SlideShare uma empresa Scribd logo

Ecime 2014 v.1.0

Ghent University
Ghent University

Paper presentation

Ciências
1 de 18
Baixar para ler offline
A Quest for Theoretical Foundations of COBIT 5 Jan Devos & Kevin Van de Ginste Ghent University, Campus Kortrijk, Belgium pag. 1 J. Devos - ECIME 2014 – Ghent
Outline •Problem •Research Question •Methodology •Findings •Conclusion pag. 2 J. Devos - ECIME 2014 – Ghent
Problem •IT/IS research is slow (and a new) discipline •IT/IS has a practical kernel which is fast moving where speed has won against quality (Cross 2011) •Practitioners (consultants/large organizations) are developing own methods and frameworks to evaluate IT/IS e.g. COBIT, ITIL, CMMi, PMBoK, PRINCE2, … •Not (always) theoretically founded (Ridley et al. 2008, Goldschmidt et al. 2009, Choi and Yoo 2009, Chen and Shen 2010) pag. 3 J. Devos - ECIME 2014 – Ghent
Problem (cont) •Hard to supplant frameworks and methods to other environments (SMEs, universities, not-for- profit) •Still a lot of IT/IS failures (Avison et al. 2006, Conboy 2010, Dwivedi et al. 2013) •IT/IS evaluation is under researched pag. 4 J. Devos - ECIME 2014 – Ghent
Example: COBIT 5 •COBIT 5 (Control Objectives for Information and Information related Technologies) •IT governance, management and audit framework well- known in IT/IS practitioners communities (ISACA 2012a) pag. 5 J. Devos - ECIME 2014 – Ghent Domain Type of Domain Number of processes Evaluate, Direct and Monitor (EDM) Governance 5 Align, Plan and Organize (APO) Management 13 Build, Acquire and Implement (BAI) Management 10 Deliver, Service and Support (DSS) Management 6 Monitor, Evaluate and Assess (MEA) Management 3
Research Question Does COBIT have visibly theoretical foundations that can support (some of) the claims made in the framework? pag. 6 J. Devos - ECIME 2014 – Ghent
Methodology (cont) •Reverse Engineering work •Selection of excising IT/IS theories (not grounded theory method) (Larsen et al. 2014) •Mapping theoretical propositions to empirical observations (pattern matching) (Yin, 2003, ISO/IEC 15504-2) pag. 7 J. Devos - ECIME 2014 – Ghent
Methodology Which IT/IS theories? •Truex criteria (Truex et al. 2006) Preparing the theories •a classification, an analysis, and a summary of developed components according to Gregor (2006) pag. 8 J. Devos - ECIME 2014 – Ghent
pag. 9 J. Devos - ECIME 2014 – Ghent Theories Truex criteria Stakeholder Theory Principal Agent Theory Technology Acceptance Model Fit between theory and phenomenon SHT fits very well with facts in COBIT. The first key principle of COBIT refers already to the broad phenomenon of stakeholders. PAT focussed on a fundamental relation between two actors. An information system is a nexus of principal-agent relations: e.g. owner- manager, user-developer, auditor- CIO, … A substantial critic to COBIT is the ‘mechanical’ way the framework is constructed and the ignorance of the user as reflective human actor (Hoogervorst 2008). It makes it challenging to investigate how TAM could fit or not with the propositions of COBIT. Historical context of theory The concept of stakeholder has gradually grown from shareholder to a general concept of all actors that could have a stake in an artefact or organisation. PAT is one of the cornerstone theories of organisations. TAM is one of the only successful IS theories designed from within the IS discipline. Although the theory has been criticized by many, current relevant IS research is still using TAM. Impact on the research method SHT is a process theory which is compliant with the basic perspective of our research method (qualitative and a mixture of positivism and interpretivism). PAT has two streams: positivistic agent theory and principal agent theory. We conducted the last stream (Eisenhardt 1989) TAM is constructed as a variance theory. However the operationalization of the constructs (acceptance perceived ease of use and usefulness) can be also assessed from a process perspective. Contribution to cumulative theory SHT has been used in ten previous works in IS research (Larsen et al. 2014) PAT has been used in 24 previous works in IS research and has links with other theories used in IS research (Larsen et al. 2014) TAM is one of the few genuine IS theories, in the sense that the theory is not borrowed from other disciplines. TAM has been used in 64 previous works in IS research and has a profound link with the DeLone & McLean Success Model (Larsen et al. 2014)
pag. 10 J. Devos - ECIME 2014 – Ghent Overview of Stakeholder Theory (SHT) SHT is a management theory that identifies groups and individuals that have a stake in an organisation (Frooman 1999). The theory helps to identify, understand and use in a strategic way stakeholders in an organisation. SHT explains how stakeholders can affect the organization. SHT gives answers to three key questions: 1) Who are the stakeholders (Mitchell et al. 1997), 2) What do the stakeholders want? and 3) How do stakeholders influence? Theory Component Instantiation Means of representation Words, lists, tables and diagrams Primary constructs Questions, groups and individuals Statements of relationships Relations between the stakeholders and the organization Scope The relations of an organization Causal explanations SHT explains the relation between stakeholders and organization by stating how stakeholders will impose their will. Testable propositions Questions can be composted and tested by interviews Prescriptive statements Only for the questions 1 and 3
Methodology Principles 1: Meeting Stakeholder Needs 2. Covering the Enterprise End-to-end 3. Applying a Single, Integrated Framework 4. Enabling a Holistic Approach 5. Separating Governance From Management pag. 11 J. Devos - ECIME 2014 – Ghent Processes (security oriented) •APO13 Manage Security, •BAI06 Manage Change, •DSS05 Manage Security Services •EDM03 Ensure Risk Optimisation •MEA03Monitor, Evaluate and Assess Compliance with external Requirements Goals (BSC) •02 IT compliance and support for business compliance with external laws and regulations •07 Delivery of IT services in line with business requirements •10 Security of information, processing infrastructure and applications •16 Competent and motivated business and IT personnel
Methodology Score N: (Not Present) There are no propositions, keywords or statements in COBIT that can be matched with components of one of the selected theories. Score P: (Present) There is a least one proposition, keyword or statement in COBIT that can be matched with one components of one or more of the selected theories. Score L: (Largely present) There is more than one proposition, keyword or statement in COBIT that can be matched with one theory. Score F: (Fully present) There is a strong match of several (more than two) COBIT propositions, keywords or statements with one theory. pag. 12 J. Devos - ECIME 2014 – Ghent
pag. 13 J. Devos - ECIME 2014 – Ghent FINDINGS SHT PAT TAM Meeting Stakeholder Needs LP LP N Covering the enterprise End-to-End LP LP N Applying a Single Integrated Framework P P N Enabling a Holistic Approach N N N Separating Governance From Management LP F N APO13 Manage Security LP LP P BAI06 Manage Change P LP P DSS05 Manage Security Services LP LP N MEA03 Monitor, Evaluate and Assess Compliance with external Requirements LP LP N EDM03 Ensure Risk Optimisation LP F P Goal 2 - IT compliance and support for business compliance with external laws and regulations P LP N Goal 7 - Delivery of IT services in line with business requirements N N P Goal 10 - Security of information, processing infrastructure and applications P LP N Goal 16 - Competent and motivated business and IT personnel N N P
Findings The strongest theoretical foundations in COBIT are coming for PAT. PAT is a theory that is often used to explains elements of control in a governance versus management setting There is also coupling in appearance between PAT and SHT TAM is less present in COBIT. This can be due to the fact that TAM is a higher type of theory, with strong causal relations IT-related goals can strongly determine the presence of a theory. This is the way around, a framework should be designed with a theoretical stance in the first place pag. 14 J. Devos - ECIME 2014 – Ghent
Findings e.g. ‣IT-related goal 07 (Delivery of IT services in line with business requirements) suggest to be based on TAM and brings the theory into the process BAI06 Manage Change. ‣IT-related goals 02 (IT compliance and support for business compliance with external laws and regulations) and 10 (Security of information, processing infrastructure and applications) bring in PAT in APO13 Manage Security and DSS05 Manage Security Services. pag. 15 J. Devos - ECIME 2014 – Ghent
Conclusions The strong appearance of PAT and SHT in COBIT is probably due to the fact that both theories are lower types of theories Gregor (2006). COBIT was originally build as an IT audit guideline, so control (PAT) and stakeholders (SHT) are key elements there. Only prescriptive statements from SHT are (limited) present. To fully implement SHT one could use the findings of Mitchell et al. (1997) to assess the influence of each stakeholder. Together with the findings of Frooman (1999) the framework could be enriched with the way how stakeholders try to execute their influence. This could lead to better or more fine-tuned metrics. pag. 16 J. Devos - ECIME 2014 – Ghent
Conclusions COBIT did not took off from a clear theoretical starting position Derived theoretical propositions from the selected theories are present in the framework, albeit not always complete (e.g. SHT) Primary constructs, scope and statements of relationship of the theories are often found, but causal explanations are often absent Some theories do not have very clear causal explanations, so type I and type II theories have a higher likelihood to be supportive for COBIT. (e.g. PAT). pag. 17 J. Devos - ECIME 2014 – Ghent
Conclusions What other theories are present in COBIT? (e.g;. Resource Based Theory, Transaction Economics, and Structuration Theory) The assessment model of scoring the presence of a theory in COBIT can be more ine-tuned. pag. 18 J. Devos - ECIME 2014 – Ghent

Recomendados

Information Systems Action design research method
Information Systems Action design research methodInformation Systems Action design research method
Information Systems Action design research methodRaimo Halinen
 
IT Learning and Career Expectations survey: a first look- challenges for educ...
IT Learning and Career Expectations survey: a first look- challenges for educ...IT Learning and Career Expectations survey: a first look- challenges for educ...
IT Learning and Career Expectations survey: a first look- challenges for educ...Samuel Mann
 
Shared objective versus collaboration
Shared objective versus collaboration Shared objective versus collaboration
Shared objective versus collaboration Leon Dohmen
 
The Effect of Information Technology on Labour Productivity Growth in New Zea...
The Effect of Information Technology on Labour Productivity Growth in New Zea...The Effect of Information Technology on Labour Productivity Growth in New Zea...
The Effect of Information Technology on Labour Productivity Growth in New Zea...Productivity Commission
 
Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...
Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...
Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...hamidnazary2002
 
Startup dilemmas strategic problems
Startup dilemmas strategic problemsStartup dilemmas strategic problems
Startup dilemmas strategic problemsdotcom_91
 
DWRevsited_Final_ScreenResSINGLES (1)
DWRevsited_Final_ScreenResSINGLES (1)DWRevsited_Final_ScreenResSINGLES (1)
DWRevsited_Final_ScreenResSINGLES (1)Matt Corkery
 
Poster ECIS 2016
Poster ECIS 2016Poster ECIS 2016
Poster ECIS 2016Rui Silva
 

Recomendados

Information Systems Action design research method
Information Systems Action design research methodInformation Systems Action design research method
Information Systems Action design research methodRaimo Halinen
 
IT Learning and Career Expectations survey: a first look- challenges for educ...
IT Learning and Career Expectations survey: a first look- challenges for educ...IT Learning and Career Expectations survey: a first look- challenges for educ...
IT Learning and Career Expectations survey: a first look- challenges for educ...Samuel Mann
 
Shared objective versus collaboration
Shared objective versus collaboration Shared objective versus collaboration
Shared objective versus collaboration Leon Dohmen
 
The Effect of Information Technology on Labour Productivity Growth in New Zea...
The Effect of Information Technology on Labour Productivity Growth in New Zea...The Effect of Information Technology on Labour Productivity Growth in New Zea...
The Effect of Information Technology on Labour Productivity Growth in New Zea...Productivity Commission
 
Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...
Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...
Enterprise and Data Mining Ontology Integration to Extract Actionable Knowled...hamidnazary2002
 
Startup dilemmas strategic problems
Startup dilemmas strategic problemsStartup dilemmas strategic problems
Startup dilemmas strategic problemsdotcom_91
 
DWRevsited_Final_ScreenResSINGLES (1)
DWRevsited_Final_ScreenResSINGLES (1)DWRevsited_Final_ScreenResSINGLES (1)
DWRevsited_Final_ScreenResSINGLES (1)Matt Corkery
 
Poster ECIS 2016
Poster ECIS 2016Poster ECIS 2016
Poster ECIS 2016Rui Silva
 
Tam & toe
Tam & toeTam & toe
Tam & toeSammer Qader
 
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docxCHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docxmccormicknadine86
 
Research articleFactors affecting the successful realisati.docx
Research articleFactors affecting the successful realisati.docxResearch articleFactors affecting the successful realisati.docx
Research articleFactors affecting the successful realisati.docxrgladys1
 
IT - Business Alignment
IT - Business AlignmentIT - Business Alignment
IT - Business AlignmentBP Gurus
 
Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...Luxembourg Institute of Science and Technology
 
Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...christophefeltus
 
Dr. ITIL Talking about IT/Business Alignment research
Dr. ITIL Talking about IT/Business Alignment researchDr. ITIL Talking about IT/Business Alignment research
Dr. ITIL Talking about IT/Business Alignment researchMauricio Corona
 
Choose a Research TopicHiba Al MehdiSchool of Business, Northc
Choose a Research TopicHiba Al MehdiSchool of Business, NorthcChoose a Research TopicHiba Al MehdiSchool of Business, Northc
Choose a Research TopicHiba Al MehdiSchool of Business, NorthcJinElias52
 
Choose a research topic hiba al mehdischool of business, northc
Choose a research topic hiba al mehdischool of business, northcChoose a research topic hiba al mehdischool of business, northc
Choose a research topic hiba al mehdischool of business, northcnand15
 
A New Framework For Managing IT-Enabled Business Change
A New Framework For Managing IT-Enabled Business ChangeA New Framework For Managing IT-Enabled Business Change
A New Framework For Managing IT-Enabled Business ChangeJulie Davis
 
Enablers of TMT support fr integrated management control systems innovations
Enablers of TMT support fr integrated management control systems innovationsEnablers of TMT support fr integrated management control systems innovations
Enablers of TMT support fr integrated management control systems innovationsJessica Lee
 
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docxWeek 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docxhelzerpatrina
 
1820-02141300020S.pdf
1820-02141300020S.pdf1820-02141300020S.pdf
1820-02141300020S.pdfTesfish Hailu
 
A Practical Application Of Critical Systems Thinking To Improve A Business In...
A Practical Application Of Critical Systems Thinking To Improve A Business In...A Practical Application Of Critical Systems Thinking To Improve A Business In...
A Practical Application Of Critical Systems Thinking To Improve A Business In...Lisa Garcia
 
Adomavicius et al.Technology Trends in the IT LandscapeSP.docx
Adomavicius et al.Technology Trends in the IT LandscapeSP.docxAdomavicius et al.Technology Trends in the IT LandscapeSP.docx
Adomavicius et al.Technology Trends in the IT LandscapeSP.docxdaniahendric
 
A_Framework_for_Understanding_and_Analysing_eBusin.pdf
A_Framework_for_Understanding_and_Analysing_eBusin.pdfA_Framework_for_Understanding_and_Analysing_eBusin.pdf
A_Framework_for_Understanding_and_Analysing_eBusin.pdfArulraj Veerappan
 
Aligning IT and business strategy an Australian university ca.docx
Aligning IT and business strategy an Australian university ca.docxAligning IT and business strategy an Australian university ca.docx
Aligning IT and business strategy an Australian university ca.docxdaniahendric
 
2-Theoretical-Frameworks.pptx
2-Theoretical-Frameworks.pptx2-Theoretical-Frameworks.pptx
2-Theoretical-Frameworks.pptxEmilJohnLatosa
 
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESSA GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESSijseajournal
 
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...Lori Moore
 
Stappenplan voor een 'succesvol' project
Stappenplan voor een 'succesvol' project Stappenplan voor een 'succesvol' project
Stappenplan voor een 'succesvol' project Ghent University
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project ManagementGhent University
 

Mais conteúdo relacionado

Semelhante a Ecime 2014 v.1.0

CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docxCHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docxmccormicknadine86
 
Research articleFactors affecting the successful realisati.docx
Research articleFactors affecting the successful realisati.docxResearch articleFactors affecting the successful realisati.docx
Research articleFactors affecting the successful realisati.docxrgladys1
 
IT - Business Alignment
IT - Business AlignmentIT - Business Alignment
IT - Business AlignmentBP Gurus
 
Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...christophefeltus
 
Dr. ITIL Talking about IT/Business Alignment research
Dr. ITIL Talking about IT/Business Alignment researchDr. ITIL Talking about IT/Business Alignment research
Dr. ITIL Talking about IT/Business Alignment researchMauricio Corona
 
Choose a Research TopicHiba Al MehdiSchool of Business, Northc
Choose a Research TopicHiba Al MehdiSchool of Business, NorthcChoose a Research TopicHiba Al MehdiSchool of Business, Northc
Choose a Research TopicHiba Al MehdiSchool of Business, NorthcJinElias52
 
Choose a research topic hiba al mehdischool of business, northc
Choose a research topic hiba al mehdischool of business, northcChoose a research topic hiba al mehdischool of business, northc
Choose a research topic hiba al mehdischool of business, northcnand15
 
A New Framework For Managing IT-Enabled Business Change
A New Framework For Managing IT-Enabled Business ChangeA New Framework For Managing IT-Enabled Business Change
A New Framework For Managing IT-Enabled Business ChangeJulie Davis
 
Enablers of TMT support fr integrated management control systems innovations
Enablers of TMT support fr integrated management control systems innovationsEnablers of TMT support fr integrated management control systems innovations
Enablers of TMT support fr integrated management control systems innovationsJessica Lee
 
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docxWeek 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docxhelzerpatrina
 
1820-02141300020S.pdf
1820-02141300020S.pdf1820-02141300020S.pdf
1820-02141300020S.pdfTesfish Hailu
 
A Practical Application Of Critical Systems Thinking To Improve A Business In...
A Practical Application Of Critical Systems Thinking To Improve A Business In...A Practical Application Of Critical Systems Thinking To Improve A Business In...
A Practical Application Of Critical Systems Thinking To Improve A Business In...Lisa Garcia
 
Adomavicius et al.Technology Trends in the IT LandscapeSP.docx
Adomavicius et al.Technology Trends in the IT LandscapeSP.docxAdomavicius et al.Technology Trends in the IT LandscapeSP.docx
Adomavicius et al.Technology Trends in the IT LandscapeSP.docxdaniahendric
 
A_Framework_for_Understanding_and_Analysing_eBusin.pdf
A_Framework_for_Understanding_and_Analysing_eBusin.pdfA_Framework_for_Understanding_and_Analysing_eBusin.pdf
A_Framework_for_Understanding_and_Analysing_eBusin.pdfArulraj Veerappan
 
Aligning IT and business strategy an Australian university ca.docx
Aligning IT and business strategy an Australian university ca.docxAligning IT and business strategy an Australian university ca.docx
Aligning IT and business strategy an Australian university ca.docxdaniahendric
 
2-Theoretical-Frameworks.pptx
2-Theoretical-Frameworks.pptx2-Theoretical-Frameworks.pptx
2-Theoretical-Frameworks.pptxEmilJohnLatosa
 
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESSA GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESSijseajournal
 
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...Lori Moore
 

Semelhante a Ecime 2014 v.1.0 (20)

Tam & toe
Tam & toeTam & toe
Tam & toe
 
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docxCHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
CHAPTER-1 Discussion 11) DiscussionCOLLAPSEIT value Infor.docx
 
Research articleFactors affecting the successful realisati.docx
Research articleFactors affecting the successful realisati.docxResearch articleFactors affecting the successful realisati.docx
Research articleFactors affecting the successful realisati.docx
 
IT - Business Alignment
IT - Business AlignmentIT - Business Alignment
IT - Business Alignment
 
Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...
 
Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...Building a responsibility model including accountability capability and commi...
Building a responsibility model including accountability capability and commi...
 
Dr. ITIL Talking about IT/Business Alignment research
Dr. ITIL Talking about IT/Business Alignment researchDr. ITIL Talking about IT/Business Alignment research
Dr. ITIL Talking about IT/Business Alignment research
 
Choose a Research TopicHiba Al MehdiSchool of Business, Northc
Choose a Research TopicHiba Al MehdiSchool of Business, NorthcChoose a Research TopicHiba Al MehdiSchool of Business, Northc
Choose a Research TopicHiba Al MehdiSchool of Business, Northc
 
Choose a research topic hiba al mehdischool of business, northc
Choose a research topic hiba al mehdischool of business, northcChoose a research topic hiba al mehdischool of business, northc
Choose a research topic hiba al mehdischool of business, northc
 
A New Framework For Managing IT-Enabled Business Change
A New Framework For Managing IT-Enabled Business ChangeA New Framework For Managing IT-Enabled Business Change
A New Framework For Managing IT-Enabled Business Change
 
Enablers of TMT support fr integrated management control systems innovations
Enablers of TMT support fr integrated management control systems innovationsEnablers of TMT support fr integrated management control systems innovations
Enablers of TMT support fr integrated management control systems innovations
 
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docxWeek 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
Week 6 Post Menopausal and Sexuality Issues in the Maturing and O.docx
 
1820-02141300020S.pdf
1820-02141300020S.pdf1820-02141300020S.pdf
1820-02141300020S.pdf
 
A Practical Application Of Critical Systems Thinking To Improve A Business In...
A Practical Application Of Critical Systems Thinking To Improve A Business In...A Practical Application Of Critical Systems Thinking To Improve A Business In...
A Practical Application Of Critical Systems Thinking To Improve A Business In...
 
Adomavicius et al.Technology Trends in the IT LandscapeSP.docx
Adomavicius et al.Technology Trends in the IT LandscapeSP.docxAdomavicius et al.Technology Trends in the IT LandscapeSP.docx
Adomavicius et al.Technology Trends in the IT LandscapeSP.docx
 
A_Framework_for_Understanding_and_Analysing_eBusin.pdf
A_Framework_for_Understanding_and_Analysing_eBusin.pdfA_Framework_for_Understanding_and_Analysing_eBusin.pdf
A_Framework_for_Understanding_and_Analysing_eBusin.pdf
 
Aligning IT and business strategy an Australian university ca.docx
Aligning IT and business strategy an Australian university ca.docxAligning IT and business strategy an Australian university ca.docx
Aligning IT and business strategy an Australian university ca.docx
 
2-Theoretical-Frameworks.pptx
2-Theoretical-Frameworks.pptx2-Theoretical-Frameworks.pptx
2-Theoretical-Frameworks.pptx
 
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESSA GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
A GROUNDED THEORY OF THE REQUIREMENTS ENGINEERING PROCESS
 
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
Analysing The Relationship Between IT Governance And Business IT Alignment Ma...
 

Mais de Ghent University

Stappenplan voor een 'succesvol' project
Stappenplan voor een 'succesvol' project Stappenplan voor een 'succesvol' project
Stappenplan voor een 'succesvol' project Ghent University
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project ManagementGhent University
 
Digitaal forensis onderzoek v.2.2
Digitaal forensis onderzoek v.2.2Digitaal forensis onderzoek v.2.2
Digitaal forensis onderzoek v.2.2Ghent University
 
A New Perspective on IT Governance in SMEs
A New Perspective on IT Governance in SMEsA New Perspective on IT Governance in SMEs
A New Perspective on IT Governance in SMEsGhent University
 
IT for Small and Medium-sized Enterprises (SMEs)
IT for Small and Medium-sized Enterprises (SMEs)IT for Small and Medium-sized Enterprises (SMEs)
IT for Small and Medium-sized Enterprises (SMEs)Ghent University
 
Een duurzame relatie tussen KMO IT-manager en IT-leverancier
Een duurzame relatie tussen KMO IT-manager en IT-leverancierEen duurzame relatie tussen KMO IT-manager en IT-leverancier
Een duurzame relatie tussen KMO IT-manager en IT-leverancierGhent University
 
Vertrouwen: sleutel tot geslaagde IT projecten
Vertrouwen: sleutel tot geslaagde IT projectenVertrouwen: sleutel tot geslaagde IT projecten
Vertrouwen: sleutel tot geslaagde IT projectenGhent University
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project ManagementGhent University
 
Juridische ICT tools for the Website developer
Juridische ICT tools for the Website developerJuridische ICT tools for the Website developer
Juridische ICT tools for the Website developerGhent University
 

Mais de Ghent University (20)

Stappenplan voor een 'succesvol' project
Stappenplan voor een 'succesvol' project Stappenplan voor een 'succesvol' project
Stappenplan voor een 'succesvol' project
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project Management
 
E competences 21 10-2013
E competences 21 10-2013E competences 21 10-2013
E competences 21 10-2013
 
Digitaal forensis onderzoek v.2.2
Digitaal forensis onderzoek v.2.2Digitaal forensis onderzoek v.2.2
Digitaal forensis onderzoek v.2.2
 
Eccf 2012 jdv v.3.0
Eccf 2012 jdv v.3.0Eccf 2012 jdv v.3.0
Eccf 2012 jdv v.3.0
 
ICT Trends
ICT Trends ICT Trends
ICT Trends
 
A New Perspective on IT Governance in SMEs
A New Perspective on IT Governance in SMEsA New Perspective on IT Governance in SMEs
A New Perspective on IT Governance in SMEs
 
Engineer or Bricoleur ?
Engineer or Bricoleur ?Engineer or Bricoleur ?
Engineer or Bricoleur ?
 
ECIME 2012 Cork - Ireland
ECIME 2012 Cork - IrelandECIME 2012 Cork - Ireland
ECIME 2012 Cork - Ireland
 
IT for Small and Medium-sized Enterprises (SMEs)
IT for Small and Medium-sized Enterprises (SMEs)IT for Small and Medium-sized Enterprises (SMEs)
IT for Small and Medium-sized Enterprises (SMEs)
 
Een duurzame relatie tussen KMO IT-manager en IT-leverancier
Een duurzame relatie tussen KMO IT-manager en IT-leverancierEen duurzame relatie tussen KMO IT-manager en IT-leverancier
Een duurzame relatie tussen KMO IT-manager en IT-leverancier
 
Engineer or Bricoleur ?
Engineer or Bricoleur ? Engineer or Bricoleur ?
Engineer or Bricoleur ?
 
Edushock 17 04-2012
Edushock 17 04-2012Edushock 17 04-2012
Edushock 17 04-2012
 
Vertrouwen: sleutel tot geslaagde IT projecten
Vertrouwen: sleutel tot geslaagde IT projectenVertrouwen: sleutel tot geslaagde IT projecten
Vertrouwen: sleutel tot geslaagde IT projecten
 
Aog feb 06-03-2012 v.2.0
Aog feb 06-03-2012 v.2.0Aog feb 06-03-2012 v.2.0
Aog feb 06-03-2012 v.2.0
 
Introduction to Project Management
Introduction to Project ManagementIntroduction to Project Management
Introduction to Project Management
 
Comoaeco
ComoaecoComoaeco
Comoaeco
 
TEDxUHowest presentatie
TEDxUHowest presentatie TEDxUHowest presentatie
TEDxUHowest presentatie
 
Trust or Control ?
Trust or Control ? Trust or Control ?
Trust or Control ?
 
Juridische ICT tools for the Website developer
Juridische ICT tools for the Website developerJuridische ICT tools for the Website developer
Juridische ICT tools for the Website developer
 

Último

Davis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologyDavis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologycaarthichand2003
 
User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)Columbia Weather Systems
 
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...D. B. S. College Kanpur
 
ALL ABOUT MIXTURES IN GRADE 7 CLASS PPTX
ALL ABOUT MIXTURES IN GRADE 7 CLASS PPTXALL ABOUT MIXTURES IN GRADE 7 CLASS PPTX
ALL ABOUT MIXTURES IN GRADE 7 CLASS PPTXDole Philippines School
 
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 GenuineCall Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuinethapagita
 
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...lizamodels9
 
GenAI talk for Young at Wageningen University & Research (WUR) March 2024
GenAI talk for Young at Wageningen University & Research (WUR) March 2024GenAI talk for Young at Wageningen University & Research (WUR) March 2024
GenAI talk for Young at Wageningen University & Research (WUR) March 2024Jene van der Heide
 
OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024innovationoecd
 
Servosystem Theory / Cybernetic Theory by Petrovic
Servosystem Theory / Cybernetic Theory by PetrovicServosystem Theory / Cybernetic Theory by Petrovic
Servosystem Theory / Cybernetic Theory by PetrovicAditi Jain
 
Pests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdfPests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdfPirithiRaju
 
Environmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial BiosensorEnvironmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial Biosensorsonawaneprad
 
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.PraveenaKalaiselvan1
 
User Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather StationUser Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather StationColumbia Weather Systems
 
Pests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdfPests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdfPirithiRaju
 
《Queensland毕业文凭-昆士兰大学毕业证成绩单》
《Queensland毕业文凭-昆士兰大学毕业证成绩单》《Queensland毕业文凭-昆士兰大学毕业证成绩单》
《Queensland毕业文凭-昆士兰大学毕业证成绩单》rnrncn29
 
Microteaching on terms used in filtration .Pharmaceutical Engineering
Microteaching on terms used in filtration .Pharmaceutical EngineeringMicroteaching on terms used in filtration .Pharmaceutical Engineering
Microteaching on terms used in filtration .Pharmaceutical EngineeringPrajakta Shinde
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naJASISJULIANOELYNV
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024AyushiRastogi48
 

Último (20)

Davis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologyDavis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technology
 
User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)
 
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
Fertilization: Sperm and the egg—collectively called the gametes—fuse togethe...
 
ALL ABOUT MIXTURES IN GRADE 7 CLASS PPTX
ALL ABOUT MIXTURES IN GRADE 7 CLASS PPTXALL ABOUT MIXTURES IN GRADE 7 CLASS PPTX
ALL ABOUT MIXTURES IN GRADE 7 CLASS PPTX
 
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 GenuineCall Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
 
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
 
GenAI talk for Young at Wageningen University & Research (WUR) March 2024
GenAI talk for Young at Wageningen University & Research (WUR) March 2024GenAI talk for Young at Wageningen University & Research (WUR) March 2024
GenAI talk for Young at Wageningen University & Research (WUR) March 2024
 
OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024
 
Servosystem Theory / Cybernetic Theory by Petrovic
Servosystem Theory / Cybernetic Theory by PetrovicServosystem Theory / Cybernetic Theory by Petrovic
Servosystem Theory / Cybernetic Theory by Petrovic
 
Pests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdfPests of soyabean_Binomics_IdentificationDr.UPR.pdf
Pests of soyabean_Binomics_IdentificationDr.UPR.pdf
 
Environmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial BiosensorEnvironmental Biotechnology Topic:- Microbial Biosensor
Environmental Biotechnology Topic:- Microbial Biosensor
 
Volatile Oils Pharmacognosy And Phytochemistry -I
Volatile Oils Pharmacognosy And Phytochemistry -IVolatile Oils Pharmacognosy And Phytochemistry -I
Volatile Oils Pharmacognosy And Phytochemistry -I
 
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
 
User Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather StationUser Guide: Capricorn FLX™ Weather Station
User Guide: Capricorn FLX™ Weather Station
 
Pests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdfPests of jatropha_Bionomics_identification_Dr.UPR.pdf
Pests of jatropha_Bionomics_identification_Dr.UPR.pdf
 
《Queensland毕业文凭-昆士兰大学毕业证成绩单》
《Queensland毕业文凭-昆士兰大学毕业证成绩单》《Queensland毕业文凭-昆士兰大学毕业证成绩单》
《Queensland毕业文凭-昆士兰大学毕业证成绩单》
 
Microteaching on terms used in filtration .Pharmaceutical Engineering
Microteaching on terms used in filtration .Pharmaceutical EngineeringMicroteaching on terms used in filtration .Pharmaceutical Engineering
Microteaching on terms used in filtration .Pharmaceutical Engineering
 
Let’s Say Someone Did Drop the Bomb. Then What?
Let’s Say Someone Did Drop the Bomb. Then What?Let’s Say Someone Did Drop the Bomb. Then What?
Let’s Say Someone Did Drop the Bomb. Then What?
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by na
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024
 

Ecime 2014 v.1.0

  • 1. A Quest for Theoretical Foundations of COBIT 5 Jan Devos & Kevin Van de Ginste Ghent University, Campus Kortrijk, Belgium pag. 1 J. Devos - ECIME 2014 – Ghent
  • 2. Outline •Problem •Research Question •Methodology •Findings •Conclusion pag. 2 J. Devos - ECIME 2014 – Ghent
  • 3. Problem •IT/IS research is slow (and a new) discipline •IT/IS has a practical kernel which is fast moving where speed has won against quality (Cross 2011) •Practitioners (consultants/large organizations) are developing own methods and frameworks to evaluate IT/IS e.g. COBIT, ITIL, CMMi, PMBoK, PRINCE2, … •Not (always) theoretically founded (Ridley et al. 2008, Goldschmidt et al. 2009, Choi and Yoo 2009, Chen and Shen 2010) pag. 3 J. Devos - ECIME 2014 – Ghent
  • 4. Problem (cont) •Hard to supplant frameworks and methods to other environments (SMEs, universities, not-for- profit) •Still a lot of IT/IS failures (Avison et al. 2006, Conboy 2010, Dwivedi et al. 2013) •IT/IS evaluation is under researched pag. 4 J. Devos - ECIME 2014 – Ghent
  • 5. Example: COBIT 5 •COBIT 5 (Control Objectives for Information and Information related Technologies) •IT governance, management and audit framework well- known in IT/IS practitioners communities (ISACA 2012a) pag. 5 J. Devos - ECIME 2014 – Ghent Domain Type of Domain Number of processes Evaluate, Direct and Monitor (EDM) Governance 5 Align, Plan and Organize (APO) Management 13 Build, Acquire and Implement (BAI) Management 10 Deliver, Service and Support (DSS) Management 6 Monitor, Evaluate and Assess (MEA) Management 3
  • 6. Research Question Does COBIT have visibly theoretical foundations that can support (some of) the claims made in the framework? pag. 6 J. Devos - ECIME 2014 – Ghent
  • 7. Methodology (cont) •Reverse Engineering work •Selection of excising IT/IS theories (not grounded theory method) (Larsen et al. 2014) •Mapping theoretical propositions to empirical observations (pattern matching) (Yin, 2003, ISO/IEC 15504-2) pag. 7 J. Devos - ECIME 2014 – Ghent
  • 8. Methodology Which IT/IS theories? •Truex criteria (Truex et al. 2006) Preparing the theories •a classification, an analysis, and a summary of developed components according to Gregor (2006) pag. 8 J. Devos - ECIME 2014 – Ghent
  • 9. pag. 9 J. Devos - ECIME 2014 – Ghent Theories Truex criteria Stakeholder Theory Principal Agent Theory Technology Acceptance Model Fit between theory and phenomenon SHT fits very well with facts in COBIT. The first key principle of COBIT refers already to the broad phenomenon of stakeholders. PAT focussed on a fundamental relation between two actors. An information system is a nexus of principal-agent relations: e.g. owner- manager, user-developer, auditor- CIO, … A substantial critic to COBIT is the ‘mechanical’ way the framework is constructed and the ignorance of the user as reflective human actor (Hoogervorst 2008). It makes it challenging to investigate how TAM could fit or not with the propositions of COBIT. Historical context of theory The concept of stakeholder has gradually grown from shareholder to a general concept of all actors that could have a stake in an artefact or organisation. PAT is one of the cornerstone theories of organisations. TAM is one of the only successful IS theories designed from within the IS discipline. Although the theory has been criticized by many, current relevant IS research is still using TAM. Impact on the research method SHT is a process theory which is compliant with the basic perspective of our research method (qualitative and a mixture of positivism and interpretivism). PAT has two streams: positivistic agent theory and principal agent theory. We conducted the last stream (Eisenhardt 1989) TAM is constructed as a variance theory. However the operationalization of the constructs (acceptance perceived ease of use and usefulness) can be also assessed from a process perspective. Contribution to cumulative theory SHT has been used in ten previous works in IS research (Larsen et al. 2014) PAT has been used in 24 previous works in IS research and has links with other theories used in IS research (Larsen et al. 2014) TAM is one of the few genuine IS theories, in the sense that the theory is not borrowed from other disciplines. TAM has been used in 64 previous works in IS research and has a profound link with the DeLone & McLean Success Model (Larsen et al. 2014)
  • 10. pag. 10 J. Devos - ECIME 2014 – Ghent Overview of Stakeholder Theory (SHT) SHT is a management theory that identifies groups and individuals that have a stake in an organisation (Frooman 1999). The theory helps to identify, understand and use in a strategic way stakeholders in an organisation. SHT explains how stakeholders can affect the organization. SHT gives answers to three key questions: 1) Who are the stakeholders (Mitchell et al. 1997), 2) What do the stakeholders want? and 3) How do stakeholders influence? Theory Component Instantiation Means of representation Words, lists, tables and diagrams Primary constructs Questions, groups and individuals Statements of relationships Relations between the stakeholders and the organization Scope The relations of an organization Causal explanations SHT explains the relation between stakeholders and organization by stating how stakeholders will impose their will. Testable propositions Questions can be composted and tested by interviews Prescriptive statements Only for the questions 1 and 3
  • 11. Methodology Principles 1: Meeting Stakeholder Needs 2. Covering the Enterprise End-to-end 3. Applying a Single, Integrated Framework 4. Enabling a Holistic Approach 5. Separating Governance From Management pag. 11 J. Devos - ECIME 2014 – Ghent Processes (security oriented) •APO13 Manage Security, •BAI06 Manage Change, •DSS05 Manage Security Services •EDM03 Ensure Risk Optimisation •MEA03Monitor, Evaluate and Assess Compliance with external Requirements Goals (BSC) •02 IT compliance and support for business compliance with external laws and regulations •07 Delivery of IT services in line with business requirements •10 Security of information, processing infrastructure and applications •16 Competent and motivated business and IT personnel
  • 12. Methodology Score N: (Not Present) There are no propositions, keywords or statements in COBIT that can be matched with components of one of the selected theories. Score P: (Present) There is a least one proposition, keyword or statement in COBIT that can be matched with one components of one or more of the selected theories. Score L: (Largely present) There is more than one proposition, keyword or statement in COBIT that can be matched with one theory. Score F: (Fully present) There is a strong match of several (more than two) COBIT propositions, keywords or statements with one theory. pag. 12 J. Devos - ECIME 2014 – Ghent
  • 13. pag. 13 J. Devos - ECIME 2014 – Ghent FINDINGS SHT PAT TAM Meeting Stakeholder Needs LP LP N Covering the enterprise End-to-End LP LP N Applying a Single Integrated Framework P P N Enabling a Holistic Approach N N N Separating Governance From Management LP F N APO13 Manage Security LP LP P BAI06 Manage Change P LP P DSS05 Manage Security Services LP LP N MEA03 Monitor, Evaluate and Assess Compliance with external Requirements LP LP N EDM03 Ensure Risk Optimisation LP F P Goal 2 - IT compliance and support for business compliance with external laws and regulations P LP N Goal 7 - Delivery of IT services in line with business requirements N N P Goal 10 - Security of information, processing infrastructure and applications P LP N Goal 16 - Competent and motivated business and IT personnel N N P
  • 14. Findings The strongest theoretical foundations in COBIT are coming for PAT. PAT is a theory that is often used to explains elements of control in a governance versus management setting There is also coupling in appearance between PAT and SHT TAM is less present in COBIT. This can be due to the fact that TAM is a higher type of theory, with strong causal relations IT-related goals can strongly determine the presence of a theory. This is the way around, a framework should be designed with a theoretical stance in the first place pag. 14 J. Devos - ECIME 2014 – Ghent
  • 15. Findings e.g. ‣IT-related goal 07 (Delivery of IT services in line with business requirements) suggest to be based on TAM and brings the theory into the process BAI06 Manage Change. ‣IT-related goals 02 (IT compliance and support for business compliance with external laws and regulations) and 10 (Security of information, processing infrastructure and applications) bring in PAT in APO13 Manage Security and DSS05 Manage Security Services. pag. 15 J. Devos - ECIME 2014 – Ghent
  • 16. Conclusions The strong appearance of PAT and SHT in COBIT is probably due to the fact that both theories are lower types of theories Gregor (2006). COBIT was originally build as an IT audit guideline, so control (PAT) and stakeholders (SHT) are key elements there. Only prescriptive statements from SHT are (limited) present. To fully implement SHT one could use the findings of Mitchell et al. (1997) to assess the influence of each stakeholder. Together with the findings of Frooman (1999) the framework could be enriched with the way how stakeholders try to execute their influence. This could lead to better or more fine-tuned metrics. pag. 16 J. Devos - ECIME 2014 – Ghent
  • 17. Conclusions COBIT did not took off from a clear theoretical starting position Derived theoretical propositions from the selected theories are present in the framework, albeit not always complete (e.g. SHT) Primary constructs, scope and statements of relationship of the theories are often found, but causal explanations are often absent Some theories do not have very clear causal explanations, so type I and type II theories have a higher likelihood to be supportive for COBIT. (e.g. PAT). pag. 17 J. Devos - ECIME 2014 – Ghent
  • 18. Conclusions What other theories are present in COBIT? (e.g;. Resource Based Theory, Transaction Economics, and Structuration Theory) The assessment model of scoring the presence of a theory in COBIT can be more ine-tuned. pag. 18 J. Devos - ECIME 2014 – Ghent