Exploring COBIT Processes for ITG in Saudi

Control Objectives for Information and Related Technology (COBIT) has become one of the most important guidelines for information technology governance (ITG), which provides organizations with a useful tool to start evaluating their own ITG systems. COBIT introduces an ITG framework and supporting toolset that allows IT managers to bridge the gap between control requirements, technical issues and business risks. The objective of this study is to investigate the formality, auditing, responsibility and accountability of implementing COBIT processes for ITG in Saudi organizations. An empirical survey, using a self-administered questionnaire, was conducted to achieve these objectives. Five hundred questionnaires were distributed to a sample of Saudi organizations in a selected number of Saudi cities. One hundred and twenty seven valid questionnaires – representing a 25.4 percent response rate –were collected and analyzed using the Statistical Package for Social Sciences (SPSS) version 16. While the results of the study reveal that the majority of respondents reported that implementing ITG COBIT processes and domains is the responsibility of IT departments in Saudi organizations, most of the respondents reported that the COBIT processes and domains are neither audited nor formally conducted in their organizations. From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The study provides useful information for senior management, IT managers, accountants, auditors, and academics to understand the implementation phase and the impact ofCOBIT on ITG in Saudi organizations.