Assessing the Maturity of Control Objectives for Information and Related Technology (COBIT) Framework in the Egyptian Banking Sector

Assessing the Maturity of Control Objectives for Information and Related Technology (COBIT) Framework in the Egyptian Banking Sector

Hisham M. Abdelsalam (Cairo University, Egypt), Ahmed M. Marzouk (IBM Egypt, Egypt) and Haitham S. Hamza (Cairo University, Egypt)
Copyright: © 2013 |Pages: 20
DOI: 10.4018/978-1-4666-2083-4.ch005
OnDemand PDF Download:


Banking sector in Egypt is one of the largest business sectors in terms of contributing to country economic growth and in terms of investing in information technology (IT). Thus, implementing a good Information Technology (IT) governance framework inside Egyptian banks is a rather critical issue. The purpose of this chapter is to assess the importance and the implementation of Control Objectives for Information and Related Technology (COBIT) high level processes in the Egyptian banking sector. A total of 25 working banks in Egypt which are registered in the Central Bank of Egypt (CBE) from (public sector, private and joint venture and foreign) banks were interviewed in a series of one-to-one interviews. The results of this study showed that although the majority of interviewed Chief Information Officer (CIO), IT Managers, IT Auditors and others perceived the importance of COBIT high level processes in their organizations, the majority of the Egyptian banks have a below average maturity level for most of the COBIT processes.
Chapter Preview


Information systems do not exist in isolation. Clearly, they are developed and operate within an environmental – most commonly business - context that has a significant effect on them. This environment is increasingly complex and dynamic. But, few organizations have realized the full potential of their information assets, although most consider their information to be essential to the operation. So, as Information Technology (IT), in general, contributes a larger and more noticeable role in driving business success, senior executives are under mounting pressure to clearly demonstrate the business value of IT, and to prove that IT investments can generate a positive return while supporting business objectives (Sarvanan and Kohli, 2000 ). Despite of a lot of talk about business alignment of ICT, a permanent link between the mandates of business and IT management remains yet to be established, even in organizations well aware of their information management and the business alignment issue (Pulkkinen and Hirvonen, 2005).

The past few years witnessed an increased attention to many standards and worldwide accepted frameworks that support the assessment and the implementation of IT governance in various organizations. These include: (1) Control Objectives for Information and Related Technology (COBIT) with a focus on the IT processes in organizations; (2) Information Technology Infrastructure Library (ITIL) with a focus on IT service management; and (3) ISO/IEC 17799:2000 which is an information security standard. The objectives, the scope, and the structure of each framework vary considerably. But, these all aim toward – or can be used for – improving IT governance in organizations.

Corporate governance is “a general term that is defined as “the system by which companies are directed and controlled” (Cadbury Report, 1992). Among the various aspects of corporate governance, IT governance is the one responsible for guaranteeing the effective alignment between use of (and investments in) IT and organization’s business objectives. IT governance is, thus, a subset regulation of Corporate Governance (Dellit, 2002; Hamaker, 2003), which is focused on IT systems and their performance and risk management and it has developed into a discipline of its own. IT governance provides “specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT,” (Weill and Ross, 2004) and is “an integral part of enterprise governance and consists of the leadership and organizational structures and processes to ensure that the organization sustains and extends its strategy and objectives.” (ITGI, 2000)

The value of IT governance to corporate governance has raised based on the understanding that the most important IT issues in the near future are not technology-related, but governance-related (Guldentops 2002), IT governance is the capability of organization’s senior management to direct, measure and evaluate the use of IT resources to support the achievement of the organization’s strategic goals (Gray, 2004).

The primary goal for IT governance is to (1) ensure that the money invested in IT would be able to produce the expected business value, and (2) ensure the risks associated with IT are well mitigated (Williams, 2006). Good IT governance system can help organizations manage their IT internal and external costs by running efficient IT processes, aligning these processes with business objectives, introducing needed control and monitoring these processes to provide better visibility and feedback over IT (Gray, 2004).

Among various IT governance frameworks and standards, COBIT has shown as a strong and powerful framework and has been used increasingly by many organizations in public and private sectors throughout the world. COBIT was developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) in 1992. The first edition of COBIT was published in 1996, COBIT was intended to serve as an IT process and control framework linking IT to business requirements, the 2nd edition was published in 1998. Since then, COBIT is being used as a framework for IT governance, providing management tools such as metrics and maturity models to complement the control framework.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Ernesto Damiani
Daniel Mellado, Luis Enrique Sánchez, Eduardo Fernández-Medina, Mario G. Piattini
Chapter 1
Oscar Rebollo
Security awareness has spread inside many organizations leading them to tackle information security not just as a technical matter, but from a... Sample PDF
Overview of Key Information Security Governance Frameworks
Chapter 2
Theodosios Tsiakis, Theodoros Kargidis, Aristeidis Chatzipoulidis
Most industries have been influenced in different ways by e-commerce, and the banking industry is no exception. Particularly, banks are embracing... Sample PDF
IT Security Governance in E-banking
Chapter 3
Gemma María Minero Alejandre
The protection of the investment and creativity made in producing computer programs and databases by intellectual property rights is still not... Sample PDF
IT Security Governance Legal Issues
Chapter 4
Magdalena Arcilla, Jose A. Calvo-Manzano, Mercedes de la Cámara, Javier Sáenz, Luis Sánchez
Nowadays, there is an increasing dependence on information and on the systems that provide such information. So, for many organizations, the... Sample PDF
Information Technology Service Management
Chapter 5
Hisham M. Abdelsalam, Ahmed M Marzouk, Haitham S. Hamza
Banking sector in Egypt is one of the largest business sectors in terms of contributing to country economic growth and in terms of investing in... Sample PDF
Assessing the Maturity of Control Objectives for Information and Related Technology (COBIT) Framework in the Egyptian Banking Sector
Chapter 6
Ioanna Dionysiou, Angelika Kokkinaki, Skevi Magirou, Theodosios Iacovou
This chapter presents the findings of an investigation on current security practices in Cypriot organizations, including enterprises and public... Sample PDF
Adoption of ISO 27001 in Cyprus Enterprises: Current State and Challenges
Chapter 7
Matthew Nicho
The purpose of this paper is to propose an IS security governance model to enhance the security of information systems in an organisation by viewing... Sample PDF
An Information Governance Model for Information Security Management
Chapter 8
Shrikant Tiwari, Sanjay Kumar Singh
To establish the identity of an individual is very critical with the advancement of technology in networked society. Thus, there is need for... Sample PDF
Information Security Governance Using Biometrics
Chapter 9
Partha Saha, Ambuj Mahanti
IT security governance bridges the gap between corporate governance and information security which is defined as the protection of information and... Sample PDF
Ontology Based Multi Agent Modelling for Information Security Measurement
Chapter 10
Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen
Systems of systems are collections of systems interconnected through the exchange of services. Their often complex service dependencies and very... Sample PDF
Using Indicators to Monitor Security Risk in Systems of Systems: How to Capture and Measure the Impact of Service Dependencies on the Security of Provided Services
Chapter 11
Mamoun Alazab, Sitalakshmi Venkatraman, Paul Watters, Moutaz Alazab
Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to... Sample PDF
Information Security Governance: The Art of Detecting Hidden Malware
About the Contributors