• Bookmark

State and Impact of GEIT in Organizations: Key Findings of an International Study

By Steven De Haes, Ph.D., Anant Joshi, Ph.D., and Wim Van Grembergen, Ph.D.

COBIT Focus | 6 July 2015

Information and related technology are increasingly important in enabling enterprises to deliver value to their stakeholders. As a result, enterprises are increasingly making investments in their governance of enterprise IT (GEIT) and are often drawing upon the practical relevance of generally accepted good practice frameworks such as COBIT.


ISACA and Antwerp Management School (AMS) have completed an international study on how enterprises are adopting GEIT practices, seen through the lens of COBIT 5, and whether these adoptions deliver value to the enterprises. This article summarizes key findings and results of the study. A fully elaborated research report, titled Benchmarking and Business Value Assessment of COBIT 5, including detailed benchmarking results and filtered data per sector, geography and company size, will be available this month.


The research results provide benchmarking of the 7 COBIT 5 enablers and exhibit how the level of implementation of different enterprise enablers positively links to the level of enterprise IT-related goals achievement, which, in turn, is linked to the level of enterprise goals achievement (figure 1).


Figure 1—COBIT 5 Goals Cascade

Source: ISACA. Reprinted with permission.


The project was conducted as an online survey project. Business, IT and audit managers across different industries were invited to fill in an online questionnaire. To structure the survey, the questionnaire was mainly built around assessing different dimensions (i.e., importance, management/implementation status, ease of implementation, contribution) of the COBIT 5 enablers and how enterprises are currently performing against the achievement of IT-related goals and enterprise goals (figure 1).


The survey was conducted between 24 July and 1 September 2014. In total, 894 responses were used for the final analysis.


Research Results

The following sections explore key findings around the noted research questions.


What Is the Perceived Importance of the GEIT Enablers?
Each of the respondents in the survey was asked to rate the perceived importance of the GEIT enablers. The survey results suggest that all enablers are considered to be very important—with all having score averages higher than 4 on a scale of 5. This might suggest that the 7 GEIT enablers, as proposed by COBIT 5, are also seen by the market as highly relevant, as well as holistic and related to each other. Comparing the 7 enablers relative to each other, it appears that the Information enabler and People, Skills and Competencies enabler are perceived as the most important, closely followed by the Processes enabler.


How Are Organizations Implementing and/or Managing GEIT Enablers?
The survey respondents were asked to rate the status of GEIT enablers’ implementation or management. Responses showed that, on average, the Services, Infrastructure and Applications enabler and the Organizational Structures enabler are considered to be managed the best as compared to the other enablers. Enterprises also seem to struggle with managing the more human-side enablers, certainly the enabler of Culture, Ethics and Behavior, which received the lowest score in the survey. This result might be explained by the fact that managing infrastructure and applications is much more tangible as compared to managing culture and ethics and, as such, is likely easier to adopt.


In the study, a deep-dive analysis was also completed, focused on the Processes enabler specifically. Respondents assessed the status of implementation of the 37 COBIT 5 processes on a 5-point scale with a “Don’t Know” option. The scale ranges from 1 = Not Implemented to 5 = Fully Implemented.


The average implementation score for each domain is above 3, using a 1 to 5 scale, which suggests that respondents perceived that their enterprises have, on average, partly implemented processes for 5 domains. The results (figure 2) showed that for the Deliver, Service and Support (DSS) processes, the real executional type of operational and support processes, the implementation level is higher compared to other domains. Respondents indicated that the process implementation level for the Evaluate, Direct and Monitor (EDM) domain is lower compared to other domains. This might be explained by the fact that these processes require high-level executive and nonexecutive board involvement. The result is in line with other international studies that report the low involvement of boards in GEIT.


Figure 2—Overall Process Average Score

Source: ISACA. Reprinted with permission.


What Is the Perceived Ease of Implementation and/or Management of the GEIT Enablers?
Acknowledging that each enabler requires distinct enterprise resources to manage or implement, the survey respondents were requested to assess the perceived ease of implementation of each of the GEIT enablers.


The findings indicated that the Organizational Structures enabler and the Services, Infrastructure and Applications enabler are considered to be easiest to implement and/or manage. However, in line with previous question results, culture is perceived as more difficult to manage/implement than others, and the Information enabler received the lowest score in terms of ease of implementing management practices around.


Do GEIT Enablers Contribute to the Achievement of IT-related Goals and, by Extension, Enterprise Goals?
The straight line in the graph results obtained from plotting the responses to this question (figure 3) implies a positive correlation between the enabler implementation or management to the IT-related goals. This result is consistent with the proposed COBIT 5 cascade. The study results also confirm a strong positive association between achievement of IT-related goals and achievement of overall enterprise goals, which suggests that IT-related outcomes positively links to the goals of the enterprise.


Figure 3—Association Between Overall Enabler Score and IT-related Goals

Source: ISACA. Reprinted with permission.


Conclusion

The study findings suggest that professionals do perceive and experience the enablers, as proposed in COBIT 5, as valuable for implementing GEIT. Each of the COBIT 5 enablers is seen as highly important, and better implementation rates of the GEIT enabler clearly show positive correlations with the achievement of IT-related goals. It was also demonstrated that the achievement of these IT-related goals, in turn, strongly associated to the achievement of enterprise goals, which, as such, confirms the proposed conceptual cascade model in COBIT 5.


By offering the empirical evidence that governing and managing these enablers does have a positive impact on enterprise value creation, management will find it easier to support investment propositions related to GEIT.


More detailed results of this research can be obtained through Benchmarking and Business Value Assessment of COBIT 5.


Steven De Haes, Ph.D.

Is an associate professor at the University of Antwerp and Antwerp Management School (Belgium), co-editor-in-chief of the International Journal on IT/Business Alignment and Governance (IJITBAG), academic director of the IT Alignment and Governance (ITAG) Research Institute and academic director of the executive masters in IT Governance & Assurance, Enterprise IT Architecture and IT Management.


Anant Joshi, Ph.D.

Is a post-doctoral researcher at the University of Antwerp and Antwerp Management School (Belgium), and a lecturer at Maastricht University (The Netherlands).


Wim Van Grembergen, Ph.D.

Is a professor at the University of Antwerp and Antwerp Management School (Belgium), academic director of the ITAG Research Institute, and co-editor-in-chief of the IJITBAG.

Share: Email
THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA. OUR PRIVACY POLICY IS LOCATED HERE.