Towards a Theoretical Foundation of IT Governance … The COBIT 5 case

Authors

  • Jan Devos
  • Kevin Van de Ginste

Keywords:

Keywords: IT governance, COBIT 5, stakeholder theory, principal agent theory, TAM

Abstract

Abstract: COBIT, (Control Objectives for Information and Information related Technologies) as an IT governance framework is well‑known in IS practitioners communities. It would impair the virtues of COBIT to present it only as an IT governance framework. COBIT analyses the complete IS function and offers descriptive and normative support to manage, govern and audit IT in organizations. Although the framework is well accepted in a broad range of IS communities, it is created by practitioners and therefore it holds only a minor amount of theoretical supported claims. Thus critic rises from the academic community. This work contains research focusing on the theoretical fundamentals of the ISACA framework, COBIT 5 released in 2012. We implemented a reverse engineering work and tried to elucidate as much as possible propositions from COBIT 5 as an empiricism. We followed a qualitative research method to develop inductively derived theoretical statements. However our approach differs from the original work on grounded theory by Glaser and Strauss (1967) since we started from a general idea where to begin and we made conceptual descriptions of the empirical statements. So our data was only restructured to reveal theoretical findings. We looked at three candidate theories: 1) Stakeholder Theory (SHT), 2) Principal Agent Theory (PAT), and 3) Technology Acceptance Model (TAM). These three theories are categorized and from each theory, several testable propositions were deduced. We considered the five COBIT 5 principles, five processes (APO13, BAI06, DSS05, MEA03 and EDM03) mainly situated in the area of IS security and four IT‑related goals (IT01, IT07, IT10 and IT16). The choice of the processes and IT‑related goals are based on an experienced knowledge of COBIT as well of the theories. We constructed a mapping table to find matching patterns. The mapping was done separately by several individuals to increase the internal validity. Our findings indicate that COBIT 5 holds theoretical supported claims. The lower theory types such as PAT and SHT contribute

Downloads

Published

1 Sep 2015

Issue

Vol. 18 No. 2 (2015)

Section

Articles

License

Open Access Publishing

The Electronic Journal of Information Systems Evaluation operates an Open Access Policy. This means that users can read, download, copy, distribute, print, search, or link to the full texts of articles, crawl them for indexing, pass them as data to software, or use them for any other lawful purpose, without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. The only constraint on reproduction and distribution, and the only role for copyright in this domain, is that authors control  the integrity of their work, which should be properly acknowledged and cited.

Creative Commons License

This Journal is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.