An integrated framework to implement IT governance principles at a strategic and operational level for medium-to large- sized South African businesses
Publication of this article was funded by the Stellenbosch University Open Access Fund.
The original publication is available at http://journals.cluteonline.com/index.php/IBER
In today’s technologically advanced business environments, Information Technology (IT) has become the center of most, if not all, business activities; consequently, the King III report in South Africa dedicated a chapter to IT governance principles, making senior management responsible for implementing such principles. The King III’s implementation guidance lacks detail as to how to implement its principles. Although various guidelines in the form of IT control frameworks - models and standards - exist, it remains theoretical in nature. Companies tend to view these control frameworks on an individual basis, implementing them in an ad hoc manner, resulting in the implementation of an inefficient IT governance system that either addresses strategic areas, but not operational areas, of a business or vice versa. The purpose of this study is to develop an IT best practices integrated framework that can assist management in implementing an effective IT governance system at both a strategic and operational level. The integrated framework was developed by performing a detailed literature review of selected best practice control frameworks and its underlying processes. By combining the relevant processes of the control frameworks and aligning them to general business’ imperatives, IT governance principles can be implemented at a strategic level. By identifying and linking the relevant business imperatives and control areas to the access paths of an IT system, IT governance principles can be implemented at an operational level. By making use of the integrated framework, an IT governance system can be implemented at both a strategic and operational level.