COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities

Journal of Information Systems 06/2013; 27(1). DOI: 10.2308/isys-50422


COBIT, currently in its fifth edition, is a good-practice framework for the enterprise governance of IT. There is limited academic research that either analyzes COBIT or leverages COBIT as an instrument in executing research programs. Through linking core elements and principles of COBIT to insights from IT-related and general management literature, this paper explores the use of COBIT in future research activities. This paper positions COBIT as a framework for enterprise governance of IT. The major directions and core principles of the framework are described. Connections are made of these directions and principles to the relevant literature. Research questions for future research around enterprise governance of IT and COBIT 5 are proposed and discussed.

  • Source
    • "Information technology (IT) has become essential in supporting the growth and sustainability of all types of organizations (De Haes et al, 2011; De Haes & Van Grembergen, 2009; De Haes et al, 2013; Jairak et al, 2015; Williams & Karahanna, 2013; Wu et al, 2015). "
    [Show abstract] [Hide abstract]
    ABSTRACT: Information technology (IT) has become essential in supporting the growth and sustainability of all types of organizations. Universities are one of those types that are more and more dependent on IT having a technological infrastructure made of heterogeneous technologies that turns IT Governance into a real challenge. The teaching-learning and research processes, nuclear for universities, require effective and efficient IT governance so universities remain competitive. IT governance calls for the definition and implementation of formal practices at the highest level in the organization involving structures, processes and relational mechanisms for the creation of business value from IT investments. However, it is quite notorious the difficulty in defining and implementing those practices from frameworks such as COBIT, ITIL, ISO/IEC 38500, among others. The level of adoption of such frameworks at universities is quite low, superficial or limited in scope. To address these issues, we propose, using design science research, the development of an IT governance model for public universities. The model will be designed having the appropriate mechanisms identified through survey research and case studies involving Portuguese and Brazilian public universities. We expect to contribute with a model having structures, processes and relational mechanisms suitable for the public sector universities with the guidelines for effective and efficient IT governance. Moreover, contributions to the body of knowledge, regarding the adoption of frameworks such as COBIT and ITIL, taking in consideration contextual and contingency factors, are also expected in what particularly relates to Portuguese and Brazilian public universities.
    Full-text · Conference Paper · Nov 2015
  • Source
    • "Stahl et al [36] carry out a critical evaluation of information security policies in the UK healthcare sector. De Haes et al [37] suggest COBIT could make a good framework for the enterprise governance of IT. Mulig et al [38] note that in many companies, accounting departments deal with downloaded data that is analysed using worksheet software, which can bypass normal IT controls. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Achieving security and privacy in the cloud is not a trivial exercise. Indeed, the difficulties associated with achieving this goal are both many and highly complex, and present one of the major barriers to the uptake of cloud computing. Yet, we know cloud computing offers the possibility of substantial economic benefit to firms, as well as providing great agility, which can offer a competitive advantage in today's difficult trading conditions. We address this issue by considering whether greater accountability, and particularly a broadening of the scope of Service Level Agreements, can enhance cloud security and privacy.
    Full-text · Conference Paper · Aug 2015
    • "In this perspective, a parallel is made between the alignment of executives' decisions to the owners' interests in CG and the alignment of IT management practices to the firm's needs in ITG. We define ITG as follows: ITG, a responsibility of topmanagement and an integral part of corporate governance, encompasses decision rights and accountability framework for encouraging desirable behavior in the use of IT, and ensuring that IT goals and objectives are realized in an efficient and effective manner " (adapted from [11] [12]). "
    [Show abstract] [Hide abstract]
    ABSTRACT: The need to effectively manage IT resources such that they enhance the business value of firms makes IT governance (ITG) an important issue for both IS researchers and practitioners. The purpose of this paper is to build a conceptual framework for ITG in small and medium-sized enterprises (SMEs). We first analyze the main theories applied in ITG research, and confront them with the specificities of SMEs. We then highlight the limits of those theories in SMEs context and discuss adaptations needed or alternative theories in such context. The resulting framework is then applied to generate a set of six research propositions on ITG in SMEs.
    No preview · Article · Mar 2015
Show more