Normalized Dysfunction: The Persistence of ICT Governance Failure in a Highly Regulated Public Sector
https://doi.org/10.17747/2618-947X-2025-4-316-325
Abstract
Public-sector ICT environments are typically characterized by dense governance architectures intended to ensure accountability, compliance, and effective oversight. In South Africa, this architecture includes statutory financial management legislation, treasury regulations, audit regimes, and corporate governance codes that collectively prescribe how information systems should be governed. Despite this extensive framework, ICT governance failures continue to recur across public-sector organizations, appearing consistently in audit outcomes and practitioner accounts. Rather than being isolated breakdowns, such failures often persist across reporting cycles and leadership changes. This study examines how ICT governance failure becomes normalized and sustained over time in a highly regulated public-sector context. Drawing on qualitative interviews with 55 government information technology officers across national, provincial, and local government, the analysis shifts attention from why governance fails to how failure is accommodated within everyday organizational practice. The findings show that governance failure is routinely treated as an expected and manageable condition, absorbed through audit rituals, ceremonial governance structures, layered accountability arrangements, and the delegation of governance responsibility to technical units. These practices allow organizations to maintain procedural legitimacy while leaving underlying governance deficiencies largely unaddressed. By conceptualising governance failure as a socially produced and institutionally sustained outcome, the study extends institutional and governance-as-practice perspectives in ICT governance research. A system or process that is far from perfect is still able to function efficiently, provided that the necessary procedures are implemented correctly. This demonstrates that a system can accomplish routine tasks despite its flaws. Prior research highlights the difficulty of implementing and sustaining ICT governance in heavily regulated public sector environments. In these areas ICT reform projects have been repeatedly initiated yet have failed to deliver the expected outcomes. In practice, the results can be used to inform diagnostic and risk-focused evaluations of ICT governance by assisting public-sector organizations in recognizing when governance arrangements are perpetuating, rather than resolving, chronic dysfunction.
About the Authors
A. LatchuRussian Federation
PhD candidate, University of South Africa (UNISA), (Pretoria, South Africa). ORCID: 0000-0002-5458-2072.
Research interests: information systems, risk, and strategy, public sector information systems, corporate governance in South Africa.
S. Singh
Russian Federation
Competing Interests:
PhD, associate professor, School of Computing, University of South Africa (Pretoria, South Africa). ORCID: 0000-0001-5038-0724; Researcher ID: N-3092-2014; Scopus Author ID: 56111550100.
Research interests: crime, migration, diaspora studies, feminism and gender issues, criminal justice system.
References
1. Ayat S., Farajkhah S. (2014). Relation of CIO roles, IT and business alignment, and organizational performance. Journal of Mathematics and Computer Science, 9(2): 123-132. https://doi.org/10.22436/jmcs.09.02.05.
2. Brunsson N. (2002). The organization of hypocrisy: Talk, decisions and actions in organizations. 2nd ed. Copenhagen, Copenhagen Business School Press.
3. Consolidated general report on national and provincial audit outcomes 2021/22 (2022). Auditor-General South Africa (AGSA). https://www.agsa.co.za/Reporting/AnnualReport.aspx.
4. Corporate governance of ICT policy framework (CGICTPF) (2012). Republic of South Africa. Department of Public Service and Administration (DPSA). https://www.gov.za/documents/corporate-governance-ict-policy-framework.
5. Fareed M.Z., Su Q. (2022). Project governance and project performance: The moderating role of top management support. Sustainability, 14(5): 2516. https://doi.org/10.3390/su14052516.
6. Ferguson C.S. (2019). Assessing the KING IV corporate governance report in relation to business continuity and resilience. Journal of Business Continuity & Emergency Planning, 13(2): 174-185. https://pubmed.ncbi.nlm.nih.gov/31779744/.
7. Hwang M. (2019). Top management support and information systems implementation success: A meta-analytical replication. International Journal of Information Technology and Management, 18(2/3): 133-154. https://doi.org/10.1504/IJITM.(2019.103050.
8. King IV report on corporate governance for South Africa (2016). Institute of Directors in Southern Africa (IODSA). https://www.iodsa.co.za/page/king-iv.
9. Latchu A. (2022). Exploration of corporate governance challenges in public sector information systems: An Auditor-General perspective. In: Proceedings of the 18th European Conference on Management Leadership and Governance (ECMLG): 465-472. https://doi.org/10.34190/ecmlg.18.1.828.
10. Latchu A., Singh S. (2024a). Exploring factors hindering performance of information systems in the South African public sector - evidence from the Zondo Commission. System Analysis and Applied Information Science, 3: 5-11. https://doi.org/10.21122/2309-4923-(2024-3-5-11.
11. Latchu A., Singh S. (2024b). Management decision making in public administration information systems in South Africa: The role of the Auditor General. Strategic Decisions and Risk Management, 15(2): 164-175. https://doi.org/10.17747/2618-947X-(2024-2-164-175.
12. Latchu A., Singh S. (2025a). Navigating ICT governance in South Africa’s provincial administrations - insights from the GITO at the offices of the premier. System Analysis and Applied Information Science, 3: 17-28. https://doi.org/10.21122/2309-4923-(2025-3-17-28.
13. Latchu A., Singh S. (2025b). Reaping the benefits: How corporate governance enhances ICT governance in the South African public sector - Insights for developing nations. Strategic Decisions and Risk Management, 16(3): 228-239. https://doi.org/10.17747/2618-947X-(2025-3-228-239.
14. Latchu A., Singh S. (2025c). Reimagining digital transformation in South Africa: Lessons from e-government systems and governance challenges for startup-driven e-government. In: Mishra D., Kumar R., Abdul Hamid A. (eds.). Startup-driven e-government: Digital innovation for sustainable ecosystems. Hershey, PA, IGI Global Scientific Publishing: 307-344. https://doi.org/10.4018/979-8-3373-0817-3.ch012.
15. Masilela L., Nel D. (2021). The role of data and information security governance in protecting public sector data and information assets in national government in South Africa. African Public Service Delivery & Performance Review, 9(1). https://journals.co.za/doi/abs/10.4102/apsdpr.v9i1.385.
16. Meyer J.W., Rowan B. (1977). Institutionalized organizations: Formal structure as myth and ceremony. American Journal of Sociology, 83(2): 340-363. https://doi.org/10.1086/226550.
17. Phahlane M.M. (2023). An institutional perspective of CGICTPF implementation in the public sector. In: Proceedings of the International Conference on Public Administration and Development: 150-159. https://www.irma-international.org/viewtitle/332314/?isxn=9798369304587.
18. Power M. (1997). The audit society: Rituals of verification. Oxford, Oxford University Press.
19. Public Finance Management Act (Act No. 1 of 1999) (1999). National Treasury. https://www.gov.za/documents/public-finance-management-act.
20. Treasury regulations for departments, constitutional institutions and public entities (PFMA) (2000). National Treasury. https://www.treasury.gov.za/legislation/pfma/default.aspx.
21. Treasury regulations for departments, trading entities, constitutional institutions and public entities (issued in terms of the PFMA) (2012). National Treasury. https://www.treasury.gov.za/legislation/pfma/regulations.aspx.
Review
For citations:
Latchu A., Singh S. Normalized Dysfunction: The Persistence of ICT Governance Failure in a Highly Regulated Public Sector. Strategic decisions and risk management. 2025;16(4):316-325. https://doi.org/10.17747/2618-947X-2025-4-316-325


































