How Sustainable is COBIT 5? Insights from Theoretical Analysis and Empirical Survey Data

Increasing consideration of the concept of sustainability within information technology (IT) organizations and information systems (IS) management has lead to rising challenges regarding the application of existing, non- or partially sustainable IT process models. Although IT reference models exist within the scope of sustainable IS management, the integration of sustainability aspects into well-established IT reference models of IS management and IT governance still lacks theoretical foundation. The purpose of this paper is to explore the specificities of sustainability in the current COBIT 5 process reference model. Based on an argumentative-deductive analysis of COBIT 5, enriched with results of a survey, we examine the significance and specificities of sustainability in COBIT 5 from the user perspective. Our findings provide valuable insights referring to sustainability-related deficits of COBIT 5. Furthermore, this paper can serve as a theoretical basis for further research that eventually takes a sustainability-oriented adjustment of COBIT 5 into account

Sustainable IT Governance (SITG): Is COBIT 5 An Adequate Model?

Arguably, IT Governance should address sustainability. This study reviews a prominent IT governance framework, COBIT 5, to determine the extent to which it supports sustainability dimensions, especially as related to the acquisition, use and disposal of IT assets. Based on our analyses, we conclude that COBIT 5 does not adequately address sustainability concerns facing organizations today. The drivers, benefits, risks, and security considerations associated with sustainability in IT governance are explored in this discussion. We conclude our review with suggestions on how COBIT could be possibly be enhanced to remedy its present sustainability deficiencies

AUDIT APLIKASI PRESENSI PADA PERUSAHAAN INDUSTRI KOSMETIK MENGGUNAKAN COBIT 5

Attendance is essential for an institution or institution; it can assess employee salaries and performance. The company that will be audited is PT Anugerah Familindo Lestari, a company that distributes beauty and hair and body care products. This company's problem is that the fingerprint machine used has an error, which causes several employees who have been absent but are not recorded in the system. Therefore, to implement a sound fingerprint attendance system, it is necessary to carry out a checking activity known as an information system audit. In conducting data and observations, the study used questionnaires and interviews with related information and document confirmation. So far, the system has been implemented to support attendance procedures. In this study, the selected domains are Deliver Service and Support (DSS) domain and Monitor, Evaluate, and Assessment (MEA) domain with a focus on IT Process DSS01, DSS04, DSS05, and MEA02. Based on the research conducted, the writer found that the average level of the DSS01 domain was 1.6, the DSS04 domain was 1.7, the DSS05 domain was 1.7, and the MEA02 domain was 1.8. In all the domains studied, the level of capability of the domain is still below the expectation; the author concludes that from the results of this capability level, PT. Anugerah Familindo Lestari still has much to do with the management and maintenance of their attendance system to increase the current level of capability because it is still quite far from the level expected by this company

Managing information security risk using integrated governance risk and compliance.

This paper aims to demonstrate the building blocks of an IT Governance Risk and Compliance (IT GRC) model as well the phased stages of the optimal integration of IT GRC frameworks, standards and model through a longitudinal study. A qualitative longitudinal single case study methodology through multiple open-ended interviews were conducted over a period of four years (July 2012 to November 2015) in a retail financial institution. Our empirical study contributes to both academic research and practice in IT GRC. First, we identified the various building blocks of IT GRC domain from vertical as well as horizontal perspectives. Second, we methodologically demonstrated the gradual metamorphosis of the evolution of an IT GRC from a single ITG framework to multiple IT GRC building blocks. The journey thus throws light on the gradual staged process of attaining maturity in IT GRC by an organization. The resultant IT GRC model thus, guides managerial actions towards a better understanding of the positioning of IT GRC building blocks in an organization through the understanding of the interaction of vertical and horizontal domains. The results of the paper thus enable practitioners and academics to better understand and evaluate IT GRC implementation for effective governance, reduce risk and ensure compliance in organizations

Unsustainable Green Information Systems. An Affordance-Based Conceptualisation of Conflicting Short and Long-Term Sustainability Outcomes of Green Information Systems in Organisations

Over the past decade, research under the label of Green Information Systems (Green IS) has invested remarkable effort in examining and demonstrating the valuable role of Information Systems for environmental sustainability. Yet, so far Green IS scholars have largely neglected a more comprehensive perspective of sustainability covering not only the environmental but economic and social dimension as well. We consider this perspective relevant for research and practice as we demonstrate how these environmental initiatives might eventually lead to conflicting outcomes and negatively affect environmental user behaviour in the short and long-term. Therefore, we proffer an affordance-based framework explaining the relationship between Green IS affordances and conflicting sustainability outcomes. We further add to the current body of research by contributing a set of testable hypotheses and corresponding measurement constructs

Multi-disciplinary Green IT Archival Analysis: A Pathway for Future Studies

With the growth of information technology (IT), there is a growing global concern about the environmental impact of such technologies. As such, academics in several research disciplines consider research on green IT a vibrant theme. While the disparate knowledge in each discipline is gaining substantial momentum, we need a consolidated multi-disciplinary view of the salient findings of each research discipline for green IT research to reach its full potential. We reviewed 390 papers published on green IT from 2007 to 2015 in three disciplines: computer science, information systems and management. The prevailing literature demonstrates the value of this consolidated approach for advancing our understanding on this complex global issue of environmental sustainability. We provide an overarching theoretical perspective to consolidate multi-disciplinary findings and to encourage information systems researchers to develop an effective cumulative tradition of research

Three Essays on the Role of IT in Environmental Sustainability: Motivating Individuals to Use Green IT, Enhancing Their User Experience, and Promoting Electricity Conservation

This dissertation focuses on the role of IT in environmental sustainability and electricity conservation through three research essays. The first essay makes a case for behavior research, with the focus on individuals\u27 use of Green IT. Moreover, environmental studies lack a coherent theory that could identify the motivators of Green-IT beliefs. We develop the hedonic motivation theory, which synthesizes theoretical and philosophical thoughts on hedonism with concepts from environmental research. Using this theory, we develop a conceptual model that identifies the motivators of context-specific beliefs, attitudes, and uses of Green IT. We theorize that there are significant generational differences in the process by which hedonic motivators influence Green IT use behaviors. Young adults are more motivated by personal hedonic motivation, and an affective and automatic process, whereas older adults are motivated by a cognitive and attitudinal process. This study was carried out using a structural equation modeling method of analysis based on 702 observations of the survey data. The results support the theorized model, with significant implications. The second essay examines the design taxonomy of electricity consumption feedback applications, which are considered one of the critical technologies in alleviating the increasing trends of energy consumption and greenhouse gas emissions. We relied on an integrative theoretical framework and literature review to propose a comprehensive taxonomy for salient design elements of electricity consumption feedback applications. Using a survey method, we collected data from general public to evaluate the preference and relative importance of the design elements. We found that there is a preferred set of design elements for the feedback applications. Our results could serve as a basis to evaluate the design of existing electricity consumption feedback applications, and to help in studying the influence of design elements on beliefs and behaviors related to individuals\u27 electricity conservation. The third essay investigates the role of the salient design elements identified in the second essay, and the processes by which these elements motivate electricity consumers\u27 behaviors towards energy conservation. We developed a conceptual framework by extending the theory of planned behavior to study how salient design elements of feedback applications impact the beliefs and behaviors of individual electricity consumers. To our knowledge, this is the first study aimed at examining the relationship between electricity consumers\u27 beliefs and behaviors and the specific perceived design elements of electricity consumption feedback applications. We empirically evaluated the conceptual model by developing a mobile app and a corresponding website and conducting a controlled longitudinal lab experiment. The results indicate strong support for the premises of the model and support the significant role of personalized design elements in use behaviors and electricity conservation. Our findings show the importance of integrating descriptive social norm, personalized goal setting, and personalized privacy preferences design elements in feedback applications. This dissertation makes a number of significant contributions to theory and application. First, it develops a new theory that identifies motivators of Green IT use. It shows that the conceptualized motivators impact use behaviors though multiple paths--the cognitive and emotional automatic paths-- and are moderated by users\u27 age. Second, this work develops a taxonomy of design elements for electricity consumption feedback applications based on an integrative theoretical framework and extensive review of the existing literature. This taxonomy and the relative importance of elements in the taxonomy could serve as the standard for developing and assessing feedback application tools. Third, this work develops a conceptual model that identifies the processes by which design elements of electricity consumption feedback applications help in the conservation of electricity by individuals. Together, the three essays contribute to the sustainability and Green IT literature by uncovering the significant role of individuals in dealing with environmental threats and energy consumption challenges and by conceptualizing the different antecedents and processes that shape the perceptions and behaviors related to Green IT and electricity consumption. Moreover, the three studies extend user-centric design research by integrating insights from multiple disciplines to explain, design, create, and test innovative tools that could have a pivotal role in dealing with global sustainability challenges. This work also provides a standard for the evaluation of such tools from multiple stakeholder perspectives. Finally, the three essays contribute to practice by proposing guidelines to industry designers and policy makers for promoting sustainability and energy conservation through personalized tools and effective campaigns

Modeling a systems-based framework for effective IT auditing and assurance for less regulatory environments

Information Technology (IT) has become indispensable in contemporary business processes and in business value creation strategies. Those charged with governance, risk management and compliance are, often, challenged by sophisticated IT oriented decision-making dilemmas due to complex IT use in contemporary business processes. Investors and other stakeholders increasingly expect very rich, reliable and transparent assurance that their interests are safe. Auditors, as a result, are looked upon to expand their role to leverage the functions of those charged with governance and management. IT audit literature, hence, demonstrates existence of several best practices aimed at meeting the increasing demand for more audit and assurance outcomes that bridge the widening audit expectations gaps. In developing countries with less stringent regulatory systems, however, attempts to implement many of these frameworks have proved unsuccessful. Reasons include paucity of guidance in the frameworks and lack of suitable theoretical foundations to resort to for solutions to implementation challenges. Extant literature review reveals scanty research effort by practitioners or academicians in the field in the empirical situation to design a more suitable framework to serve as intervention. In this research an attempt has been made to create an intervention by designing a framework, i.e. an artefact for IT auditing for less regulated business environments. By adductive inference the cybernetics theory of viable systems approach was ingrained as the theoretical foundation from which the variables for the design were extracted. The abduction was based on the diagnostic power and ability to support self-regulation in a less regulatory environment. Action design research (ADR) approach was employed to achieve the research objective. Both qualitative and quantitative techniques were found to be useful for the evaluation and data analysis. At the design phase, a multiple case study method together with workshops were employed to gain insight into the problem and to collect data to support the design process. Four organisations from both public and private sectors in Ghana were selected to participate in the research. At the evaluation stage a survey technique was used to collect data mainly for the validation of construct variables and the refinement of the framework. The questionnaire scale used was 1=Strongly Disagree; 2=Disagree; 3=Somewhat Agree; 4=Agree and 5=Strongly Agree. A total of 136 respondents who included IT audit and Internal audit practitioners, Audit trainees and students, Directors and management staff were involved from four selected organisations. A factor analysis yielded twenty variables extracted from the ingrained theory for the building of a conceptual model which were grouped into six factors or domains. The entire conceptual model was tested with PLS-SEM technique because of the causal relationships that motivated the development of the conceptual hypotheses. A composite reliability used to assess the internal consistency of the model was overall adequate with values greater than 0.7. Similarly, a convergent validity of the model showed that all the variables were above the threshold value of 0.5. Thus, the model and design theory were found to be reliable and valid. Correlation and regression analysis was applied in testing individual hypotheses and the results helped to reorganise the final framework. The study contributed an artefact in the field of IT audit which represents a comprehensive teachable practitioner’s guide for the improvement of the IT audit practice. The framework also serves as guidance to those charged with governance and management in monitoring, self-review and as framework to attain IT audit readiness in less regulatory environments. Implementation challenges are expected to be resolved by reverting to the ingrained theory