Model-Based IT Governance Maturity Assessments with Cobit

IT governance is an executive level concern in many enterprises today, but a method for credible, reliable, and cost-efficient IT governance maturity assessment has been lacking. Control Objectives for Information and related Technology (Cobit) is best practice in the area, but the method requires an experienced analyst to perform the assessment and the provided analysis framework is vague and ambiguous. This paper presents a Cobit based method designed to overcome these featured problems. It comprises a modeling language for IT governance based on Cobit, and a transparent analysis framework which enables aggregation of single metrics into comprehensive maturity scores. The applicability was tested in a small case study. Results demonstrate that the method can be used to conduct time-efficient, valid and reliable IT governance maturity assessments without the help of an experienced analyst.

[1]  Andrew Kakabadse,et al.  IS/IT governance: need for an integrated model , 2001 .

[2]  Michael Holm Larsen,et al.  IT Governance: Reviewing 17 IT Governance Tools and Analysing the Case of Novozymes A/S , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[3]  L. Diamond IT Governance : How Top Performers Manage IT Decision Rights for Superior Results , 2005 .

[4]  Pontus Johnson,et al.  Assessement of IT governance : A prioritization of cobit , 2006 .

[5]  John C. Henderson,et al.  Strategic Alignment: Leveraging Information Technology for Transforming Organizations , 1999, IBM Syst. J..

[6]  John C. Henderson,et al.  Strategic Alignment: Leveraging Information Technology for Transforming Organizations , 1993, IBM Syst. J..

[7]  P. Weill,et al.  Don't Just Lead, Govern: Implementing Effective it Governance , 2002 .

[8]  M. Lynn Hawaii International Conference on System Sciences , 1996 .

[9]  Mathias Sallé,et al.  Formulating and Implementing an HP IT Program Strategy using CobiT and HP ITSM , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[10]  Jeanne W. Ross,et al.  Creating a Strategic IT Architecture Competency: Learning in Stages , 2003, MIS Q. Executive.

[11]  Peter Weill,et al.  State Street Corporation: Evolving it Governance , 2002 .

[12]  Gail Ridley,et al.  COBIT and its utilization: a framework from the literature , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[13]  Lawrence Loh,et al.  Diffusion of Information Technology Outsourcing: Influence Sources and the Kodak Effect , 1992, Inf. Syst. Res..

[14]  W. V. Grembergen Strategies for Information Technology Governance , 2003 .

[15]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[16]  Gail Ridley,et al.  Awareness of IT Control Frameworks in an Australian State Government: A Qualitative Case Study , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[17]  Roger Debreceny Re-Engineering IT Internal Controls: Applying Capability Maturity Models to the Evaluation of IT Controls , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[18]  Erik Guldentops Governing information technology through COBIT , 2001, IICIS.

[19]  W. V. Grembergen,et al.  Structures, Processes and Relational Mechanisms for IT Governance , 2004 .