Our institute developed an integrated method to manage Shadow-IT. This methodology could be applied in different organisations of various industry sectors: Banking, Insurance, Mechanical and Electronical Engineering with a size between 500 and 1.500 employees. The method is composed of three steps:


During the identification of the Shadow-IT instances, the distribution of the phenomenon is determined. Based on processual descriptions, technical analyses or an evaluation of the Help Desk available information is gathered and processed in an interview guideline.

The actual collection of information is done in structured interviews, where the IT-support of the operational functions is determined.

Result of this step:
A process oriented IT-Landscape with as-is solutions.


The detected Shadow-IT Systems are evaluated using the following criteria:

- Risk & Relevance
- Quality
- Size
- Innovation

Result of this step:
Evaluation Portfolio and Consideration of Risks


Based on the evaluation, recommendations on how to control the Shadow-IT instances are deduced. The recommended measures are:

- Register
- Coordinate
- Reengineer

Result of this step:
IT-Governance structures and a policy for the business-located IT

This methodology is characterized by achieving fast and effective results. The interviews for the identification are consciously restricted to 90 minutes per interviewee. Based on these interviews a joint review of the resulting models and the final presentation of the evaluation and control measures is conducted.
The development of a sustainable IT-Governance together with the business and the IT unit results in a better task allocation and business-IT alignment for the Shadow-IT instances.
Alltogether, 10 working days are needed for the project in one department.


  • Cassini Consulting
  • Layer8-Solutions