AN ANALYSIS OF COBIT 5 AS A FRAMEWORK FOR THE IMPLEMENTATION OF IT GOVERNANCE WITH REFERENCE TO KING III

Download This Article

Lesego Maseko, Ben Marx ORCID logo

https://doi.org/10.22495/rgcv6i1art3

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Abstract

Owing to the complexity and general lack of understanding of information technology (“IT”), the management of IT is often treated as a separately managed value-providing asset. This has resulted in IT rarely receiving the necessary attention of the board, thus creating a disconnect between the board and IT. The King Code of Governance for South Africa 2009 (hereafter referred to as “King III”) provides principles and recommended practices for effective IT governance in order to create a greater awareness at board level. King III, however, provides no detailed guidance with regard to the practical implementation of these principles and practices. It is worth noting that numerous international guidelines are recommended within King III that can be adopted as frameworks to assist in the effective implementation of IT governance. COBIT 5 provides, as part of its governance process practices, related guidance activities linking it to the seven IT governance principles of King III, thus making it a practical framework for the implementation of King III recommendations. This study sought to establish the extent to which the governance processes, practices and activities of COBIT 5 are mapped to the recommended practices of IT governance as highlighted in King III in order to resolve COBIT 5 as the de facto framework for IT governance in terms of King III. The study found that though King III principles and practices may be interpreted as vague with regard to how to implement IT governance principles, COBIT 5 succeeds in bridging the gap between control requirements, technical issues, information systems and business risk, which consequently results in a better facilitation of IT governance. The study also revealed that COBIT 5 contains additional activities to assist the board in more transparent reporting of IT performance and conformance management to stakeholders as well activities which enable the connection of resource management with human resources and financial planning.

Keywords: Board, IT Governance, King III, COBIT 5, Governance Activities

How to cite this paper: Maseko, L., & Marx, B. (2016). An analysis of Cobit 5 as a framework for the implementation of it governance with reference to King III. Risk governance & control: financial markets & institutions, 6(1), 20-34. https://doi.org/10.22495/rgcv6i1art3