An Empirical Study to Measure the Impact of Information Technology Governance Under the Control Objectives for Information and Related Technologies on Financial Performance

Purpose: To determine the effect of information technology governance (ITG) under the control objectives for information and related technologies (COBIT) on financial performance is the objective of this study. Additionally, the article seeks to look into the relationships between the factors under consideration.   Theoretical framework: Information technology and operational processes are evaluated and ensure their compliance with the instructions of the Central Bank of Iraq. Therefore, the research dealt with a conceptual framework by reviewing the literature on the importance of the COBIT framework in assessing financial performance.   Design/methodology/approach: To investigate the effect of information technology; we the value-added intellectual coefficient approach and a defined corporate governance index were utilized. The performance of the company was assessed using operating efficiency ratio and Economic value Added (EVA).   Findings: the results Show there are the high level of application of ITG in the banks listed in the Iraqi stock exchange. Also, we found the effectiveness of ITG under the COBIT framework in banking financial performance.   Research, Practical & Social implications: The findings should inform practitioners and legislative institutions of the necessity to follow strong COBIT procedures and enhance the effectiveness of IT to produce a better financial performance for firms.   Originality/value: the study is among the first to consider the casual connections and how COBIT policies for ITG affect financial performance in the setting of Iraq

Developing the concept of Individual IT Culture and its Impact on IT Risk Management Implementation

Organisational implementations of IT risk management (IT-RM) frameworks often fail due to cultural forces. This work-in-progress study focuses on the action of IT individuals involved with IT-RM implementations. Particularly, this research steps outside the conventional factor analytic perspective of IT risk management research by focusing on contextual and processual elements as well as the actions and interpretations of managers to explain successful implementations. A series of case studies were designed around semi-structured in-depth interviews with IT managers. Grounded theory-like analysis of the case text produced a structure of conceptual categories and themes depicting the successful implementation of an IT-RM framework

The Role of Compliance Requirements in IT Governance Implementation: An Empirical Study Based on COBIT 2019

Rooted in the conformance perspective of IT governance, this paper sets out to research the role of compliance requirements in IT governance implementation, and to shed light on what aspects (i.e., processes) of IT governance are important under different levels of compliance requirements. Based on a large and diverse sample of organizations (N=2566), our results indicate that IT governance implementation level (over five different process domains) consistently goes up with increasing compliance requirements, and that these jumps in IT governance implementation levels are always statistically significant. Moreover, we identify the IT governance processes that are of primary importance for each level of compliance requirements

IT Risk Management Implementation as Socio-Technical Change: A Process Approach

This study introduces a new process for implementing risk management in IT departments, promoting a socio-technical change approach. This research steps outside the conventional factor analytic perspective of IT risk management by embedding contextual and processual elements (e.g. socio-technical interactions and interpretations) to explain successful implementations. Adopting a multi-case approach for obtaining richer data from a problem domain, we outline new details of an implementation process. The proposed process model represents how these elements work together to produce a successful outcome. Grounded theory-like analysis of the case findings helped us to understand and explore conceptual categories and themes that are relevant to the proposed process. By developing the conceptual model of IT risk management implementation with a socio-technical perspective, we generate a set of propositions in this paper that explains the dynamic nature of IT implementation

IT governance matter: A structured literature review

The aim of this paper is to critically explore information technology governance (ITG) context, its consequences, its various aspects, its determinants, disclosure, maturity, and challenges. There are some motivations that urge the researchers to carry out this study. First, the review of prior relevant literature reveals a limited number of studies addressing the IT governance context, its consequences, its various aspects, its determinants, and challenges. Second, very little is known about the potential implications of IT governance within the business and how it is significant to the decision-makers (e.g., shareholders, board of directors, executives, etc.). Finally, little research employs the structured literature review (SLR) approach to critically discuss and analyze the IT governance context with its various aspects. The systematic and structured literature review has been employed for a critical analysis of the previous studies on IT governance. It is found that effective ITG has a positive impact on the firm performance in consistent with Altemimi and Zakaria (2017), Hulme (2012). Additionally, it is concluded that there is a positive association between ITG, the trustworthiness and the level of financial disclosure agreeing with (Raghupathi, 2007; Ali & Green, 2007). It is also concluded that the level of ITG disclosure is higher within firms in Europe (67%) than in the US (49%) complementing with Joshi et al. (2013). The adoption of the SLR methodology enables this paper to derive unbiased empirical insights and critique into the current ITG research and to identify possible directions for future ITG research, which may possibly be of interest to the academics, regulators, and professional bodies (e.g., shareholders, board of directors, executives, etc.)

Investigating the relation between legal disclosure environments and IT governance transparency

The relevance of information technology has steadily increased over past decades. As a result, corporate disclosure about IT governance aspects is of considerable interest to investors. Despite such disclosure being voluntary and not enforced by law, this research investigates whether there is any relation between varying legal disclosure environments and the level of IT governance disclosure by companies. To investigate this relationship, 48 companies´ 2015 annual reports are analysed in accordance with an IT governance disclosure framework previously constructed by Bollen et al. (2013). Moreover, the World Bank’s Business Extent of Disclosure Index is used as a proxy for legal disclosure environments. The results imply no significant relation between legal disclosure environments and the level of IT governance disclosure which indicates that other factors on the industry and firm-level play a more significant role in determining the level of IT governance disclosure

Exploring the Contemporary State of Information Technology Governance Transparency in Indonesian Firms

Organizations are placing greater importance on utilizing Information Technology (IT), and efficiently administrating IT resources is crucial for attaining strategic objectives and minimizing IT-related hazards. Nevertheless, there needs to be more comprehension regarding the current status of transparency in IT governance among Indonesian organizations. This study aims to examine the present condition of IT governance disclosure and analyze how the level of IT usage and ownership structure influence the transparency of IT governance in Indonesia. The data collection process will comprise conducting content research on the 2021 annual reports of different organizations using the qualitative analysis approach. This method will investigate high-tier listed corporations, non-listed companies, and low-tier non-listed companies. The study's discoveries will offer significant perspectives for policymakers, managers, and academics, aiding businesses in formulating effective strategies to enhance transparency and IT governance practices. Consequently, this will result in improved organizational performance

Exploring the contemporary state of information technology governance transparency in Belgian firms

This article provides an exploratory insight in the contemporary state of IT governance transparency in Belgian firms. Our findings show that Belgian firms exhibit low IT governance disclosure rates in general. We also find preliminary evidence that IT governance disclosure is positively related to IT usage intensity for listed firms, and that listed firms tend to be more concerned with disclosing on their IT governance compared to non-listed firms, given a comparable level of IT usage intensity

Towards the development of a COBIT 5-driven IT audit framework

In recent years, given the increased investments in Information Technology (IT), and its pervasive usage in business environment, the need to ensure that IT decisions are in the interest of shareholders led practitioners and researchers to focus on Enterprise Governance of IT (EGIT). EGIT involves implementing mechanisms that ensure that IT risks are duly mitigated, and that the IT investments are yielding the expected returns for enterprise owners. For the mechanisms to work as intended, there is the need for regular auditing; however, past literature and practitioner reports have confirmed that auditors do not audit governance mechanisms to the expectation of shareholders. Within the Ghanaian Financial services sector, failures in EGIT resulted in the collapse of several organisations which made stakeholders question the role played by auditors. The purpose of this study was to examine EGIT from the perspective of the auditor, develop an audit framework based on COBIT 5 and understand how auditors can be 'critical partners’ to ensure EGIT effectiveness. To provide a better understanding of the EGIT phenomenon, a theoretical framework based on the integration of six theoretical perspectives was presented to provide a holistic view of EGIT and how auditors can add value. The theoretical framework argued in line with organisational theorists that to achieve positive outcomes, governance mechanisms must be implemented in a coherent whole and analysed as a configuration. As such the study adopted the configurational theory to analyse the coherence of the governance mechanisms. Based on the theoretical framework and the configurational theory, a conceptual framework was developed to guide the research. The thesis proposed that the greater the level of coherence among the governance mechanisms, the higher the level of EGIT effectiveness, and that the audit of EGIT will improve the maturity of the governance mechanisms and its coherence. The pragmatic philosophic stance was adopted, utilising qualitative and quantitative methods to answer the research question. The Peffers, Tuunanen, Rothenberger, & Chatterjee, (2008) design science research methodology guided the identification of the problem and the development of an artefact that can aid IT auditors by providing them with an adequate scope for EGIT audits and reduce the audit detection risks. An Exploratory Focus Group (EFG) and a Confirmatory Focus Group (CFG) were employed in the development of the artefact. In addition, a survey instrument was utilised to gather data about the governance maturity of the case organisations prior to and after the usage of the artefact. Cluster analysis based on the concept of 'coherence as a gestalt’ produced cluster solutions revealing the nature of the configuration that resulted in positive outcomes. Post-Hoc analysis was used in the summative evaluation of the artefact to measure the statistically significant changes that occurred in the governance maturity after the use of the artefact. The findings revealed that regular auditing of EGIT mechanisms can lead to significant improvement in several governance mechanisms as postulated. It also revealed that to attain positive outcomes, there is the need for a coherent implementation of governance mechanisms with emphasis on technology which can be the driving force in a fast-changing environment. This result was contrary to existing literature about EGIT that suggested the overarching importance of leadership to drive change in the attainment of EGIT objectives. The findings show that with the right systems and technologies, IT can provide decision makers with timely information that would increase the utility of the decisions. The study makes significant contributions to knowledge by providing insights into EGIT and IT auditing which is an under-researched area. One key theoretical contribution was the integrative theoretical framework that provides theoretical underpinnings to EGIT, which has previously been studied descriptively and provides a holistic view of the complex phenomenon. The study also confirms the configurational theory and advances knowledge by proving that in the context of EGIT, the combination of the various mechanisms does influence the whole and the outcomes. Concerning the contribution to practice, the study resulted in the development of an IT auditing artefact that is based on COBIT 5, a widely accepted industry framework for EGIT, and contextualised with the regulatory needs of the Ghanaian Financial Services sector. With this tool, IT auditors can develop an audit plan that provides assurance of key governance areas and so reduce the audit risk of not detecting a non-existence or weak control in an organisation’s EGIT practices. The tool can be used by regulatory auditors who were complicit in the EGIT failures that occurred in the sector to provide adequate supervision. Further discussion on the theoretical, practical and methodological contributions are set out in this thesis along with the limitations of the study and recommendations for future research