COBIT 5: an evolutionary framework and only framework

to address the governance and management of

enterprise IT
Slindile Khanyile
64 Jasper Hill, 309 1st Road
Midrand, 1686
+2772 026 2656

Hanifa Abdullah
University of South Africa (UNISA)
P.O. Box 392
UNISA
0003

41998669@mylife.unisa.ac.za

abdulh@unisa.ac.za

ABSTRACT

1.

In many organizations, Information Technology (IT) has

become vital in the support, sustainability and growth of the
business. This pervasive use of technology has created a
dependency on IT that calls for a specific focus on IT
Governance. IT Governance is an integral part of enterprise
governance exercised by the Board overseeing the definition
and implementation of processes, structures and relational
mechanism in the organization. This enables both the business
and IT people to execute their responsibilities in support of
business/IT alignment and the creation of business value from
IT-enabled business investments. When approaching IT
Governance, there are a number of frameworks, maintained by
various governing bodies. The focus of this paper will be on the
COBIT 5 framework as this framework concerns the
governance and management of enterprise information. In order
to operate a business both governance and management is
needed.

Originally, Information Technology was implemented to

automate processes of enterprises and enable gains in
productivity [1]. Over the years, IT has become the backbone
of businesses to the point where it is impossible for many to
function without it [2]. More and more organizations are
becoming increasingly dependent on a broad range of
technologies to manage and grow their business. IT is an
integral part of most organizations today and will certainly
become more critical in the future [3]. It is for this reason that
organizations are now increasingly concerned about the
accountability for making decisions around the use of IT in the
best interest of the board, executives and all other stakeholders.

The Control Objectives for Information and related Technology

(COBIT) framework has become a globally accepted standard
for IT governance. COBIT 5 is a major strategic improvement
for ISACA, providing the next generation of ISACAs guidance
on the enterprise governance of IT. Building on the more than
15 years of practical usage and application of COBIT by many
enterprises and users from the business, IT, security and
assurance communities, COBIT 5 is designed to meet the
current needs of stakeholders and align with the most up-todate thinking in enterprise governance and IT management
techniques.

Categories and Subject Descriptors

K.6.0 [Management
Systems]

of

Computing

and

Information

General Terms
Management,
Measurement,
Standardization, Theory

Documentation,

Security,

INTRODUCTION

This has brought about an increased focus on IT governance.

While there is no single, complete, off-the-shelf IT governance
framework, there are a number of frameworks available that
can serve as useful starting points for developing a governance
model. Most of the existing frameworks are complementary,
with strengths in different areas and so a mix-and match
approach is often taken [4].
Weill and Ross state that in order to operate a business, it is
necessary to have both good governance and management. [5]
The difference between governance and management is that
governance is about who makes the decisions whereas
management has to do with making and implementing the
decisions. Tracker supports this assertion by stating, "If
management is about running the business, governance is about
seeing that it is run properly. All companies thus require
management as well as governance." [6]. ITIL and ISO 17799
only address governance whereas COBIT 5 addresses both
governance and management, thus making it a comprehensive
framework for operating an organization.
This paper looks at how frameworks help organizations achieve
IT governance with COBIT 5 being the focus because of its
completeness. It makes a detailed examination of COBIT 5s
history, framework, benefits, principles, domains and
processes, implementation and changes from COBIT 4.1.

Keywords
IT Governance, IT Management, COBIT, Val IT, Risk IT,
ITIL, ISO

2.

IT GOVERNANCE

Gartner defines IT governance as the set of processes that

ensure the effective and efficient use of IT enabling an

organization to achieve its goals. IT is an integral part of

enterprise governance and consists of the leadership and
organizational structures and processes that ensure the
organizations IT sustains and extends the organizations
strategies and objectives [7].
Doughty defines IT governance to be a framework that supports
the effective and efficient management of information
resources (e.g. people, funding and information) to facilitate the
achievement of corporate objectives. The focus is on the
measurement and management of IT performance to ensure that
the risks and costs associated with IT are appropriately
controlled [7].
Gartner states that IT governance addresses two major topics:
IT demand governance (doing the right thing) and IT supplyside governance (doing things right).
These three definitions, although they are defining the same
thing are similar yet distinct. This leads to the conclusion that
there is more than one school of thought when it comes to IT
governance. Musson states that there are three principal schools
of thoughts on IT governance which are IT governance as a
framework or an audit process, IT governance as IT decisionmaking and IT governance as a branch of corporate governance
[31].
The focus of this paper is on COBIT 5 framework and how it
covers both the governance and management of IT.

3.

IT
GOVERNANCE
AND
MANAGEMENT FRAMEWORK

The following section will provide an overview of the Cobit 5

framework.

3.1

COBIT

The Control Objectives for Information and Related

Technology (COBIT) has become a globally accepted standard
for IT governance, created by the Information Systems Audit
and Control Association (now known as simply ISACA) and
the IT Governance Institute (ITGI) in 1996 [8]. COBIT 5 is an
end-to-end umbrella framework that pulls together many
existing frameworks that is designed to meet the current needs
of stakeholders and align with the most up-to-date thinking in
enterprise governance and IT management techniques.
COBIT 5 concerns the governance and management of
enterprise information. It is more than IT governance and
includes information governance. It also adopts the ISO 38500
view that both IT governance and IT management are required
and uses the Evaluate, Direct and Monitor model of ISO 38500
[32].
COBIT 5 addresses both IT and business functional areas
across the enterprise and considers the IT related interests of all
stakeholders. It helps organizations to create value to IT
investments by maintaining a balance between optimizing risk
levels and realizing benefits.

3.1.1

Background of COBIT 5

COBIT
has
had
the
following
major
releases:
In 1996, the first edition of COBIT was released.
In 1998, the second edition added Management Guidelines.
In
2000,
the
third
edition
was
released.
In
2003,
an
on-line
version
became available.
In December 2005, the fourth edition was initially released and
in May 2007, the 4.1 revision was released [16]. COBIT 5 was
released in April 2012; it addresses governance and
management of enterprise IT.
COBIT 5 combines COBIT 4.1, Val IT 2.0 and Risk IT as well
as concepts from the Business Model for Information for a
detailed framework for the effective governance and
management of IT enabled business [18]. While COBIT 4.1
ensures that IT is working as effectively as possible to
maximize the benefits of technology investment, Val IT helps
enterprises make better decisions about where to invest,
ensuring that the investment is consistent with the business
strategy. Similarly, COBIT 4.1 provides a set of controls to
mitigate IT risk in IT processes whilst Risk IT provides a
framework for enterprises to identify, govern and manage ITrelated risks.
COBIT 5 also aligns itself at a high level with existing
frameworks such as ITIL and TOGAF, PMBOK, PRINCE 2
and ISO which makes it an umbrella for governance and
management or IT [18].

3.1.2

Drivers of COBIT 5

COBIT 4.1 was widely accepted across the IT community as

the framework for IT governance. However following an
extensive review of the stakeholders, a number of drivers were
identified leading to the development of COBIT 5. These
drivers included [19].

The requirement to help stakeholders to understand how

various frameworks, good practices and standards can be
used together.

The need to ensure that the scope covers the full end-toend business and functional IT responsibilities, as well as
the need to cover all aspects that lead to effective IT
governance and management of enterprise IT.

The need to provide further guidance in high areas of

interest, such as enterprise architecture, asset and service
management, management of IT innovation and emerging
technologies.

The need to link together and reinforce all major ISACA

research, frameworks and guidance i.e. COBIT, Val IT
and Risk IT.

The need to connect to and align with (where relevant)

with other major frameworks and standards such as ITIL,
TOGAF, PMBOK, PRINCE 2 and ISO.

3.1.3

Benefits of implementing COBIT 5

According to the IT Governance Institute, when looking at

business outcomes of the Governance of Enterprise IT (GEIT),
companies who have implemented COBIT 5 are experiencing
improved management of IT- related risk, improved

communication and relationships between business and IT,

lower IT costs, improved IT delivery of business objectives and
improved competitiveness [20].
COBIT 5 provides a clear distinction between governance and
management of IT, providing a holistic view of the enterprise
which covers the business and IT from end-to-end and enables
the effective governance and management of enterprise IT
assets [21]. It enables business user satisfaction with IT
engagement to the business to achieve business objectives [22].
COBIT 5 also provides an easy to access Process Reference
Guide at the same level of detail because it consolidates all
previous research of ISACA [21].

3.1.4

COBIT 5 Principles

COBIT 5 is built on 5 key principles for the governance and

management of enterprise Information Technology [18]. The
following section provides an overview of the principles.
Principle 1: Meeting Stakeholder Needs
Enterprises exist to create value for their stakeholders; therefore
value creation is a governance objective for any enterprise.
Value creation means realizing benefits at an optimal resource
cost whilst optimizing risk.
Principle 2: Covering the Enterprise End-to-End
COBIT 5 integrates the governance of enterprise IT into
enterprise governance; it therefore covers the organization
holistically, the focus is not just on the IT function. It also
covers the enterprise end to end for all matters relating to IT
thereby providing a basis to effectively integrate other
frameworks, standards and practices used.

types of activities and require different organizational

structures.
Governance ensures that stakeholder needs, conditions and
options are evaluated to determine balanced, agreed-on
enterprise objectives to be achieved; setting direction through
prioritization and decision making; and monitoring
performance and compliance against agreed-on direction and
objectives (EDM)
Management plans builds runs and monitors activities in
alignment with the direction set by the governance body to
achieve the enterprise objectives (PBRM).

3.1.5

COBIT5 Domains and Processes

COBIT 5 has 5 domains which are divided into governance and

management domains; each domain has processes which enable
it to achieve its objective(s) [18]. One domain addresses the
governance and the other four domains cover management.
The governance of enterprise IT (EDM) domain contains five
processes within each process, evaluate, direct and monitor
practices are defined.
The management of enterprise IT domains are in line with the
responsibility areas of plan, build, run and monitor. The 32
processes in these for domains are broken up as follows:

Align, Plan and Organize (APO): 13 processes

Build, Acquire and Implement (BAI): 10 processes

Deliver, Service and Support (DSS): 6 processes

Monitor, Evaluate and Assess (MEA): 3 processes

3.1.5.1 Governance of Enterprise IT

Principle 3: Applying a Single Integrated Framework
Most IT related standards and best practices only address a
certain portion of IT activities, COBIT aligns with other
relevant standards and frameworks at a high level thereby
making it an overarching framework for governance and
management of enterprise IT
Principle 4: Enabling a Holistic Approach
Effective governance and management of enterprise IT requires
a holistic approach to IT, COBIT 5 implements comprehensive
governance and management of enterprise IT through enablers.
Enablers are things that enable the enterprise to achieve its
objectives. COBIT 5 defines 7 categories of enablers:

Principles, Policies and Frameworks

Processes

Organizational Structures

Culture, Ethics and Behavior

Information

Services, Infrastructure and Applications

People, Skills and Competencies

Principle 5: Separating Governance from Management
The COBIT 5 framework makes a clear distinction between
governance and management. These two disciplines
fundamentally serve a different purpose, each include different

The following table lists the high-level IT processes for the

EDM domain.
Table 1 High Level Processes for the EDM Domains
Ensure Governance Framework Setting and
EDM01
Maintenance
Ensure Benefits Delivery
EDM02
Ensure Risk Optimization
EDM03
Ensure Resource Optimization
EDM04
Ensure Stakeholder Transparency
EDM05

3.1.5.2 Management of Enterprise IT

The following sections examine the four domains and the
processes that fall under the management of enterprise IT [23]

3.1.5.2.1 Align, Plan and Organize (APO)

The Planning and Organization domain covers the use of
information and technology and how best it can be used in an
organization to help achieve the organizations goals and
objectives. It also highlights the organizational and
infrastructural form IT is to take in order to achieve the optimal
results and to generate the most benefits from the use of IT.
The following table lists the high-level IT processes for the
APO domain.

Table 2 High Level IT Processes for the APO Domain

APO01
Manage the IT Management Framework
APO02
Manage Strategy
APO03
Manage Enterprise Architecture
APO04
Manage Innovation
APO05
Manage Portfolio
APO06
Manage Budget and Costs
APO07
Manage Human Relations
APO08
Manage Relationships
APO09
Manage Service Agreements
APO10
Manage Suppliers
APO11
Manage Quality
APO12
Manage Risk
APO13
Manage Security

3.1.5.2.2

Build, Acquire and Implement (BAI)

The Build, Acquire and Implement domain covers identifying

IT requirements, acquiring the technology, and implementing it
within the companys current business processes.
The following table lists the high level control objectives for
the BAI domain.
Table 3 High-level Processes for the BAI Domain
BAI01
Manage Programs and Projects
BAI02
Manage Requirements Definition
BAI03
Manage Solutions Identification and Build
BAI04
Manage Availability and Capacity
BAI05
Manage Organizational Change Enablement
BAI06
Manage Changes
BAI07
Manage Changes Acceptance and Transitioning
BAI08
Manage Knowledge
BAI09
Manage Assets
BAI10
Manage Configuration

3.1.5.2.3 Deliver, Service and Support (DSS)

The Deliver, Service and Support domain focuses on the
delivery aspects of the information technology. It covers areas
such as the execution of the applications within the IT system
and its results, as well as, the support processes that enable the
effective and efficient execution of these IT systems.
The following table lists the high level control objectives for
the DSS domain.
Table 4 High-level Processes for the DSS Domain
DSS01
Manage Operations
DSS02
Manage Service Requests and Incidents
DSS03
Manage Problems
DSS04
Manage Continuity
DSS05
Manage Security Services
DSS06
Manage Business Process Controls

3.1.5.2.4

Monitor, Evaluate and Assess (MEA)

The Monitor, Evaluate and Assess domain deals with a

companys strategy in assessing the needs of the company and
whether or not the current IT system still meets the objectives
for which it was designed and the controls necessary to comply

with regulatory requirements. Monitoring also covers the issue

of an independent assessment of the effectiveness of IT system
in its ability to meet business objectives and the companys
control processes by internal and external auditors.
The following table lists the high level control objectives for
the MEA domain.
Table 5 High-level Processes for the MEA Domains
MEA01
Monitor, Evaluate and Assess Performance and
Conformance
MEA02
Monitor, Evaluate and Assess the System of
Internal Control
MEA03
Evaluate and Assess Compliance with External
Requirements

3.1.6

Implementing COBIT 5

COBIT 5 builds on previous versions of COBIT, Val IT and

Risk IT. Enterprises can build on the work they have put into
their previous version of COBIT [24].
When implementing COBIT 5, the organization must determine
which stakeholder interests have priority, what their
expectations are, what the IT functions capability to satisfy
these expectations are and who is accountable for doing so.
This requires knowledge about the underlying processes and
management system that supports the IT function to deliver the
services and performance expected [24].
Upgrading existing implementations of the COBIT 4.1 process
model will require minor adjustments such as combining
existing processes and moving practices between processes
[18].

3.1.6.1 Changes from COBIT 4.1

The following section provides an overview of the changes
from COBIT 4.1 [25].
Stakeholder Expectations and Value Driven:
The main driver behind COBIT 5 is stakeholder expectations
and values. These changes ensure that the needs of both internal
and external customers are considered in addition to the
enterprise strategy and goals which are emphasized in COBIT
4.1 for benefits realization, risk balancing and cost
optimization.
Domain Areas:
COBIT 5 has five domains under governance and management.
The governance section provides guidance on evaluation,
direction and monitoring of IT processes and is aligned with the
ISO38500 standard for corporate governance of information
technology. The management domains are in line with the four
equivalent domains of COBIT 4.1.
Process Model and Areas:
COBIT 5 has 36 processes (COBIT 4.1 has 34). A few
processes from COBIT 4.1 are merged in COBIT 5 and some
single processes from COBIT 4.1 are split to form separate
processes in COBIT 5 to allow for more specific guidance. For

example, ME4 Provide it Governance from COBIT 4.1 is

split into five separate processes (EDM1 to EDM5) under the
new Governance Domain. Two new processes are introduced:

AP01- Define Management Framework for IT

BA18 Knowledge Management.

Integrated Framework:
Different frameworks such as Val IT, Risk IT, BMIS, ITAF and
relevant data points from various standards and best practices
from organization such as ISO, ITIL, PMBOK, TOGAF and
COBIT 4.1 are consolidated into a single framework providing
a single source of guidance. This integration will support a
holistic view of management and governance in the enterprise.
Capability/Maturity Model:
COBIT 4.1 has a process maturity model to assess the maturity
of current state of enterprise and identify the steps to improve
the process to achieve desired maturity level. This older
maturity model is replaced by a process capability model based
on ISO 15504 which is a software process assessment standard.
Capability-level names are adopted from that standard. The
new levels for the capability and maturity model are mentioned
in section 3.3.4.

3
4

Goals Cascade:
COBIT 5 provides a link between stakeholders expectations
and practical goals providing more specific details. IT goals are
derived from enterprise business goals, which in turn are
derived from stakeholder expectations and values. This goal
linkage is represented as a goal cascade in 5.
Enablers:
COBIT 5 has seven categories of interrelated enablers and is
driven by the goal cascade. The seven enablers for achieving
enterprise goals are

Principles, Policies and Frameworks

Processes

Organizational Structures

Culture, Ethics and Behavior

Information

Services, Infrastructure and Applications

People, Skills and Competencies

Control Objectives:
Unlike the 210 control objectives in COBIT 4.1, there is no
separate mention of control objectives in 5; such objectives are
part of 208 management and governance practices. COBIT 5 is
driven by stakeholder needs and not primarily by best practices.
Summary of Changes:
The following table summarizes the significant differences
between COBIT 4.1 and COBIT 5 [27].
Table 6 Summary of Changes
Section Parameter
COBIT 4.1
1
Best Practice
Driver
2

Domain
Areas

4 Domain Areas

COBIT 5
Stakeholder
Expectation
5
Domain
Areas through

Process
Areas
Framework

34 Processes

Capability/
Maturity
Model
Goals
Cascade

Maturity Models

Enablers
Control
Objectives

4.

Only COBIT 4.1

Framework

IT goals are
derived
from
business goals of
maintaining
enterprise
reputation
and
leadership
No mention of
enablers
210
Control
Objectives

HOW COBIT
GOVERNANCE

name
are
different , they
align with the
domains in 4.1
36 Processes
Integrated
framework
Val IT, Risk
IT,
ITAF,
BMIS etc. with
COBIT 4.1
Process
Capability
Model
IT goals are
derived from
stakeholder
needs
and
expectations

Identified
7
enablers
No
separate
mention
of
control
objectives but
included
as
part
of
Management
and
Governance
Practices

ACHIEVES

IT

The COBIT 5 Evaluate, Direct and Monitor (EDM) process set

is designed to govern and encapsulate the processes of all other
management processes. This major upgrade in COBIT 5 is
intended to increase awareness of the need for a structured
governance framework for all organizations at an enterprisewide level, from operations to the strategic board [26].
Governance practices are considered at their best when they are
linked and embedded as continuous management life cycles,
such as enterprise risk management, in all processes within an.
In the past the distinction between governance and management
has been blurry, adopting COBIT 5 is an opportunity to clarify
and address the difference.

5.

CONCLUSION

COBIT 5 is the only framework that addresses governance and

management of enterprise IT. There are lots of opportunities for
future research as COBIT 5 is still very new.

6.

REFERENCES

[1] STACHTCHENKO, P. 2008. Value Management Guidance

for Assurance Professionals: Using Val IT 2.0. Rolling
Meadows, IL: ISACA.
[2] VAN GREMBERGEN,G., DE HAES, S. 2008. Analysing
the Relationship between IT Governance and Business/ IT
Alignment Maturity. In: Proceedings of the 41st Hawaii
International Conference on System Science, January
2008, IEEE Computer Society,Waikoloa, HI, 428.
[3] SELIG, G. 2006. IT Governance An Integrated
Framework and Roadmap: How to Plan, Deploy and
Sustain
for
Competitive
Advantage.
http://www.ca.com/files/whitepapers/it_governance_white
paper.pdf
[4] SYMONS, C. 2005. IT Governance Framework. Forrester.
http://i.bnet.com/whitepapers/051103656300.pdf
[5] WEILL, P. & ROSS, J. W. 2004. IT Governance: How Top
Performers Manage IT Decision Rights for Superior
Results. Harvard Business Press.
[6] TRICKER, R. 1984. Corporate Governance: Practices.
Procedures and Powers in British Companies and Their
Boards of Directors. Gower Publishing, Aldershot.
[7] DOUGHTY, K.. 2005. IT Governance: Pass or Fail?.
Information Systems Control Journal 3.
[8] HINES, G. 2005. ITIL and COBIT Similarities, Differences
and Interrelationships. ISACA. http://www.isacacentralohio.org/archive/presentations/2005_01ITIL%20and%20COBIT.pdf
[9]
ITSMF. 2007. An Introductory Overview of ITIL V3.
itSMF.
http://www.itsmfi.org/files/itSMF_ITILV3_Intro_Overvie
w_0.pdf
[10] CHAN,P., DURANT,S., GALL V., AND RAISINGHANI
M. 2009. Aligning Six Sigma and ITIL to Improve IT
Service Management. International Journal of E-Services
and Mobile Applications, 1, 2, 62-82.
[11] NABIOLLAHI, A. AND BIN SAHIBUDDIN, S. 2008.
Considering Service Strategy in ITILV3 as a Framework
for IT Governance, Information Technology International
Symposium 1, August 2008, IEEE Computer Society,
Kuala Lumpur, 1-5.
[12] RADOVANOVIC, D., LUCIC, D., RADOJEVIC, T. AND
SARAC, M. 2011. Information Technology Governance
COBIT model. Proceedings of the 34th International
Convention. May 2011, Opatija, 1426 1429.
[13] ISO 17799. 2005. Information Technology - Code of
Practice for Information Security Management.
[14] DEY, M., 2007. Information security management a
practical approach. Africon, 1 6.
[15] LIU, H., ZHU, Y. 2009. Measuring Effectiveness of
Information
Security
Management.
International
Symposium on Computer Network and Multimedia
Technology. January 2009, Wuhan, 1-4.
[16] SVATA, V. 2011. IS Audid Considerations in Respect of
Current Economic Environment. Journal of Systems
Integration,
02.
http://www.sijournal.org/index.php/JSI/article/viewFile/79/51

[17] SYMONS, C. 2005. IT Governance Framework. Forrester.

http://i.bnet.com/whitepapers/051103656300.pdf
[18] ISACA. COBIT 5 A Business Framework for the
Governance and Management of IT. ISACA.
http://www.isaca.org/cobit/Pages/CobitFramework.aspx
[19] PROTIVITI. 2012. ISACA Release COBIT 5: Update
Framework for the Governance and Management of IT.
Protiviti.
http://www.knowledgeleader.com/KnowledgeLeader/Cont
ent.nsf/dce93ca8c1f384d6862571420036f06c/914126f4d7
e82ec988257a08006b2133/$FILE/ISACA%20Releases%2
0COBIT%205%20Updated%20Framework%20for%20the
%20Governance%20and%20Management%20of%20IT%
20-%20Flash%20Report.pdf
[20] ISACA and ITGI. Global Status Report on the Governance
of
Entreprise
IT
(GEIT)
-2011.
ISACA.
http://www.isaca.org/KnowledgeCenter/Research/Documents/Global-Status-Report-GEIT10Jan2011-Research.pdf
[21] ITPRENEURS. 2011. COBIT 5 News and Views.
COBIT
5:
Highlights
and
Benefits.http://www.itpreneurs.com/en/thoughtleadership/knowledge-center/latest-news/item/31cobit%C3%82%C2%AE-5%C3%A2%E2%82%AC%E2%80%9C-news-and-views
[22] EMAILWIRE. 2012. EIN News. COBIT 5 Publication
Suite
now
available
for
IT
Governance.
http://www.emailwire.com/release/88980-COBIT-5Publication-Suite-now-available-from-ITGovernance.html
[23] QUALIFIED ADVICE PARTNERS. 2012. COBIT
Domains and Processes (COBIT 5/4.1). COBIT 5.
http://www.qualified-auditpartners.be/index.php?cont=463&lgn=3
[24]
IT Governance.com. 2012. COBIT 5 Implementation
Seminar.
IT
Governance.com.
http://www.itgovernance.com/cobit18-20jun.pdf
[25]
ISACA 2012. Comparing COBIT 4.1 and COBIT 5.
ISACA.
http://www.isaca.org/COBIT/Documents/Compare-with4.1.pdf
[26]
MENEVSE, A. 2011. Toward Better IT Governance
With
COBIT
5.
ISACA.
http://www.isaca.org/KnowledgeCenter/cobit/Documents/COBIT-Focus-Toward-Better-ITGovernance-with-COBIT-5.pdf
[27]
GARTNER. 2012. Update in COBIT 5 Aim for
Greater Relevance to Wider Business Audience. Analysis.
http://www.gartner.com/id=1982323
[28]
BUCKBY S., BEST P. AND STEWARD J. 2009.
The Current State of Information Technology Governance
Literature. In Information Technology Governance and
Service Management: Frameworks and Adaptations.
Aileen Cater-Steel (University of Southern Queensland
Australia), Australia, 1-43.
[29] GERRARD, M.. 2010. IT Governance: Key Initiative
Overview.
Gartner.
http://www.gartner.com/it/initiatives/pdf/KeyInitiativeOve
rview_ITGovernance.pdf.

[30] NATIONAL COMPUTING CENTRE. IT Governance

Developing a successful governance strategy. ISACA.
http://www.isaca.org/Certification/CGEIT-Certified-inthe-Governance-of-Enterprise-IT/Prepare-for-theExam/Study-Materials/Documents/Developing-aSuccessful-Governance-Strategy.pdf
[31] MUSSON, D., 2009. IT Governance: A Critical Review of
the Literature. In Information Technology Governance and
Service Management: Frameworks and Adaptations.
Aileen Cater-Steel (University of Southern Queensland
Australia), Australia, 44-62.
[32] ISACA. COBIT 5: Framework, BMIS, Implementation
and Future Information Security Guidance. ISACA.