COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities

Journal of Information Systems 06/2013; 27(1). DOI: 10.2308/isys-50422


COBIT, currently in its fifth edition, is a good-practice framework for the enterprise governance of IT. There is limited academic research that either analyzes COBIT or leverages COBIT as an instrument in executing research programs. Through linking core elements and principles of COBIT to insights from IT-related and general management literature, this paper explores the use of COBIT in future research activities. This paper positions COBIT as a framework for enterprise governance of IT. The major directions and core principles of the framework are described. Connections are made of these directions and principles to the relevant literature. Research questions for future research around enterprise governance of IT and COBIT 5 are proposed and discussed.

Download full-text


Available from: Steven De Haes,
2,401 Reads
  • Source
    • "Information technology (IT) has become essential in supporting the growth and sustainability of all types of organizations (De Haes et al, 2011; De Haes & Van Grembergen, 2009; De Haes et al, 2013; Jairak et al, 2015; Williams & Karahanna, 2013; Wu et al, 2015). "
    [Show abstract] [Hide abstract]
    ABSTRACT: Information technology (IT) has become essential in supporting the growth and sustainability of all types of organizations. Universities are one of those types that are more and more dependent on IT having a technological infrastructure made of heterogeneous technologies that turns IT Governance into a real challenge. The teaching-learning and research processes, nuclear for universities, require effective and efficient IT governance so universities remain competitive. IT governance calls for the definition and implementation of formal practices at the highest level in the organization involving structures, processes and relational mechanisms for the creation of business value from IT investments. However, it is quite notorious the difficulty in defining and implementing those practices from frameworks such as COBIT, ITIL, ISO/IEC 38500, among others. The level of adoption of such frameworks at universities is quite low, superficial or limited in scope. To address these issues, we propose, using design science research, the development of an IT governance model for public universities. The model will be designed having the appropriate mechanisms identified through survey research and case studies involving Portuguese and Brazilian public universities. We expect to contribute with a model having structures, processes and relational mechanisms suitable for the public sector universities with the guidelines for effective and efficient IT governance. Moreover, contributions to the body of knowledge, regarding the adoption of frameworks such as COBIT and ITIL, taking in consideration contextual and contingency factors, are also expected in what particularly relates to Portuguese and Brazilian public universities.
    26th IBIMA conference on Innovation Management and Sustainable Economic Competitive Advantage: From Regional Development to Global Growth and for inclusion, Madri; 11/2015
  • Source
    • "Stahl et al [36] carry out a critical evaluation of information security policies in the UK healthcare sector. De Haes et al [37] suggest COBIT could make a good framework for the enterprise governance of IT. Mulig et al [38] note that in many companies, accounting departments deal with downloaded data that is analysed using worksheet software, which can bypass normal IT controls. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Achieving security and privacy in the cloud is not a trivial exercise. Indeed, the difficulties associated with achieving this goal are both many and highly complex, and present one of the major barriers to the uptake of cloud computing. Yet, we know cloud computing offers the possibility of substantial economic benefit to firms, as well as providing great agility, which can offer a competitive advantage in today's difficult trading conditions. We address this issue by considering whether greater accountability, and particularly a broadening of the scope of Service Level Agreements, can enhance cloud security and privacy.
    The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), Helsinki, Finland; 08/2015
  • Source
    • "The ISACA published the current version, COBIT 5, in 2012. In (De Haes et al, 2013) research questions for future research on enterprise governance of IT and COBIT 5 are proposed and discussed. COBIT 5 reveals new conceptual ideas compared to the previous COBIT 4.1 version (Preittigun et al, 2012), however, in this work COBIT 4.1 was used. "
    [Show abstract] [Hide abstract]
    ABSTRACT: This work seeks to provide a new multi-criteria approach to assess IT Governance (ITG) in the area of Strategic Alignment. The complete methodological development process is described. The evaluation model uses Fuzzy Analytic Hierarchy Process (FAHP) and it is targeted to IT processes, more specifically to the COBIT© IT maturity levels, domains and processes, thus providing a differentiated analysis of importance for each item. Its relevance is related to addressing isolated and individual evaluation criteria that are normally practiced in audits of processes. The model allows generating information that extends the guarantees of compliance and corporate governance from different organizations. This research demonstrates that the combined use of multi-criteria decision methodologies and soft computing proves to be particularly suitable for Strategic Alignment such as the focal area of COBIT. The model was applied in a big retail Brazilian company.
    09/2014; 11(2):229-256. DOI:10.4301/S1807-17752014000200003
Show more