Banking sector in Egypt is one of the largest business sectors in terms of contributing to country economic growth and in terms of investing in information technology (IT). Thus, implementing a good Information Technology (IT) governance framework inside Egyptian banks is a rather critical issue. The purpose of this chapter is to assess the importance and the implementation of Control Objectives for Information and Related Technology (COBIT) high level processes in the Egyptian banking sector. A total of 25 working banks in Egypt which are registered in the Central Bank of Egypt (CBE) from (public sector, private and joint venture and foreign) banks were interviewed in a series of one-to-one interviews. The results of this study showed that although the majority of interviewed Chief Information Officer (CIO), IT Managers, IT Auditors and others perceived the importance of COBIT high level processes in their organizations, the majority of the Egyptian banks have a below average maturity level for most of the COBIT processes.
TopIntroduction
Information systems do not exist in isolation. Clearly, they are developed and operate within an environmental – most commonly business - context that has a significant effect on them. This environment is increasingly complex and dynamic. But, few organizations have realized the full potential of their information assets, although most consider their information to be essential to the operation. So, as Information Technology (IT), in general, contributes a larger and more noticeable role in driving business success, senior executives are under mounting pressure to clearly demonstrate the business value of IT, and to prove that IT investments can generate a positive return while supporting business objectives (Sarvanan and Kohli, 2000 ). Despite of a lot of talk about business alignment of ICT, a permanent link between the mandates of business and IT management remains yet to be established, even in organizations well aware of their information management and the business alignment issue (Pulkkinen and Hirvonen, 2005).
The past few years witnessed an increased attention to many standards and worldwide accepted frameworks that support the assessment and the implementation of IT governance in various organizations. These include:
- 1.
Control Objectives for Information and Related Technology (COBIT) with a focus on the IT processes in organizations;
- 2.
Information Technology Infrastructure Library (ITIL) with a focus on IT service management; and
- 3.
ISO/IEC 17799:2000 which is an information security standard.
The objectives, the scope, and the structure of each framework vary considerably. But, these all aim toward – or can be used for – improving IT governance in organizations.
Corporate governance is “a general term that is defined as “the system by which companies are directed and controlled” (Cadbury Report, 1992). Among the various aspects of corporate governance, IT governance is the one responsible for guaranteeing the effective alignment between use of (and investments in) IT and organization’s business objectives. IT governance is, thus, a subset regulation of Corporate Governance (Dellit, 2002; Hamaker, 2003), which is focused on IT systems and their performance and risk management and it has developed into a discipline of its own. IT governance provides “specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT,” (Weill and Ross, 2004) and is “an integral part of enterprise governance and consists of the leadership and organizational structures and processes to ensure that the organization sustains and extends its strategy and objectives.” (ITGI, 2000)
The value of IT governance to corporate governance has raised based on the understanding that the most important IT issues in the near future are not technology-related, but governance-related (Guldentops 2002), IT governance is the capability of organization’s senior management to direct, measure and evaluate the use of IT resources to support the achievement of the organization’s strategic goals (Gray, 2004).
The primary goal for IT governance is to (1) ensure that the money invested in IT would be able to produce the expected business value, and (2) ensure the risks associated with IT are well mitigated (Williams, 2006). Good IT governance system can help organizations manage their IT internal and external costs by running efficient IT processes, aligning these processes with business objectives, introducing needed control and monitoring these processes to provide better visibility and feedback over IT (Gray, 2004).
Among various IT governance frameworks and standards, COBIT has shown as a strong and powerful framework and has been used increasingly by many organizations in public and private sectors throughout the world. COBIT was developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) in 1992. The first edition of COBIT was published in 1996, COBIT was intended to serve as an IT process and control framework linking IT to business requirements, the 2nd edition was published in 1998. Since then, COBIT is being used as a framework for IT governance, providing management tools such as metrics and maturity models to complement the control framework.