Strengthening IT Governance and Controls Using COBIT: A Systematic Literature Review

Strengthening IT Governance and Controls Using COBIT: A Systematic Literature Review

Pavankumar Mulgund (University at Buffalo, Buffalo, USA), Palak Pahwa (Management Information Systems, University at Buffalo, Buffalo, USA), and Gaurav Chaudhari (Cornell University Ithaca, USA)
Copyright: © 2019 |Pages: 25
DOI: 10.4018/IJRCM.2019100104
OnDemand PDF Download:
No Current Special Offers


With the emergence of COBIT in 1996, organizations were introduced to a framework that aimed to combine the best practices and provide essential guidelines for the successful business development along with the growth of competitiveness of the organization. Today, COBIT 5 has been adopted by numerous organizations as the primary business framework for the governance and management of enterprise IT. This article explores the evolution of the framework since its genesis to the present. The authors perform a systematic literature review taking into account a total of 93 publications that relate to various aspects of COBIT. The research papers have been categorized on the basis of their scope and on their nature (empirical, conceptual or descriptive). The data collected from these publications are analyzed to identify various trends- commonalities, differences, themes, and the nature of the study. This article also provides an overview in terms of the need of COBIT, the strengths and weaknesses of each version of the framework and how each version addresses the shortcomings of its predecessors. The research article also comprehensively discusses the state of art version of the framework COBIT 5. Further, they present a detailed analysis of how this framework is currently leveraged by organizations to identify and mitigate IT and organizational risk through better governance. In conclusion, this article also discusses the issues faced by the enterprises in its implementation today and scope of future research.
Article Preview

1. Introduction

To successfully compete and thrive in the ever-changing world of business, organizations need to leverage information assets for strategic advantage. Data and Informational assets play a significant role in driving the business. Hence, the management and protection of these assets have become a top priority. Organizations also need to ensure those information assets are adequately safeguarded and put to efficient use throughout their lifecycle from inception to the eventual destruction. Information Technology (IT) capabilities are instrumental in the management and effective use of available information assets. As IT has become a critical business-enabling function from being a mere support function, it is imperative that the board and management of organizations accept IT as a vital aspect of their business. To justify the strategic value of IT, enterprises require a framework that can help them identify the IT best practices, align the IT objectives to the business objectives, and ensure effective IT governance and management. This motivation has led to the development of the widely used framework, COBIT.

With the growing need for proper alignment between the IT functions and the goals of the enterprises, the focus of the executive management has increased exponentially towards the following areas:

  • Ensuring compliance with the ever-increasing list of rules and regulations;

  • Leveraging information and IT assets for competitive advantage and using them to make business-critical decisions;

  • Maintaining IT Risk at an acceptable level;

  • Optimizing the costs of information technology and services;

  • Creating business value by efficient use of IT;

  • Improving operational efficiency by reliable use of IT.

Other than addressing the above-mentioned areas, COBIT acts as a comprehensive framework that has incorporated and is compatible with numerous other standards and the best practices that are vital for the optimal utilization of information assets resulting in the escalated growth of the enterprises. Business executives can no longer delegate, or avoid the incorporation of IT into the business decisions. In this context, many organizations have started with the implementation of the COBIT framework to achieve the synergy between business and IT which has helped attain the much-required IT involvement in executive management. This study reviews the prior literature on COBIT that has appeared in various journals, conferences, book chapters, white papers etc. to trace the evolution of this framework, since its genesis to the present. The findings of this study help in understanding each version of COBIT, the gaps in different versions of the framework and how they are addressed in each advanced version. We make a salient contribution by providing a detailed account of how COBIT 5 framework identifies, manages and mitigates organization risk through better IT governance. The final section of the research discusses the current challenges faced by organizations during its implementation and concludes with suggesting avenues for future research.

Complete Article List

Search this Journal:
Volume 12: 1 Issue (2023): Forthcoming, Available for Pre-Order
Volume 11: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 10: 4 Issues (2021)
Volume 9: 4 Issues (2020)
Volume 8: 4 Issues (2019)
Volume 7: 4 Issues (2018)
Volume 6: 4 Issues (2017)
Volume 5: 4 Issues (2016)
Volume 4: 4 Issues (2015)
Volume 3: 4 Issues (2014)
Volume 2: 4 Issues (2013)
Volume 1: 4 Issues (2012)
View Complete Journal Contents Listing