. Put simply, the ordinal regression procedure is an extension of the general linear mod-

el to ordinal categorical data (Norusis 2012), which is able to handle the ordinal scaling of dependent

variables. For the analysis of H1-3, we aggregated the 11-point Likert scales to five categories (1-2:

very low, 3-4: low, 5-7: medium, 8-9: high, 10-11: very high) in order to keep the number of empty

cells low (i.e. dependent-variable levels by combinations of predictor-variable values), as this could

seriously harm the results of the analyses (Norusis 2012).

Table 2 provides descriptive statistics on our data sample. We carried out Mann-Whitney U tests (2

variable levels) and Kruskal-Wallis tests (>2 variable levels) to assess the relevance of our socio-

demographic control variables. Those non-parametric tests for independent samples indicate whether

there are significant discrepancies between the mean answers of different respondent groups (e.g. fe-

male vs. male). From this analysis, it can be concluded that perceived control legitimacy (in terms of

justice and autonomy) is not significantly different in the groups defined by gender and work experi-

ence. However, the mean ranks for justice and autonomy are significantly different in subgroups de-

fined by age (p<0.05 and p<0.01, respectively), education (p<0.01 and p<0.05, respectively), and IS

methodology (p<0.001 for legitimacy and autonomy. Ordinal logistic regression analyses including



. 9

those test variables further revealed that neither gender, work experience, education, nor the systems

development methodology significantly influenced the parameter estimates. While setting age as a

single factor led to significant results, including it as a covariate did not help improve any of our mod-

els. Thus, we conclude that just analyzing respondents living in the USA results in a sufficiently ho-

mogenous group for our analysis of the parameter estimates.

Table 2. Survey participants’ sociodemographic information (in percent)

5.1 Control Modes and Control Legitimacy (H1)

Table 3 summarizes the analysis results for control modes as a predictor of perceived control legitima-

cy (dependent variable). Ordinal logistic regression results suggest that control modes have a signifi-

cant impact on employees’ perceived level of control legitimacy in terms of both justice and autonomy

(model fit p<0.001). To give an example, only 9.6 percent of our respondents perceived self-control as

very illegitimate, whereas 16.6 percent assessed clan control as very illegitimate (related to justice).

The parameter estimates for behavior, outcome, and clan controls are also significant (p<0.001, self-

control served as a reference category). The non-significant values of the intercepts at the medium le-

gitimacy level can be neglected because the parameter estimates for all control modes are significant

(the parameter estimates equate to the differences between the intercepts given in Table 3).

Legitimacy

Perceptions

Legitimacy Dimension: Justice Legitimacy Dimension: Autonomy

Par. Est. Prob. Wald Sig. Par. Est. Prob. Wald Sig.

Very Low

Behavior

Outcome

Clan

Self

-2.720

-2.724

-2.874

-2.243

.146

.147

.166

.096

485.0 .000

***

Behavior

Outcome

Clan

Self

-2.775

-3.004

-3,186

-2.454

.106

.130

.152

.079

538.2 .000

***

Low

Behavior

Outcome

Clan

Self

-1.663

-1.667

-1.817

-1.186

.184

.184

.198

.138

174.0 .000

***

Behavior

Outcome

Clan

Self

-1.550

-1.779

-1.961

-1,229

.182

.207

.227

.147

184.9 .000

***

Medium

Behavior

Outcome

Clan

Self

-.433

-.437

-.587

.044

.298

.298

.298

.277

0.3 .605

n.s.

Behavior

Outcome

Clan

Self

-.241

-.470

-.652

.080

.311

.316

.314

.294

0.9 .349

n.s.

High

Behavior

Outcome

Clan

Self

.738

.734

.584

1.215

.217

.217

.201

.260

175.1 .000

***

Behavior

Outcome

Clan

Self

0.937

0.708

0.526

1.258

.230

.207

.187

.259

185.2 .000

***

Very High

Behavior

Outcome

Clan

Self

-

.156

.155

.136

.229

- -

Behavior

Outcome

Clan

Self

-

.171

.141

.120

.221

- -

Model Fit-

ting Info

-2 Log Likelihood:

Chi-Square:

Sig.:

105.426

33.424

.000***

-2 Log Likelihood:

Chi-Square:

Sig.:

112.545

43.796

.000***

Table 3. Hypothesis test results: Control modes

Gender Age (years) Work Exp. (yrs) Education IS Methodology

Female

Male

Prefer not

to answer

28.4

71.1

0.4

18-24

25-34

35-44

45-54

55+

7.3

32.3

34.1

17.7

8.2

< 3

3-6

7-10

11-14

> 15

13.8

31.5

15.1

11.6

28.0

No degree

High School

Undergraduate

Postgraduate

Other

15.9

5.2

61.2

17.2

0.4

Agile

Waterfall

Hybrid

Other

42.2

16.8

37.9

3.0



. 10

Based on the data, we can thus conclude that H1 is partially supported because (informal) self-control

led to significantly higher legitimacy perceptions (this can be seen by the higher parameter estimates

of self-control in Table 3). However, this does not hold true for clan control (the other informal control

mode), which got the lowest legitimacy assessments out of the four control modes.

5.2 Control Degrees and Control Legitimacy (H2)

To test the relationship between control degrees and controllees’ level of perceived control legitimacy,

we again included the respective variables in an ordinal logistic regression model. The results (Table

4) demonstrate that the control degrees represented in the vignette descriptions had a significant im-

pact on both aspects of legitimacy. The model fitting information (p<0.01) indicates that the control

degree is a good predictor for the level of perceived legitimacy. Moreover, the parameter estimates for

the relaxed control degree are higher compared with the parameter estimates for the tight degree (see

Table 4). Additional tests (not reported) led to significant differences (p<0.01) between the parameter

estimators of relaxed and tight control degrees. Thus, control enacted in a more relaxed way indeed

resulted in significantly higher legitimacy perceptions, providing support for H2.

Table 4. Hypothesis test results: Control degrees

5.3 Control Styles and Control Legitimacy (H3)

Table 5. Hypothesis test results: Control styles

Legitimacy

Perceptions



Very Low tight

relaxed -1.649

-1.365

.161

.126 534.3

.000

***

tight

relaxed -1.895

-1.616

.131

.102 534.3

.000

***

Low tight

relaxed

-.643

-.359

.184

.158 112.2

.000

***

tight

relaxed

-.681

-.402

.203

.173 112.2

.000

***

Medium tight

relaxed

.578

.862

.296

.289 92.1

.000

***

tight

relaxed

.613

.892

.315

.308 92.1

.000

***

High tight

relaxed

1.741

2.025

.210

.238 537.5

.000

***

tight

relaxed

1.780

2.059

.207

.235 537.5

.000

***

Very High tight

relaxed -

.149

.189 - -

tight

relaxed -

.144

.182 - -

Model Fit-

ting Info

-2 Log Likelihood:

Chi-Square:

Sig.:

54.332

11.833

.001***

-2 Log Likelihood:

Chi-Square:

Sig.:

54.012

11.395

.001***

Legitimacy

Perceptions



Very Low unilat.

bilat. -1.729

-1.519

.151

.126 534.3

.000

***

unilat.

bilat. -1.889

-1.594

.131

.101 531.5

.000

***

Low unilat.

bilat.

-.682

-.472

.185

.165 112.2

.000

***

unilat.

bilat.

-.674

-.379

.207

.174 110.1

.000

***

Medium unilat.

bilat.

.535

.745

.295

.290 92.1

.000

***

unilat.

bilat.

.621

.916

.312

.306 94.3

.000

***

High unilat.

bilat.

1.697

1.907

.214

.235 537.5

.000

***

unilat.

bilat.

1.788

2.083

.207

.236 541.1

.000

***

Very High unilat.

bilat. -

.155

.184 - -

unilat.

bilat. -

.143

.183 - -

Model Fit-

ting Info

-2 Log Likelihood:

Chi-Square:

Sig.:

69.589

6.453

.011*

-2 Log Likelihood:

Chi-Square:

Sig.:

53.646

12.688

.000***



. 11

Our regression analysis regarding the link between control styles and controllees’ legitimacy percep-

tions yields significant results for both legitimacy dimensions as well (see Table 5). However, the pos-

itive relationship between a bilateral control style and perceived control legitimacy is less clear for the

justice dimension than for autonomy (model fit: p<0.05 for justice, p<0.001 for autonomy). This re-

sults in higher differences between the parameter estimates in the autonomy model compared to the

justice model. We can therefore conclude that a bilateral control style is associated with significantly

higher control legitimacy perceptions than a unilateral control style, which means that H3 is supported.

5.4 Control Legitimacy and Compliance Intentions (H4)

Finally, we analyzed how controllees’ control legitimacy perceptions shape their intention to comply

with the controls enacted (as described in the vignette descriptions). To improve the quality of the sta-

tistical analyses, we reduced the number of empty cells by further aggregating the number of levels to

3 (i.e. high, medium, low). The parameter estimates for the different legitimacy groups were signifi-

cant (p<0.001 for all, see Table 6). To give an example: from the results, we can see that subordinates

with high legitimacy perceptions (in terms of autonomy—see right table column) show much higher

intentions to comply with the enacted controls (probability of about 60%) than subordinates with a low

level of perceived autonomy (probability of about 37%).

Compliance

Intentions



Low

low

medium

high

-.2884

-3.072

-2.259

.163

.191

.095

466.2 .000

***

low

medium

high

-3.117

-2.772

-2.193

.219

.166

.100

438.4 .000

***

Medium

low

medium

high

-1.090

-1.280

-.467

.376

.395

.291

26.9 .000

***

low

medium

high

-1.327

-.982

-.403

.408

.378

.300

19.8 .000

***

High

low

medium

high

-

.461

.414

.615

- .000

***

low

medium

high

-

.373

.456

.599

- .000

***

Model Fit-

ting Info

-2 Log Likelihood:

Chi-Square:

Sig.:

91.291

57.805

.000***

-2 Log Likelihood:

Chi-Square:

Sig.:

75.871

51.222

.000***

Table 6. Hypothesis test results: Compliance intentions

Goodness-of-fit tests and Test of Parallel Lines (not reported above) in relation to H1-3 led to signifi-

cant results (p<0.01), which suggests that the models provide room for improvement. As we can see at

the medium levels, there are some ambiguities that might lead to those significant values, requiring

additional analyses. For example, looking at the justice dimension of control legitimacy, the estimates

at the medium levels are not laying between the low and high levels. To further analyze the relation-

ship between subordinates’ legitimacy perceptions and their compliance intentions, we ran non-

parametric Mann-Whitney U tests (see Table 7). The results show that, leaving out the medium levels,

the average rank for compliance intentions is significantly higher in the case of high control legitimacy

perceptions than in the case of low legitimacy perceptions (asymptotic significance p<0.001 for both

legitimacy dimensions), offering support for H4. This positive link is more pronounced for one legiti-

macy dimension (autonomy) than for the other dimension (justice).

Intention to Comply Legitimacy: Justice Legitimacy: Autonomy

N Average Rank Rank Sum N Average Rank Rank Sum

Low

High

470

550

476.8

539.3

224,113

296,597

420

526

422.8

514.0

177,594

270,337

Asymptotic Sig. .000*** .000***

Table 7. Mann-Whitney U test results for compliance intentions



. 12

6 Discussion

The study’s objective was to examine how different control configurations and enactments shape con-

trol legitimacy perceptions and compliance intentions in the specific context of IS development pro-

jects. Drawing on a vignette study with 232 participants, we find support for all hypothesized relation-

ships (except for one hypothesis, H1, which is only partially supported). On this basis, our study

makes several important contributions to the IS project control literature. The first contribution lies in

quantitatively analyzing the relationships between three focal control concepts commonly used to de-

scribe IS project control activities—namely, control modes and degrees (configurations) and control

styles (enactments)—and subordinates’ perceptions of control legitimacy (in terms of justice and au-

tonomy), thereby supplementing and extending prior (qualitative) research in the area (e.g., Cram and

Wiener 2018). In particular, with regard to the impact of control modes on legitimacy perceptions

(H1), we find that self-control (an informal control mode) is perceived to be the most legitimate mode,

whereas the other informal control, clan control, is perceived to be the least legitimate mode, in terms

of both justice and autonomy. The two formal control modes (behavior and outcome control) are

found to be associated with similar legitimacy perceptions, falling in between those of clan and self-

control. Our study results thus confirm, and at the same time contrast, the case study findings by Cram

and Wiener (2018), who find that informal controls in general are perceived to be more legitimate than

formal controls. Regarding the link between different control degrees and subordinates’ legitimacy

perceptions (H2), our study confirms the qualitative findings by Cram and Wiener (2018), which sug-

gest that a relaxed degree increases control legitimacy perceptions, whereas a tight degree decreases

such perceptions. Our semi-quantitative analysis shows that these relationships are significant for both

of the legitimacy dimensions we studied (i.e. justice and autonomy). In addition, our study adds new

insights to the extant body of knowledge by quantitatively assessing the importance of control degree

(relative to control mode) in predicting control legitimacy perceptions. This can be seen at the differ-

ences between the parameter estimates. For example, with a difference of 0.284, control degree had a

lower impact on legitimacy perceptions than control modes, which showed differences in the parame-

ter estimates of up to 0.631 (clan control vs. self-control). Similarly, with regard to the link between

the two basic control styles (unilateral vs. bilateral) and subordinates’ legitimacy perceptions (H3), our

study findings are largely in line with the case-study findings of Cram and Wiener (2018). Specifical-

ly, our study findings confirm that a bilateral (enabling) control style leads to greater perceptions of

justice and autonomy than a unilateral (authoritative) control style. However, contrasting earlier re-

search, our analysis results suggest that, when compared to the other two focal control concepts under

investigation (i.e. control modes and degrees), control styles have the lowest (though still a significant)

impact on control legitimacy perceptions.

A second and related study contribution concerns the link between subordinates’ legitimacy percep-

tions of enacted controls and their intention to comply with those controls. In IS security policy litera-

ture, various studies exist that find a link between legitimacy perceptions and compliance intentions

(e.g., Son 2011; Hu et al. 2012). However, at this point, we are not aware of any studies in the IS pro-

ject control literature that have empirically analyzed this link. Our study therefore contributes to this

literature by providing empirical support for the positive relationship between control legitimacy per-

ceptions and compliance intentions in the specific context of IS development projects. Here, our re-

sults point to an interesting pattern; in particular, they suggest that subordinates’ perceptions of auton-

omy appear to be more important for compliance intentions than their justice perceptions.

Another potentially important contribution of our study lies in expanding the methodological ‘toolbox’

of IS project control research. In particular, while extant research in the area shows a strong focus on

qualitative case studies and quantitative field surveys (Wiener et al. 2016), the study at hand uses a

semi-quantitative vignette study design, which aims at combining the strengths of both qualitative and

quantitative approaches. By doing so, our findings are likely to come with higher internal and external

validity (Auspurg and Hinz 2014).



. 13

Finally, shedding light on the antecedents and consequences of control legitimacy perceptions, the re-

sults of our study also have some important implications for managers. In particular, configuring and

enacting IS project controls in a way that is perceived to be legitimate by subordinates is important for

two main reasons: First, extant research finds that controls can have both positive and negative effects

on subordinates’ socio-emotional state (Fitzgerald 1996; Santana and Robey 1995). Consequently,

managers are well advised to select and enact controls that maximize factors such as job satisfaction,

motivation, and creativity. Second, as noted above, our study provides empirical support for the link

between subordinates’ legitimacy perceptions of enacted controls and their intentions to comply with

those controls. The results of our study thus serve as a reminder to managers that they need to config-

ure and enact controls with an eye toward subordinates’ justice and autonomy perceptions in order to

avoid (active) resistance behavior, on one hand, and to increase compliance intentions and thus control

effectiveness, on the other hand.

6.1 Limitations and Future Research

The results and contributions of our study should be interpreted with some limitations in mind. Several

of these limitations also present promising opportunities for future research. First, for the vignette

study, we had to prepare simplified descriptions of control situations as they may occur in real-life IS

development projects. Although we put considerable efforts in formulating, testing, and refining the

vignettes in order to ensure that they accurately represent the control concepts studied in our research,

some of the study participants might still have misinterpreted them, potentially biasing the results.

Second, our study focused on two key dimensions of control legitimacy, namely, justice and autono-

my. Here, future research may want to consider group identification and competence development as

two additional sources of legitimacy, as also suggested by Bijlsma-Frankema and Costa (2010). More-

over, studies in the context of security policies, such as the one by Son (2011), suggest that there

might be other factors that shape subordinates’ willingness to comply with controls/policies, including

an employee’s perceived value congruence with her or his manager.

Finally, our study measured subordinates’ compliance intentions. Also, while asking study participants

about their level of understanding (or empathy) for our vignette protagonist’s non-compliance with the

controls described is a good way to reduce social desirability bias, actual behaviors might still deviate

from mere compliance intentions. Thus, another interesting opportunity for further research would be

trying to measure participants’ actual compliance with enacted controls. In this regard, a field experi-

ment could be a promising approach to measure how subordinates will actually behave.

7 Conclusion

IS projects are continuing to fail at an alarmingly high rate, suggesting that project controls are often

not configured and enacted in an effective manner. Against this backdrop, the overarching goal of this

study was to shed light on the impact of different IS project control configurations (in terms of modes

and degrees) and control enactments (styles) on subordinates’ legitimacy perceptions, and ultimately

on their compliance intentions. To reach this goal, we conducted a vignette study with 232 participants

from the US and then used ordinal logistic regression to analyze our data sample and test our research

model. The analysis results provide strong support for the hypothesized relationships. In particular,

they suggest that self-control (informal control mode), a relaxed control degree, and a bilateral control

style are significantly associated with high perceptions of control legitimacy, and that control modes in

general represent the strongest predictor of subordinates’ legitimacy perceptions. In addition, our study

offers empirical support for a direct and significantly positive relationship between control legitimacy

perceptions and compliance intentions. With this study, we thus contribute to the growing body of re-

search on the antecedents and consequences of control legitimacy perceptions, thereby also providing

managers with guidance on how to configure and enact “legit” controls that are perceived by IS pro-

ject team members as being just and autonomy-preserving.



. 14

References

Atzmüller, Christiane, and Peter M. Steiner. 2010. “Experimental Vignette Studies in Survey

Research.” Methodology 6 (3), pp. 128–38.

Auspurg, Katrin, and Thomas Hinz. 2014. Factorial Survey Experiments. Series Quantitative

Applications in the Social Sciences No. 175. Edited by SAGE.

Barker, James R. 1993. “Tightening the Iron Cage: Concertive Control in Self-Managing Teams.”

Administrative Science Quarterly 38 (3), pp. 408–37.

Bauer, Stefan, and Edward W.N. Bernroider. 2017. “From Information Security Awareness to

Reasoned Compliant Action.” ACM SIGMIS Database: The DATABASE for Advances in

Information Systems 48 (3), pp. 44–68.

Bijlsma-Frankema, Katinka M., and Ana Cristina Costa. 2010. “Consequences and Antecedents of

Managerial and Employee Legitimacy Interpretations of Control: A Natural Open System

Approach.” In Organizational Control, edited by Sim B Sitkin, Laura B. Cardinal, and Katinka

M. Bijlsma-Frankema, 396–433. Cambridge: Cambridge University Press.

Brenner, Barbara, and Björn Ambos. 2013. “A Question of Legitimacy? A Dynamic Perspective on

Multinational Firm Control.” Organization Science 24 (3), pp. 773–95.

Cardinal, Laura B., Markus Kreutzer, and C. Chet Miller. 2017. “An Aspirational View of

Organizational Control Research: Re-Invigorating Empirical Work to Better Meet the Challenges

of 21st Century Organizations.” Academy of Management Annals 11 (2), pp. 559–92.

Cardinal, Laura B., Sim B. Sitkin, and Chris P. Long. 2010. Organizational Control. Edited by Sim B

Sitkin, Laura B. Cardinal, and Katinka M. Bijlsma-Frankema. Organizational Control.

Cambridge: Cambridge University Press.

Choudhury, Vivek, and Rajiv Sabherwal. 2003. “Portfolios of Control in Outsourced Software

Development Projects.” Information Systems Research 14 (3), pp. 291–314.

Cram, W. Alec, Kathryn Brohman, and R. Brent Gallupe. 2016. “Information Systems Control: A

Review and Framework for Emerging Information Systems Processes.” Journal of the

Association for Information Systems 17 (4), pp. 216–66.

Cram, W. Alec, John D’Arcy, and Jeffrey G. Proudfoot. 2019. “Seeing the Forest and the Trees: A

Meta-Analysis of the Antecedents to Information Security Policy Compliance.” MIS Quarterly

43 (2), pp. 525–54.

Cram, W. Alec, Jeffrey G. Proudfoot, and John D’Arcy. 2017. “Organizational Information Security

Policies: A Review and Research Framework.” European Journal of Information Systems 26 (6),

pp. 605–41.

Cram, W. Alec, and Martin Wiener. 2018. “Perceptions of Control Legitimacy in Information Systems

Development.” Information Technology & People 31 (3), pp. 712–40.

Dülmer, Hermann. 2016. “The Factorial Survey.” Sociological Methods & Research 45 (2), pp. 304–

47.

Dwivedi, Yogesh K., David Wastell, Sven Laumer, Helle Zinner Henriksen, Michael D. Myers,

Deborah Bunker, Amany Elbanna, M. N. Ravishankar, and Shirish C. Srivastava. 2015.

“Research on Information Systems Failures and Successes: Status Update and Future

Directions.” Information Systems Frontiers 17 (1), pp. 143–57.

Eng, Cecil, Wee-Kiat Lim, Christina Soh, and Siew Kien. 2012. “Enacting Clan Control in Complex It

Projects: A Social Capital Perspective.” MIS Quarterly 36 (2), pp. 577–600.

Fitzgerald, Brian. 1996. “Formalized Systems Development Methodologies: A Critical Perspective.”

Information Systems Journal 6 (1), pp. 3–23.

Goldbach, Tobias, Alexander Benlian, and Peter Buxmann. 2018. “Differential Effects of Formal and

Self-Control in Mobile Platform Ecosystems: Multi-Method Findings on Third-Party

Developers’ Continuance Intentions and Application Quality.” Information & Management 55

(3), pp. 271–84.

Gopal, Anandasivam, and Sanjay Gosain. 2010. “The Role of Organizational Controls and Boundary

Spanning in Software Development Outsourcing: Implications for Project Performance.”

Information Systems Research 21 (4), pp. 960–82.



. 15

Gregory, Robert Wayne, Roman Beck, and Mark Keil. 2013. “Control Balancing in Information

Systems Development Offshoring Projects.” MIS Quarterly 37 (4), pp. 1211–32.

Hauser, David J., and Norbert Schwarz. 2016. “Attentive Turkers: MTurk Participants Perform Better

on Online Attention Checks than Do Subject Pool Participants.” Behavior Research Methods 48

(1), pp. 400–407.

Henderson, John C., and Soonchul Lee. 1992. “Managing I/S Design Teams: A Control Theories

Perspective.” Management Science 38 (6), pp. 757–77.

Heumann, Jakob, Martin Wiener, Ulrich Remus, and Magnus Mähring. 2015. “To Coerce or to

Enable? Exercising Formal Control in a Large Information Systems Project.” Journal of

Information Technology 30 (4), pp. 337–51.

Höffe, Ottfried. 1995. Political Justice: Foundations for a Critical Philosophy of Law and the State.

Polity Press.

Hox, Joop J., Ita G.G. Kreft, and Piet L.J. Hermkens. 1991. “The Analysis of Factorial Surveys.”

Sociological Methods & Research 19 (4), pp. 493–510.

Hu, Qing, Tamara Dinev, Paul Hart, and Donna Cooke. 2012. “Managing Employee Compliance with

Information Security Policies: The Critical Role of Top Management and Organizational

Culture*.” Decision Sciences 43 (4), pp. 615–60.

Huang Chua, Cecil Eng, and Michael D. Myers. 2018. “Social Control in Information Systems

Development: A Negotiated Order Perspective.” Journal of Information Technology 33 (3), pp.

173–87.

Hughes, D. Laurie, Nripendra P. Rana, and Antonis C. Simintiras. 2017. “The Changing Landscape of

IS Project Failure: An Examination of the Key Factors.” Journal of Enterprise Information

Management 30 (1), pp. 142–65.

Jiang, James J., Gary Klein, Hsin-Ginn Hwang, Jack Huang, and Shin-Yuan Hung. 2004. “An

Exploration of the Relationship Between Software Development Process Maturity and Project

Performance.” Information & Management 41 (3), pp. 279–88.

Kappelman, Leon, Russell Torres, Ephraim McLean, Chris Maurer, Vess Johnson, and Kevin Kim.

2019. “The 2018 SIM IT Issues and Trends Study.” MIS Quarterly Executive 18 (1), pp. 53–88.

Kirsch, Laurie J. 1996. “The Management of Complex Tasks in Organizations: Controlling the

Systems Development Process.” Organization Science 7 (1), pp. 1–21.

———. 1997. “Portfolios of Control Modes and IS Project Management.” Information Systems

Research 8 (3), pp. 215–39.

Kohli, Rajiv, and William Kettinger. 2004. “Informating the Clan: Controlling Physicians’ Costs and

Outcomes.” MIS Quarterly 28 (3), pp. 363–94.

Kulp, Susan L, Taylor Randall, Gregg Brandyberry, and Kevin Potts. 2006. “Using Organizational

Control Mechanisms to Enhance Procurement Efficiency: How GlaxoSmithKline Improved the

Effectiveness of E-Procurement.” Interfaces 36 (3), pp. 209–19.

Lowry, Paul Benjamin, John D’Arcy, Bryan Hammer, and Gregory D. Moody. 2016. “‘Cargo Cult’

Science in Traditional Organization and Information Systems Survey Research: A Case for

Using Nontraditional Methods of Data Collection, Including Mechanical Turk and Online

Panels.” The Journal of Strategic Information Systems 25 (3), pp. 232–40.

McAvoy, John, and Tom Butler. 2009. “The Dilution of Effort in Self-Evaluating Development

Teams: Agile Loafing.” Electronic Journal of Information Systems Evaluation 12 (2), pp. 161–

71.

Meyer, John, and Brian Rowan. 1977. “Institutionalized Organizations: Formal Structure as Myth and

Ceremony.” American Journal of Sociology 83 (2), pp. 340–63.

Murungi, David, Martin Wiener, and Marco Marabelli. 2019. “Control and Emotions: Understanding

the Dynamics of Controllee Behaviours in a Health Care Information Systems Project.”

Information Systems Journal, no. January (February), pp. 1–25.

Norusis, Marija. 2012. “Ordinal Regression.” In IBM SPSS Statistics 19 Advanced Statistical

Procedures Companion, 1:69–89. Prentice Hall.

O’Dwyer, Orla, Kieran Conboy, and Michael Lang. 2013. “A Conceptual Framework for

Understanding Clan Control in Isd Project Teams.” ECIS 2013 - Proceedings of the 21st



. 16

European Conference on Information Systems.

Oppenheimer, Daniel M., Tom Meyvis, and Nicolas Davidenko. 2009. “Instructional Manipulation

Checks: Detecting Satisficing to Increase Statistical Power.” Journal of Experimental Social

Psychology 45 (4), pp. 867–72.

Posey, Clay, Rebecca J Bennett, Tom L Roberts, and Paul Benjamin Lowry. 2011. “When Computer

Monitoring Backfires.” Journal of Information System Security 7 (1), pp. 24–47.

Remus, Ulrich, Martin Wiener, Magnus Mähring, Carol Saunders, and Alec Cram. 2015. “Why Do

You Control? The Concept of Control Purpose and Its Implications for Is Project Control

Research.” 36th International Conference on Information Systems (2015), 1–19.

Rossi, Peter, and Andy Anderson. 1982. “The Factorial Survey Approach: An Introduction.” In

Measuring Social Judgments: The Factorial Survey Approach, 1–25. Beverly Hills: SAGE

Publications Inc.

Santana, Martin, and Daniel Robey. 1995. “Perceptions of Control During Systems Development:

Effects on Job Satisfaction of Systems Professionals.” Computer Personnel 16 (1), pp. 20–34.

Schnedler, Wendelin, and Radovan Vadovic. 2011. “Legitimacy of Control.” Journal of Economics &

Management Strategy 20 (4), pp. 985–1009.

Siponen, Mikko, and Anthony Vance. 2014. “Guidelines for Improving the Contextual Relevance of

Field Surveys: The Case of Information Security Policy Violations.” European Journal of

Information Systems 23 (3), pp. 289–305.

Son, Jai-Yeol. 2011. “Out of Fear or Desire? Toward a Better Understanding of Employees’

Motivation to Follow IS Security Policies.” Information & Management 48 (7), pp. 296–302.

Steelman, Zachary R, Bryan I. Hammer, and Moez Limayem. 2014. “Data Collection in the Digital

Age: Innovative Alternatives to Student Samples.” MIS Quarterly 38 (2), pp. 355–78.

Steiner, Peter M., Christiane Atzmüller, and Dan Su. 2017. “Designing Valid and Reliable Vignette

Experiments for Survey Research: A Case Study on the Fair Gender Income Gap.” Journal of

Methods and Measurement in the Social Sciences 7 (2), pp. 52–94.

Suchman, Mark C. 1995. “Managing Legitimacy: Strategic and Institutional Approaches.” The

Academy of Management Review 20 (3), pp. 571–610.

Tiwana, Amrit, and Mark Keil. 2009. “Control in Internal and Outsourced Software Projects.” Journal

of Management Information Systems 26 (3), pp. 9–44.

Tyler, Tom R. 2006. “Psychological Perspectives on Legitimacy and Legitimation.” Annual Review of

Psychology 57 (1), pp. 375–400.

Tyler, Tom R., and Steven L. Blader. 2005. “Can Businesses Effectively Regulate Employee

Conduct? The Antecedents of Rule Following in Work Settings.” Academy of Management

Journal 48 (6), pp. 1143–58.

Tyler, Tom R, Patrick E Callahan, and Jeffrey Frost. 2007. “Armed, and Dangerous (?): Motivating

Rule Adherence Among Agents of Social Control.” Law & Society Review 41 (2), pp. 457–92.

Wiener, Martin, Magnus Mährich, Ulrich Remus, and Carol Saunders. 2016. “Control Configuration

and Control Enactment in Information Systems Projects: Review and Expanded Theoretical

Framework.” MIS Quarterly 40 (3), pp. 741–74.

Woltjer, Rogier. 2017. “Workarounds and Trade-Offs in Information Security – An Exploratory

Study.” Edited by Steven Furnell. Information and Computer Security 25 (4), pp. 402–20.

Workman, Michael. 2009. “A Field Study of Corporate Employee Monitoring: Attitudes,

Absenteeism, and the Moderating Influences of Procedural Justice Perceptions.” Information and

Organization 19 (4), pp. 218–32.


association for information systems ais electronic library

Documents