Selecting IT control objectives and measuring IT control capital

Singh, H
Item type
Conference Contribution
Degree name
Journal Title
Journal ISSN
Volume Title
The Australasian Conference on Information Systems (ACIS)

COBIT is a well-known framework for IT governance, and provides an extensive list of control objectives for IT managers. However, anecdotal evidence shows that many organizations that use COBIT do not implement the entire framework. Instead, they focus their efforts on only some of COBIT’s control objectives. We argue that this could be due to the bounded rationality of IT managers, which affects their ability to assess the outcomes of control, and the diminishing returns from implementing controls, because of enforcement costs incurred to control shirking. Managers would thus find it useful if the various control objectives could be ranked, so that they could prioritize their efforts. We use network analysis to identify the most central control objectives in COBIT. We also discuss the development of a measure of “control capital” to capture the level of control an organization achieves after implementing a particular set of controls. Future research will test the empirical validity of this measure.

Governance , Control , Capital , Network analysis
Proceedings from the 21st Australasian Conference on Information Systems (ACIS 2010), Brisbane, Australia, paper 89, pp. 1-11
Rights statement
Harminder Singh © 2010. The authors assign to ACIS and educational and non-profit institutions a non-exclusive licence to use this document for personal use and in courses of instruction provided that the article is used in full and this copyright statement is reproduced. The authors also grant a non-exclusive licence to ACIS to publish this document in full in the Conference Papers and Proceedings. Those documents may be published on the World Wide Web, CD-ROM, in printed form, and on mirror sites on the World Wide Web. Any other usage is prohibited without the express permission of the authors.