Assessment of IT Governance - A Prioritization of Cobit -

A shared view on the definition of IT governance is lacking and practitioners do not use present IT governance frameworks to support their decision-making. A commonly agreed upon definition of IT governance would be very useful and would serve the development and refinement of IT governance frameworks and assessment methodologies. This article presents an Architecture Theory Diagram, ATD, and a framework for defining IT governance based on an extensive literature study. IT governance is the preparation for, making of and implementation of IT-related decisions regarding goals, processes, people and technology on a tactical or strategic level. The framework for defining IT governance is eployed to compare how IT governance is defined in literature, and within a group of IT governance experts. Cobit is the most well-known framework for IT governance and it is frequently used by practitioners. While comparing Cobit’s definition of IT governance to the previously identified concerns of literature and practitioners, it showed that Cobit does support most needs, but lacks in providing information on how decisionmaking structures should be implemented. Background to Research IT governance is a topic that has been increasingly discussed since the mid nineties. The topic has inherited much from the discipline of corporate governance, but has developed into a discipline of its own rights. However, a shared view on important concerns and how they should be handled is missing within the field. The definitions of IT governance are broad and ambiguous which in turn implicate difficult and inaccurate assessments. Most authors agree on IT governance as a top management concern of controlling IT’s strategic impact, and the value delivered to the business c.f. (Weill 2004, ITGI 2005, De Haes 2005, Ribbers 2002). But whether the core of IT governance is a set of structures, processes and relational mechanisms (De Haes 2005), bundled performance metrics to aid IT process monitoring (ITGI 2005) or cascaded Balanced Scorecards (Kaplan 1996, Van Grembergen 2004) is not agreed upon. There is also a gap between what is stated in literature and the opinions of practitioners: The theories developed in literature are not frequently used by consultants or CIOs (Cumps 2006, Dahlberg 2006). Control Objectives for Information and related Technology, Cobit, is the most renowned framework for support of IT governance concerns (ITGI 2005, Guldentops 2004), but does it really address the concerns considered important in literature and by practitioners? Purpose. The purpose of this paper is to illustrate the differences in priority of IT governance concerns between literature, practitioners, and Cobit. The research is conducted within the