A Quest for Theoretical Foundations for COBIT 5

ECIME 2014 – v.1.0


Lecture on Ownership of Enterprise and Governance

This module is about the firm’s position in the economy and in society, and about the forces that shape the firm. Central themes of the course Ownership of Enterprise and Governance are the enterprise’s position in the economy and society, the forces that shape the enterprise and its IT, and the way its board leads business and IT.

Block 1 is dedicated to the topic Enterprise Models. Characteristics of the enterprise, such as ownership, size, political environment and enterprise strategy shape the governance of IT and the role of IT in achieving the enterprise’s strategic objectives. In this block, various enterprise models are discussed. After having completed this block, participants are able to assess the characteristics of an enterprise and the impact thereof on the IT function.

On Friday 31/1 – 13.30-16.45 – IT in small and medium-sized Enterprises
Teacher: Prof. dr. ir. Jan Devos, MBA

At Nyenrode Business University.




2013 in review

The WordPress.com stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 4,400 times in 2013. If it were a NYC subway train, it would take about 4 trips to carry that many people.

Click here to see the complete report.

IT Governance – A Quest for Theoretical Underpinnings of Cobit 5

COBIT, as an IT Governance framework is very well known in IS practitioners communities. It would impair the virtues of COBIT to present it only as an IT Governance framework. COBIT and certainly the most recent version COBIT 5 is so much more. COBIT analyses the complete IS function and offers normative support to manage, govern and audit IT in organizations.  However, like most practitioners frameworks and guidelines, critics rises from academic communities pointing at the absence of any theoretical foundation on which COBIT is built on. Here, I give a sneak preview of my current research on IT Governance. This work will be presented in some conference proceedings and also in a journal paper. For now, I would like to catch some comments on the ideas and concepts used in the current research project.

Together with some of my students, I conducted a research project on the theoretical underpinnings of COBIT 5. This may sound a bit awkward, but in IT, academics often lag behind practitioners. The latter cannot always wait for good normative theories to build IT artefact’s. So to say, we implemented a reverse engineering work and try to elucidate as much as possible propositions from COBIT as an empiricism. We followed a qualitative research method to develop an inductively derived theoretical framework. However our approach differs from the originally work on grounded theory by Glaser and Strauss since we have a general idea of where to begin and we make a conceptual descriptions of the empirical statements in COBIT (Glaser et al. 1967). So our data was only restructured to reveal theoretical findings.

First we looked for three theories that could be candidates for underpinning COBIT v5.0: Stakeholder Theory (ST), Principal Agent Theory (PAT) and Technology Acceptance Model (TAM).  These three theories were then classified and spelled out according the scheme of Gregor (Gregor 2006). So from each theory, several testable propositions were deduced. To keep the work controllable, we considered five processes (APO13, BAI06, DSS05, MEA03 en EDM03) and four IT goals (IT01, IT07, IT10 and IT16) from COBIT 5  (ISACA 2012).  The choice of the processes and IT goals are done according to an experienced knowledge of COBIT as well of the theories. The selected theories on the other hand are more than often used in IS research. Then we constructed a mapping table to find matching patterns. The mapping was done separately by several individuals to increase the internal validity.

We can made the following preliminary conclusions.

Although COBIT 5 was not designed in a more academic design science research arrangement, a positive match with theoretical propositions could be found, albeit reversed engineered. The theoretical foundations are there, but certainly not all empirical propositions could be mapped to theoretical ones. It is therefore very difficult to tell which of the three tested theories makes the largest contribution to COBIT. It looks as PAT and ST contributes the most. This is also due to the fact that PAT and ST are clearly other types of theories than TAM. PAT and ST are more explanatory theories while TAM is a more predictive theory. However we still have some work to do to refine the restructuring of COBIT to reveal more ‘atomic’ propositions to perform a more intense mapping.

The mapping was done for the selected processes as well as for some selected IT goals.  We could see that the presence and contribution of a theory is significantly constitute by IT goals as compared to the processes.  So the formulation of IT goals in the framework is a very important practice, that can differ largely on the implicit theoretical assumptions the author(s) took by designing COBIT 5. Since these theoretical assumptions are not well identified, we believe that other IT goals could also contribute the framework.

We can also make some suggestions for further research.

First of all, the work has to be extended to all COBIT 5 processes and IT goals. This effort is currently going on.  We can of course ask ourselves, what other theories could be considered as candidates for this theoretical reverse engineering labor? During our work we listed already some theories with good potential (e.g. Resource Based Theory,  Transaction Economic Theory, Structuration Theory…).

The pattern matching process can be refined by bringing in other assessment models based on maturity models.  An alternative and more theoretic framework could be designed by using design science research methods and starting with the most relevant IS theories. That could lead to an IT artifact that eventually could be reconciled with COBIT 5.

jan devos

Glaser, B., and Strauss, A. 1967. The Discovery of Grounded Theory: Strategies for Qualitative Research, Aldine Transactions: Chicago.

Gregor, S. 2006. “The nature of theory in information systems,” Mis Quarterly (30:3) Sep, pp 611-642.

ISACA 2012. COBIT 5 – A Business Framework for the Governance and Management of Enterprise IT, ISACA: Rolling Meadows, IL, USA.

%d bloggers like this: