PhD Thesis
Assessing enterprise governance of information technology using multiple reference models
— 2019
Key information
Authors:
Supervisors:
Published in
October 21, 2019
Abstract
Enterprises are increasingly making tangible and intangible investments in improving the Enterprise Governance of IT (EGIT). In support of this, enterprises are drawing upon the practical relevance of generally accepted good-practice models, hereafter called Reference Models. Approximately 315 EGIT Reference Models have been identified, and the number of these models has now increased, as have their application areas. However, the implementation of any of these models requires specific experience, knowledge, and resources, along with a high degree of effort and investment. Therefore, although compelling in theory, EGIT Reference Models can be challenging to implement in practice. As a result, while many enterprises have recognized the importance of EGIT Reference Models, many have yet to implement them. Moreover, none of the EGIT Reference Models meet all the requirements that an organization needs to satisfy to benchmark the organizational adherence to different regulations. As such, organizations need to select and implement processes from different EGIT Reference Models, and so, interoperability between different EGIT Reference Models is subsequently required. From the literature, we found and selected four research challenges to be addressed in this thesis. These research challenges were subsequently validated in practice. The research challenges follow next: • There is a lack of theoretical foundation regarding EGIT Reference Models that allows a varied interpretation of the models and leads to a lack of agreement, acceptance, and understanding of EGIT models due to its perceived complexity. • There is a lack of a comprehensive approach for integrating EGIT Models, and so, it is difficult to perform a simultaneous process assessment of multiple Reference Models. • There is a lack of a method to perform cost-effective process assessments in multi-models environments, and so, process assessments are costly and time-consuming. • There is a lack of an EGIT organizational process maturity model that is aligned with the Reference Models for EGIT and is compliant with the ISO/IEC 33000 family of standards. Using the design science research methodology as the main research methodology, several artifacts were designed, developed, demonstrated, and evaluated. To address the first research challenge, we propose the use of modeling techniques to represent EGIT Reference Models as conceptual metamodels, enabling in that way a better understanding of the main concepts of the model and their relations since these models can learn from a rigid formalization and a systematic approach. To address the second research challenge, two different approaches are proposed: In the first approach, we also propose the use of modeling techniques to map and integrate different EGIT Reference Models. In the second one, we propose an approach that through semantic similarity techniques, compares process assessment core concepts of different Reference Models. To address the third research challenge, we propose the development of an artifact in the form of a method that facilitates the selection and assessment of the processes by organizations in multi-models environments. The method was then instantiated in a software tool. Finally, in order to address the fourth research challenge, we propose an Organizational Process Maturity Model for EGIT based on the COBIT 5 PAM and compliant with the ISO/IEC 330xx family that allows organizations to assess their overall process maturity level, and improve their controls and governance practices. All the proposed artifacts can work in a standalone way to solve each research challenge defined, or they can be used together to perform a more robust process assessment, as it will be explained in this document. The evaluation of the different artifacts is grounded in a combination of several methods, including semi-structured interviews. We conclude this document with the conclusions, list of publications, limitations, and future work.
Publication details
Authors in the community:
Rafael Saraiva de Almeida
ist162573
Supervisors of this institution:
Miguel Mira da Silva
ist13948
RENATES TID
101495331
Degree Name
Doutoramento em Engenharia Informática e de Computadores
Fields of Science and Technology (FOS)
electrical-engineering-electronic-engineering-information-engineering - Electrical engineering, electronic engineering, information engineering
Publication language (ISO code)
eng - English
Rights type:
Embargo lifted
Date available:
August 26, 2020
Institution name
Instituto Superior Técnico