COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities

Journal of Information Systems 06/2013; 27(1). DOI: 10.2308/isys-50422

ABSTRACT COBIT, currently in its fifth edition, is a good-practice framework for the enterprise governance of IT. There is limited academic research that either analyzes COBIT or leverages COBIT as an instrument in executing research programs. Through linking core elements and principles of COBIT to insights from IT-related and general management literature, this paper explores the use of COBIT in future research activities. This paper positions COBIT as a framework for enterprise governance of IT. The major directions and core principles of the framework are described. Connections are made of these directions and principles to the relevant literature. Research questions for future research around enterprise governance of IT and COBIT 5 are proposed and discussed.

2,137 Reads
  • Source
    • "Stahl et al [36] carry out a critical evaluation of information security policies in the UK healthcare sector. De Haes et al [37] suggest COBIT could make a good framework for the enterprise governance of IT. Mulig et al [38] note that in many companies, accounting departments deal with downloaded data that is analysed using worksheet software, which can bypass normal IT controls. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Achieving security and privacy in the cloud is not a trivial exercise. Indeed, the difficulties associated with achieving this goal are both many and highly complex, and present one of the major barriers to the uptake of cloud computing. Yet, we know cloud computing offers the possibility of substantial economic benefit to firms, as well as providing great agility, which can offer a competitive advantage in today's difficult trading conditions. We address this issue by considering whether greater accountability, and particularly a broadening of the scope of Service Level Agreements, can enhance cloud security and privacy.
    The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), Helsinki, Finland; 08/2015
  • Source
    • "The ISACA published the current version, COBIT 5, in 2012. In (De Haes et al, 2013) research questions for future research on enterprise governance of IT and COBIT 5 are proposed and discussed. COBIT 5 reveals new conceptual ideas compared to the previous COBIT 4.1 version (Preittigun et al, 2012), however, in this work COBIT 4.1 was used. "
    [Show abstract] [Hide abstract]
    ABSTRACT: This work seeks to provide a new multi-criteria approach to assess IT Governance (ITG) in the area of Strategic Alignment. The complete methodological development process is described. The evaluation model uses Fuzzy Analytic Hierarchy Process (FAHP) and it is targeted to IT processes, more specifically to the COBIT© IT maturity levels, domains and processes, thus providing a differentiated analysis of importance for each item. Its relevance is related to addressing isolated and individual evaluation criteria that are normally practiced in audits of processes. The model allows generating information that extends the guarantees of compliance and corporate governance from different organizations. This research demonstrates that the combined use of multi-criteria decision methodologies and soft computing proves to be particularly suitable for Strategic Alignment such as the focal area of COBIT. The model was applied in a big retail Brazilian company.
    09/2014; 11(2):229-256. DOI:10.4301/S1807-17752014000200003
  • Source
    • "However, over 30 years of empirical research there are still some gaps to be linked, motivated especially by the lack of a consistent and well-established research body about the topic. Since IT has become crucial in the support, sustainability and growth of organizations, the most important decisions regarding to IT moved to the boards and senior management executives – calling for a specific focus on enterprise governance of IT [14]. This situation has strengthened the role of IT governance as an integral part of the corporate governance. "
    [Show abstract] [Hide abstract]
    ABSTRACT: IT governance has become an important concern for business, receiving great attention from both practitioners and academics. Although some authors have stated that effective IT governance is crucial for any organization to achieve its corporate goals, little academic research is available that empirically supports the assumptions about the factors that determine the effectiveness of IT governance. In this sense, we proposed and examined a theoretical model that explains and predicts IT governance effectiveness, linking its domains and mechanisms. We empirically tested our hypotheses based on survey data gathered from 87 CIOs of large Brazilian companies. The results have implications about how IT governance domains and the adoption of different IT governance mechanisms can affect IT governance effectiveness, bringing implications from theory and practice.
    Proceedings of the 2014 47th Hawaii International Conference on System Sciences; 01/2014
Show more