Strategic portfolio of IT projects at universities: A systematic and non-conventional literature review

One of the most accepted review methods in the scientific community is the Systematic Literature Review (SLR). A SLR process allows determining the interest of the scientific community in the subject matter of the preliminary research, the type of research and the areas of knowledge to which the topic is more related, among other aspects. For our research, we need to determine the scientific basis of the portfolio of information technology (IT) project, as initial good practice for the implementation of an IT governance culture. Universities have been specifically selected as the type of organization in the communities that have developed formal processes and good practices for the implementation of IT governance. In addition to the SLR, a review was carried out based on non-conventional literature from repositories of prestigious professional organizations and universities. It is concluded that the portfolio of IT projects is a good practice of IT governance and that there is an interest from the scientific community. From this analysis, it is clear that there are works in both the area of Computer Science and the Administration of Organizations.


Introduction
Universities have adopted Information Technology (IT) within administrative and academic processes. The question at this time is whether its use is adequate, that is, if IT has been acquired under an analysis of needs, if studies have been carried out to observe its benefits and possible risks when implemented, and especially if they have generated institutional value. The question of whether the technologies are aligned with the objectives of the organization and whether they are prioritized by top university management are aspects that have almost never been analyzed. Specific indicators are needed to confirm that IT is being used properly. A culture of IT governance can answer these questions.

IT Governance and Portfolio of IT Projects
Incorporating properly the IT in the University will dynamize its processes and allow them to fulfill its mission (González, Arango, Vásquez and Ospina, 2015). If universities do not get IT to create value, they will lose competitive advantage. Universities carry out studies to assess this issue, such as the UniversiTIC reports (Analysis of IT in Spanish Universities) (Gómez, Jiménez, Gumbau and Llorens, 2016), which evolved so that, in addition to being a catalog of available technologies in universities, they collect characteristics of IT governance models. As a complement to the detailed inventory of IT deployed in Spanish universities, good practices in IT management are analyzed, addressing the optimization of IT resources, portfolio of IT projects, IT services, IT management, quality, regulations and IT standards and collaboration (Fernández, Llorens and Hontoria, 2015). In a dynamic and unpredictable environment, organizations, and therefore universities, are threatened by major changes, especially technological ones (Sierra, 2012). The use of technology and the management of IT projects become a key aspect for them. To develop a strategic role in the business, the IT organization needs to move from being an order-taker to becoming a business partner integrated with the rest of the company's activities, thus ceasing to be a set of tangible and intangible elements to become the strategic ally of the organization.
One of the most difficult questions to answer is how an organization can implement a governance culture of IT in a practical way. Management teams are adopting principles of IT governance. According to Delgado, Marcilla, Calvo-Manzano and Fernández-Vicente (2012), "IT governance encompasses a set of good practices that facilitate new opportunities for improvement in organizations". One of the best practices that can be applied in relation to the acquisition principle is the implementation of a portfolio of IT projects (Fernández, Hontoria and Llorens, 2014). The portfolio of technological projects is the concrete expression of the company's technological strategy. In what and how resources are spent tells us a lot about the strategic priorities of a company, no matter they are explicit or not. Organizations must use IT portfolio management techniques to ensure that programs (a set of related IT projects) are aligned with strategic objectives (ISACA, 2013). The need to govern IT is a consequence of two strategic factors: the needs of the business and the maturity of the company (Juiz and Toomey, 2015). As shown in Toomey (2009), in addition to technology, we must consider people, processes and structure to understand the IT governance. According to Laita and Belaissaoui (2017), the IT governance aims to ensure that IT expectations and achievements are aligned with organizational objectives and that the associated risks are under control. There must be a strategic alignment between the use of IT and the achievement of business goals, both from the public or private sectors. Governing IT today is not a choice, and the Strategic Portfolio of IT Projects is a good practice that can help us with its implementation. And what gaps remain to be filled or research to be made? The Systematic Literature Review (SLR) is an important contribution as a mechanism to collect, organize, evaluate and synthesize all the available evidence regarding a topic of interest, either to improve the current practice or to suggest new research directions. A systematic literature review aims to exhaustively identify all the relevant studies, to answer a question or several research questions, and assess the validity or solidity of each study, keeping this in mind when drawing conclusions (Ferreras, 2016;Sánchez-Meca, 2010;Brettle, 2003). A systematic review is the selection of documents whose origin is the databases of scientific research, such as Scopus and Web of Science (WoS), among others. The individual studies that contribute to the SLR are called primary studies. In this paper, we will base on the group of SLR activities proposed by Kitchenham, Mendes and Travassos (2007), which is the most used in Software Engineering and Information Systems (Chai, Liu and Ngai, 2013).

Non-conventional literature
The results of a research are published in journals, conference proceedings, monographs, theses and reports. The type of publication is very diverse and the access to publications in many cases is not simple or public. Ferreras (2016) affirms that the Internet and the Web have managed to solve these problems under the new scheme of digital journals that have become popular due to their characteristics and versatility. But this new scenario also opens a new way of dissemination to other types of research literature, such as doctoral theses, that is fundamental in scientific research and, therefore, essential in its communication. For this reason, any type of content or publication on the web can be, in theory, open access and can be digitized and put online without economic barriers or permits for reuse. PhD theses are a fundamental element in the development of research and represent an important milestone in the academic career of those who perform this work. In addition, as the objective is to find out if there is research on good governance practices of IT in Universities, due to the nature of the topic we cannot ignore the sources from professional associations (Cesare, Luzi and Ruggieri, 2008;Sondergaard, Andersen and Hjorland, 2003).

Methodology
According to Genero, Cruz-Lemus and Piattini (2014), and Kitchenham et al. (2007), the need for a SLR arises from carefully summarizing all the relevant information on a specific topic of interest. Based on Kitchenham et al. (2007), we structure our systematic review in three phases: plan, do and report (Table 1).
phase. In our work, this planning applies not only to the search of scientific databases, but also to the search of nonconventional literature. Activity 2 consists in formulating the research questions. As stated by Genero et al. (2014), the specification of research questions is the most important aspect of any systematic review, since the questions will direct the entire process. Subsequently, the definition of the protocol of the review is addressed (activity 3). According to Kitchenham et al. (2007), a SLR protocol is a formal plan to carry out the systematic review, which should reduce the possibility of bias. In this activity, the search and data extraction strategy is created. The elements to consider are: justify the relevance of the need to carry out the review; include research questions previously defined; and establish the search strategy, defining the search string, period and sources (Genero et al., 2014).  Genero et al. (2014) also state that it is advisable to define initial search strings and apply them in some source to detect in the titles or summaries if in fact they are contributing to the objectives of the SLR. Regarding the sources to search, they must include articles from journals indexed in scientific databases or international conferences, books indexed in scientific libraries and non-conventional literature (reports of prestigious associations, scientific reports of experts in the area, doctoral theses, master's theses, norms and standards of recognized organizations). In addition, it is convenient in turn to review the bibliography of the articles found. The inclusion and exclusion criteria of the primary studies will help to reduce the number of publications to analyze. Researchers should also define the aspects to be taken into account for the qualification of each article. As affirmed by Genero et al. (2014), since the protocol is a critical element for the realization of the SLR, it is advisable that it is validated by experts (activity 4). The experts can be those who validate the final report of the SLR.

Do the SLR
In this phase, we put into practice what was previously planned in the protocol and we obtain the final results that will answer the research questions. Table 1 shows the tasks that must be executed in this phase. The set of relevant research (activity 5) is found following the search strategy defined in the review protocol. In this activity, it is necessary to refine the search strings, include new sources or change the period. It is important to document the changes and record the results through reference management systems. In addition to the basic data (title, authors, year, etc.) it is necessary to save the summary. The selection process should locate the primary studies (activity 6) that show evidences related to the research questions.
After selecting the primary studies, they will undergo a quality evaluation process (activity 7), following a checklist defined in the review protocol. All articles that do not exceed the minimum threshold established to be considered adequate for the research must be excluded. Subsequently, a data extraction list must be made, as defined in the protocol. As a result, the data extraction forms will be obtained filled with the information corresponding to each primary study that has been selected (activity 8). Once all the publications considered relevant have been collected, they will be synthesized using the methods established in the review protocol, which will answer the questions asked. The synthesis is accompanied by tables and graphs to illustrate the results (activity 9).

Report the SLR
The activities of this phase are detailed in Table 1. According to Kitchenham et al. (2007), to finalize the systematic review, a report must be written that reflects the entire review process (activity 10), considering the means of disclosure selected when defining the protocol. It is necessary to collect the information with the detail of documentary quality and relevance of results. Finally, reports of validity threats, limitations of the SLR and lessons learned can be attached, which compile the experiences of the SLR carried out and can serve as reference for future researchers. The more information about the study, the more transparency of the validity will have the SLR performed. Finally, the report should be sent to experts for validation (activity 11).

Selection criteria
Our research work requires evaluating the effect of the portfolio of IT project as an initial good practice for the implementation of IT governance in Universities. A systematic review of the scientific and non-conventional literature is initially proposed in order to identify the relevant studies to the following question: In a university with an IT governance that is not explicit, is the portfolio of IT project an initial good practice for the proper implementation of an IT governance framework?
To formulate the research question (activity 2), it has been considered that the general problem to be solved is the lack of an adequate implementation of a specific IT governance framework in universities. The population in which evidence is collected belongs to universities with an IT governance that is not explicit. The intervention group is the portfolio of IT projects as a good practice that deals in a cross-cutting way with all the IT governance principles. The results should be related to the portfolio of IT projects, as a good practice for the adequate implementation of a specific IT Governance framework for the universities.
We addressed the definition of the review protocol (activity 3). Four terms are proposed as key words of the search: "IT Governance", "Project Portfolio", "Good Practices" and "Universities", with its different terminological variants and considering the search both in English and Spanish. The databases consulted are WoS, Scopus and Google Scholar. In addition, due to the particularity of the research topic, the study is complemented with non-conventional databases of universities and recognized international associations. The inclusion criteria for the search in scientific databases and repositories of non-conventional literature are shown in Table 2. To determine the relevance of each publication in relation to the specific research topic, the five evaluation criteria that appear in Table 3 are used. Each criterion is rated with a value between 0 and 2, where 0 indicates a minimum contribution of the selected publication to the criterion, 1 a medium contribution and 2 a high contribution. After evaluating all the selected primary studies (activity 7), we proceed to select publications with a high level of contribution (which have obtained between 9 and 10 points) and read them completely. With these publications, the state of the art of the research will be written (activity 10).

Results
In this section, the final results obtained in the systematic review are presented. The set of publications is cleared out, eliminating the redundant documents. We found 242 primary publications. It is observed that 147 of those publications come from scientific databases and 95 from non-conventional databases. From the publications found in the scientific databases, the highest percentage (46,94 %) Regarding the language in which the papers are written, 173 out of 242 publications (71,49 %) are in English and 69 (28,51 %) in Spanish. As expected, the number of publications found in the scientific databases and written in English is significantly higher than those in Spanish (130 versus 17). In those from associations, the number of publications per language is balanced (34 and 29), while in those from university repositories, there is a greater number in Spanish (23 compared to 9) due to the bias of origin of the authors of this work.  (113), while non-conventional literature provides mostly books (17) and reports (22). The doctoral theses (13) and master's theses (5), important for the present research work, come exclusively from the institutional repositories.

Final assessment
Each summary, title and keywords are read and the document is qualified (Table 5). Each publication had a rating of a maximum of 10 points, obtained according to the five evaluation criteria in Table 3. Finally, a contribution level has been assigned to each publication according to the points obtained: dismissible (0-3 points), low (4-6 points), medium (7-8 points) and high contribution (9-10 points). As final result, 51 publications are considered high contribution to answer the research question proposed at the beginning of the SLR. Looking more closely at the origin of the 51 highcontribution publications, we can see that 23 come from scientific databases, 8 from non-conventional literature in universities and 20 from prestigious associations. From the 23 high contribution publications from scientific databases, 12 were found in Scopus, 2 in WoS and 9 in Google Scholar.
In the non-conventional literature, 8 belong to repositories of universities, 12 belong to professional associations and 8 are recommendations made by experts in the field. Thus, from the total of 242 publications selected at the beginning, the number of publications to be considered in the qualitative analysis of the research has been reduced to 21,07 %. The rest of the publications (191) will probably not be taken into account in the qualitative analysis during the writing of the state of the art, but they are identified and may be accessed at some point during the research.
For the final report, only selected publications with a high contribution are considered and the entire evaluation process is reported. The details of the selected publications from scientific databases (23 publications) are presented in Appendix 1. We have read completely the 51 selected publications.

Scientific and professional interest
To determine the scientific interest we proceeded to analyze the 147 primary studies from scientific databases. From these documents, 31 come from conferences and 113 from scientific journals ( Due to the nature of the research topic, framed within the IT governance, it is also convenient to analyze the professional interest. From the 63 publications found in the nonconventional professional literature (Table 4), 45 come from prestigious associations and 18 are direct recommendations made by experts. There are 9 associations that concentrate 38 of these publications. The Association with more selected documents is the Crue-TIC (ICT Sectoral Commission of the Conference of Rectors of Spanish Universities) with 13 publications. This concentration is due to the strong implication of the authors with this association. It is followed by other associations with fewer publications related to the portfolio of IT projects in universities but equally concerned with the subject: the ISACA (Information Systems Audit and Control Association), EUNIS (European University Information Systems) and ITGI (IT Governance Institute), among others. It must be borne in mind that the search for research works in associations has not followed a systematic method. It has been based fundamentally on the experience of the authors and on references provided by experts in the field.

Discussion of results
The ultimate goal of a systematic literature review is to carefully summarize all the relevant information about a specific topic of interest. It is important to extract from the selected publications the answer to various questions, so that it allows us to successfully address our future research. The first step for our research has been to look for answers on the IT governance and the portfolio of IT projects issues. In the review conducted, different approaches to how to use IT properly can be found. This new approach allows us to determine methods, good practices, standards, frameworks and procedures, which attempt to analyze how to use IT appropriately as service providers, and their relationship with users and customers. The IT governance can be seen as the set of mechanisms, structures, procedures and relationships defined by the senior management to evaluate, direct and monitor actions and the correct use and management of IT (Santos and Santos, 2017). The key element in IT governance is the alignment of IT to the business and, thereby, generating business value. IT services are increasingly integrated into business operations. According to Fernández et al. (2015), the alignment of IT with the business allows to verify the impact of IT infrastructure and IT projects and services on the organization itself. We must move the focus of IT from cost efficiency to operational effectiveness and thus improve business processes. In relation to the project portfolio, numerous works have been found with different models (PMI, 2013). Some of them are even specifically designed for universities (Correa and Benavides, 2013). The strategic priorities of a company are reflected on what and how resources are spent. The portfolio of IT projects is a powerful tool for IT governance. It requires close connections between principles, processes, people and performance. Next, how the different selected works address different aspects is presented, that is, basic approaches, research lines, problems detected and proposed solutions.

Basic approaches
With respect to the IT Governance, several authors describe related theories, models and procedures. Reynolds and Yetton (2013) propose a new model of IT governance that reconceptualizes business and IT alignment, contributing with detailed explanations of how IT creates value at the corporate level and at the level of strategic business units. Toomey (2009) states that companies have evolved to demonstrate how IT (personnel and technology) helps them to meet their business objectives. IT governance must deal with IT demand and provision (Delgado et al., 2012). Highly aligned organizations take advantage of more mature IT governance practices compared to poorly aligned organizations (ISACA, 2013;Montaña, 2013). Regarding the portfolio of IT projects, IT project management alone does not guarantee that the organization is spending its resources in the right areas and doing the right projects. A prioritized set of well-defined IT projects that can be successfully executed in the short term should be generated. In the portfolio of IT projects, it is fundamental in the business strategy that the combination of projects reflects the strategic priorities. Furthermore, Jairak and Praneetpolgrang (2013) propose the establishment of a procedure to prioritize the projects and involve IT and business managers from the beginning of the project. The portfolio of IT projects is successful if the steering committee assumes the responsibility of supervising large projects and managing the priorities, costs and allocation of IT resources. Tu, Shaw and Subramanyam (2015) believe that all the no financial impact would result in the financial value of the investment portfolio of IT projects in a company. In the case of universities, according to Fernández et al. (2014), every university should have some economic and human resources, so that their IT is centralized and sufficient to achieve the objectives established by its own strategy. Fernández et al. (2014) believe that IT planning should be obtained from the university global strategy and include a portfolio of IT projects that implement the proposed strategies. Franco Reboreda (2017) analyzes the current state of governance of IT in the Universities and Institutions of Higher Education in Mexico, where route maps can be drawn towards the consolidation of IT governance initiatives. Ponce (2016) affirms that the life cycle of the portfolio of IT projects must conclude with the evaluation of the success achieved by each project and the decision by the board of directors on its continuity, modification or cancellation.

Research lines
IT Governance brings together five research areas: strategic alignment, resource management, risk management, performance and value generation for the organization (Delgado et al., 2012). Prediction models and decision support systems are new areas in IT governance research (Jairak and Praneetpolgrang, 2013). Laita and Belaissaoui (2017) recommend to carry out studies on the contribution of IT governance to the provision of services in the public sector. Additionally, it is proposed for the public sector to research the threat posed by the decrease in IT budget and the lack of mechanisms for the adequate implementation of IT governance. The management of the portfolio of IT projects, the information economy, the strategic IT planning, the methodologies of project management, the return on investment based on well-being (ROI and ROIW), IT quality, prediction models, decision support systems and datamining are lines for research that can be explored and exploited. Current research on IT portfolio management is very limited, therefore, it presents great opportunities for researchers on information systems to advance in the knowledge of this good practice.

Detected problems
From the detailed reading of the selected articles, different obstacles are detected and related to both the governance and the portfolio of IT projects. One of these obstacles is to propose and implement in the organizations a new business model and IT alignment that provides results to explain how IT creates value (Rahimi, Moller and Hvam, 2016). Another problem, according to Fernández et al. (2014), is that there are obvious differences between IT management and IT governance and consequently their differences must be clearly established. It is necessary to find procedures that demonstrate that IT is not a commercial expense, but an investment with not only economic but also social benefits. According to Jairak and Praneetpolgrang (2013), the companies from developing countries without an adequate industrial infrastructure are not at the same level as those from developed countries. The implementation of an IT governance culture requires not only good intentions but also IT investment, trend analysis and technological prospection, which makes it more feasible to implement an IT governance in developed countries. Lima, Fernandes and Machado (2016) state that there is still limited knowledge regarding the management of the portfolio of IT projects. Quantifying the benefits of a portfolio of IT projects can be difficult. Rahimi et al. (2016) propose a new business and IT alignment model in organizations, providing results that explain how IT creates organizational value. Additionally, Ghorfi, Oudau, Aboutajdine and Aroussi (2014) determine a model that allows the people in charge of IT to have a decision tool regarding their future strategic choices. Santos and Santos (2017) affirm that the effectiveness of IT governance in public or private companies will be achieved if the results of decision-making and related processes for the management and control of IT operations reach IT objectives. The findings can be used to improve the current IT governance frameworks, enabling companies to focus on IT concerns with a strong impact on the performance of IT governance. Project management is the institutional memory of governance. Simon, Fischbach and Schoder (2013) establish closer relations between the business architecture and the management of the IT portfolio through their integration not only in the process but also in the strategy, the meta-model, the organization and the level of the software tool. With regard to the selection process of IT projects, several solutions are proposed. Zhijie (2012) suggests that IT governance plays an important role in the selection of IT projects and the prioritization of the portfolio. Regarding solutions found in universities, Fernández et al. (2015) state that one of the best practices that can be applied in relation to the acquisition principle is the implementation of a portfolio of IT projects. An IT investment portfolio should be designed based on a prioritized set of well-defined IT projects, that is, a portfolio of IT projects must be executed. One of the bases of good IT governance consists in developing a portfolio of projects aligned with the objectives of the University (Fernández, Gumbau and Llorens, 2012;Fernández et al., 2014;Gómez et al., 2016;Fernández et al., 2015).

Conclusions
A systematic review of the literature has been applied, both in scientific databases and in university repositories and professional associations, to initiate the research that leads us to answer the question of whether the portfolio of IT projects can be an initial good practice for the implementation of an IT governance framework in a university with a non-explicit one. Throughout this document the methodology followed has been explained. The figure of Appendix 2 summarizes the process followed. We can consider it as a sequential filtering that leads us to select, from all the existing documentation on the Internet, a small number of works related to the subject that allow us to determine the research situation in that area. The first filter applied is related to the sources in which the information has been sought: the scientific databases (Scopus and WoS), non-conventional sources (Google Scholar), professional associations and institutional repositories of universities. Once the sources have been determined, the search has been carried out. For scientific and non-conventional databases, a second filter has been applied, consisting in searching the terms (IT governance, portfolio of IT projects, good practices and universities) and the inclusion criteria. We have obtained 242 primary publications (Valverde-Alulema, 2019), which have been evaluated and labeled as high contribution for research (51), medium, (70), low (46) and dismissible (75). For the final selection of the works for writing the state of the art, a last filter has been applied, keeping only the 51 high-contribution publications.
According to the analysis of the selected final documents, the portfolio of IT projects is a good practice for IT governance and there are researches on this regard. In the period taken for the search (from 2000 to 2017), an increasing trend in the number of publications has been found. The scientific community has a real and progressive interest in the line of research of the IT Governance in general, and in particular in the Universities, where there is still a long path for research. The portfolio of IT projects is a very useful practice and has been implemented in many institutions. The greatest number of publications are from the technological areas, although there is also an interest in the business areas. This leads us to propose that a multidisciplinary research must be carried out to coordinate research from the technological and business areas. This would benefit the alignment of IT with the strategy of organizations for better Corporate Governance.
At a general level, the creation of a research line related to the IT Governance is of great relevance and its insertion within university postgraduate and research plans is justified. For the purpose of the present investigation, the study of good practices that give strength to IT governance is also justified. The portfolio of IT projects is a proven practice and could be an initial good practice, prior to the adoption of a culture of IT governance, in organizations. Specifically in the universities, some initiatives have been developed through the application of good practices, as a result of the contribution of the scientific community and prestigious international associations that have been working on issues related to the IT Governance. In this way, the review of the literature will help us answer the research question proposed at the beginning and justify the future work of implementing a Strategic Portfolio of IT Projects specific to universities, with analysis of characteristics and established standards. This demonstrates that it is the first step to implement and ensure a good start in the adoption of a specific IT governance framework for Universities, which is the purpose and future objective of our research.