CFP last date
29 June 2026
Call for Paper
July Edition
IJAIS solicits high quality original research papers for the upcoming July edition of the journal. The last date of research paper submission is 29 June 2026

Submit your paper
Know more
The week's pick
Responsive image
Optimized Decision Tree Classifier for Data Aggregation in Wireless Sensor Networks Using IoT Sensor Data

Jagan Kurma Raghuvaran Kendyala Varun Bitkuri Avinash Attipalli Jaya Vardhani Mamidala Sunil Jacob Enokkaren
Random Articles
Reseach Article

Racing Ahead, Governing Behind: An Institutional Analysis of AI Governance Readiness in Global Capability Centers

by Chandrasekar Umapathy
journal cover thumbnail

International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 13 - Number 3
Year of Publication: 2026
Authors: Chandrasekar Umapathy
10.5120/ijaisb2118d76a1e3

Chandrasekar Umapathy . Racing Ahead, Governing Behind: An Institutional Analysis of AI Governance Readiness in Global Capability Centers. International Journal of Applied Information Systems. 13, 3 ( Jun 2026), 11-21. DOI=10.5120/ijaisb2118d76a1e3

@article{ 10.5120/ijaisb2118d76a1e3,
author = { Chandrasekar Umapathy },
title = { Racing Ahead, Governing Behind: An Institutional Analysis of AI Governance Readiness in Global Capability Centers },
journal = { International Journal of Applied Information Systems },
issue_date = { Jun 2026 },
volume = { 13 },
number = { 3 },
month = { Jun },
year = { 2026 },
issn = { 2249-0868 },
pages = { 11-21 },
numpages = {9},
url = { https://www.ijais.org/archives/volume13/number3/racing-ahead-governing-behind-an-institutional-analysis-of-ai-governance-readiness-in-global-capability-centres/ },
doi = { 10.5120/ijaisb2118d76a1e3 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2026-06-17T02:11:20.626033+05:30
%A Chandrasekar Umapathy
%T Racing Ahead, Governing Behind: An Institutional Analysis of AI Governance Readiness in Global Capability Centers
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 13
%N 3
%P 11-21
%D 2026
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The proliferation of artificial intelligence (AI) in Global Capability Centres (GCCs) has created a critical governance readiness gap. This paper presents an in-depth field study examining AI governance configurations in GCC environments, the institutional and efficiency factors that determine governance readiness, and pathways through which organisations develop more rigorous governance over time. Drawing on the constrained-efficiency framework [1] — which integrates transaction cost theory [2, 3] and institutional theory [4, 5] — the study analyses empirical evidence from 28 semi-structured interviews across five GCC organisations. Applying the Gioia et al. [6] qualitative methodology, four types of AI governance readiness are identified: incipient, ostensible, implicit, and explicit. Five theoretical propositions are derived and assessed, addressing coercive institutional forces, efficiency motives, innovation-governance velocity asymmetry, agentic AI framework limitations, and the engagement gap at executive and board levels. The NIST AI RMF 1.0 [7] is applied as a governance maturity diagnostic, revealing that participating GCCs score at Level 1 on Govern and Map functions against a sector average of Level 2 to 3 [8]. A readiness pathway model illustrates how governance configurations evolve under competing institutional and efficiency pressures.

References
  1. Roberts, P.W. and Greenwood, R. (1997). Integrating transaction cost and institutional theories: Toward a constrained-efficiency framework for understanding organizational design adoption. Academy of Management Review, 22(2), 346-373.
  2. Coase, R.H. (1937). The nature of the firm. Economica, 4(16), 386-405.
  3. Williamson, O. (1975). Markets and Hierarchies. Free Press, New York.
  4. DiMaggio, P.J. and Powell, W.W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147-160.
  5. Lawrence, T.B. and Shadnam, M. (2008). Institutional theory. The International Encyclopedia of Communication.
  6. Gioia, D.A., Corley, K.G. and Hamilton, A.L. (2013). Seeking qualitative rigor in inductive research. Organizational Research Methods, 16, 15-31.
  7. National Institute of Standards and Technology (2023). AI Risk Management Framework (AI RMF 1.0). NIST AI 100-1.
  8. NASSCOM (2024). GCC State of the Industry Report 2024. NASSCOM, New Delhi.
  9. World Economic Forum (2023). Global Risk Report 2023. World Economic Forum, Geneva.
  10. McKinsey and Company (2023). The State of AI in 2023: Generative AI's Breakout Year. McKinsey Global Institute.
  11. Gartner (2024). Top Strategic Technology Trends for 2024: Agentic AI. Gartner Research Note G00796823.
  12. Cyberhaven (2023). The AI Data Exposure Report. Cyberhaven Research, Palo Alto, CA.
  13. ISO/IEC 42001:2023. Artificial Intelligence — Management System Standard. International Organization for Standardization.
  14. OWASP (2024). Top 10 for Large Language Model Applications (Version 2.0). Open Web Application Security Project.
  15. Wilkin, C.L. and Chenhall, R.H. (2020). Information technology governance: Reflections on the past and future directions. Journal of Information Systems, 34(2), 257-292.
  16. Slapnicar, S., Axelsen, M., Bongiovanni, I. and Stockdale, D. (2023). A pathway model to five lines of accountability in cybersecurity governance. International Journal of Accounting Information Systems, 51, 100642.
  17. Van Grembergen, W., De Haes, S. and Guldentops, E. (2004). Structures, processes and relational mechanisms for IT governance. In: Van Grembergen, W. (Ed.), Strategies for Information Technology Governance. IGI Global, pp. 1-36.
  18. Aghion, P. and Tirole, J. (1997). Formal and real authority in organizations. Journal of Political Economy, 105(1), 1-29.
  19. CERT-In (2022). Directions under sub-section (6) of section 70B of the Information Technology Act, 2000. Ministry of Electronics and Information Technology, Government of India.
  20. Ministry of Law and Justice, Government of India (2023). The Digital Personal Data Protection Act, 2023. Gazette of India, Extraordinary.
  21. De Haes, S. and Van Grembergen, W. (2009). An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management, 26(2), 123-137.
  22. Steinbart, P.J., Raschke, R.L., Gal, G. and Dilla, W.N. (2018). The influence of a good relationship between the internal audit and information security functions on information security outcomes. Accounting, Organizations and Society, 71, 15-29.
  23. Securities and Exchange Commission (2022). Cybersecurity risk management, strategy, governance, and incident disclosure. March.
  24. Williamson, O.E. (2007). Transaction cost economics: An introduction. Economics Discussion Paper No. 2007-3.
  25. Power, M. (2009). The risk management of nothing. Accounting, Organizations and Society, 34, 849-855.
  26. Burdon, W.M. and Sorour, M.K. (2020). Institutional theory and evolution of 'a legitimate' compliance culture. Journal of Business Ethics, 162(1), 47-80.
  27. Granovetter, M. (1985). Economic action and social structure: The problem of embeddedness. American Journal of Sociology, 91, 481-510.
  28. Gordon, L.A., Loeb, M.P. and Tseng, C.Y. (2009). Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), 301-327.
  29. Ogbanufe, O., Kim, D.J. and Jones, M.C. (2021). Informing cybersecurity strategic commitment through top management perceptions. Information and Management, 58(7), 103507.
  30. Lincoln, Y.S., Lynham, S.A. and Guba, E.G. (2011). Paradigmatic controversies, contradictions, and emerging confluences, revisited. In: Denzin, N.K. and Lincoln, Y.S. (Eds.), The Sage Handbook of Qualitative Research, 4th ed. Sage Publications, pp. 97-128.
  31. Constantino, T.E. (2008). The SAGE Encyclopedia of Qualitative Research Methods. SAGE Publications, Thousand Oaks, CA.
  32. Eisenhardt, K.M. (1989). Building theories from case study research. Academy of Management Review, 14(4), 532-550.
  33. Eisenhardt, K.M. and Graebner, M.E. (2007). Theory building from cases: Opportunities and challenges. Academy of Management Journal, 50(1), 25-32.
  34. Marshall, C. and Rossman, G.B. (2011). Designing Qualitative Research, 5th ed. Sage Publications, Thousand Oaks, CA.
  35. Patton, M.Q. (2014). Qualitative Research and Evaluation Methods: Integrating Theory and Practice. Sage Publications.
  36. Glaser, B.G. and Strauss, A.L. (1967). The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine, Chicago.
  37. Guest, G., Bunce, A. and Johnson, L. (2006). How many interviews are enough? An experiment with data saturation and variability. Field Methods, 18(1), 59-82.
  38. Yin, R.K. (2018). Case Study Research and Applications: Design and Methods, 6th ed. SAGE Publications.
  39. Miles, M.B. and Huberman, A.M. (1994). Qualitative Data Analysis: An Expanded Sourcebook, 2nd ed. Sage Publications, Thousand Oaks, CA.
  40. Guba, E.G. and Lincoln, Y.S. (1994). Competing paradigms in qualitative research. In: Denzin, N.K. and Lincoln, Y.S. (Eds.), Handbook of Qualitative Research. Sage, Thousand Oaks, pp. 105-117.
  41. Strauss, A. and Corbin, J. (1998). Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 2nd ed. Sage Publications.
  42. Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2017). Enterprise Risk Management: Integrating with Strategy and Performance. COSO, Washington, DC.
  43. Heroux, S. and Fortin, A. (2013). The internal audit function in information technology governance: A holistic perspective. Journal of Information Systems, 27(1), 189-217.
  44. Slapnicar, S., Vuko, T., Cular, M. and Drascek, M. (2022). Effectiveness of cybersecurity audit. International Journal of Accounting Information Systems, 44, 100548.
  45. Vuko, T., Slapnicar, S., Cular, M. and Drascek, M. (2021). Key drivers of cybersecurity audit effectiveness: The neo-institutional perspective. SSRN Working Paper.
Index Terms

Computer Science
Information Sciences

Keywords

AI governance; Global Capability Centres; NIST AI RMF; agentic AI; shadow AI; institutional isomorphism; constrained-efficiency framework; DPDPA 2023; cybersecurity governance

Powered by PhDFocusTM