CASE STUDY: THE ASSESSMENT OF MATURITY

LEVEL OF MSU-MAGUINDANAO IT GOVERNANCE

PSYCHOLOGY AND EDUCATION: A MULTIDISCIPLINARY JOURNAL

2023
Volume: 7
Pages: 932-939
Document ID: 2023PEMJ612
DOI: 10.5281/zenodo.7776129
Manuscript Accepted: 2023-25-3
Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article

Case Study: the Assessment of Maturity Level of MSU-Maguindanao IT Governance

Bai Rafsan-Zahna I. Mama*, Ma. Rowena Raguin Caguiat
For affiliations and correspondence, see the last page.
Abstract
IT governance plays a role in every SME and different organization. This study will provide an
overview of IT governance and COBIT framework. This paper is a single-case study method that aims
to evaluate the maturity level of MSU-Maguindanao IT governance, particularly with an emphasis on
the selected process under the financial management area using the COBIT 5 framework. The results
of this study verified the current overall average maturity level of IT services was on a scale of 2
(Managed Level) with a partial status compliance value of 49%. On the contrary, it was quite distant
from the projected maturity level resulting in the occurrence of the highest gap. The results convey
that the organization's IT governance was controlled and implemented but lack of consistent
documentation and well-structured policies to review, monitor, and asses the IT activities. Further, the
organization has required the creation and ratify IT governance policy mainly for IT-related
activities. A policy in a comprehensive standard operating procedure (SOP) involving process
guidelines and IT governance implementation. Along these lines, the organization will implement a
thorough detailed IT process management; On top of that, effective and good governance of IT can
speed up the achievement of any organization's objectives.

Keywords: COBIT framework, strategic plan, maturity level, assessment and IT governance

Introduction Information and Communications Technology’s

These days, advancement plays a vital role in all
organizations. The significance and reliance on
innovation imply that organizations' investment must
consider and also the risks (Mathenge, 2022).
Data framework and information technology
are getting to be basic part for any organization to
realize its objectives and become globally competitive
(Harwikarya et al., 2015). Today institutions are
increasing their IT development in order to improve
for good information technology governance.
However, lack of requirements analysis and
comprehensive of I&T utilization may cause to
difficulties within I&T development from acquiring
efficient and effective results (Ningrayati et al., 2020).
Mindanao State University – Maguindanao (MSU-
Maguindanao) is one of the eleven campuses of the
Mindanao State University System. It is one of the
state universities in the Bangsamoro Autonomous
Region in Muslim Mindanao (BARMM). As an
integral part of the MSU-System, it is committed to
uphold the integrity of MSU as a system and pursue
quality education. It is currently on high gear
envisioning to be “The Premier Innovative Center of
Development in the Region” in all its degree
programs, services to the community, and governance.
With the modernization of information and
communications technology (ICT) amenities in the
university campus, The ICT Modernization Project of
MSU-Maguindanao is anchored on the Department of
mandate by Republic Act (RA) 10844 or the DICT Act
of 2015. The IT operation, support, planning, and
management services are handled by the Center for
Information, Education, and Communication (CIEC)
division. CIEC's core function is to produce systems
and applications and operational support related to
systems, network infrastructure, internet connection,
software, and hardware.
Currently, the university is now its current state of
pursuing its modernization. Along with this, critical
points was identified such as power interruptions, poor
internet connection, network infrastructure, and HR
resources. The organization was considered expensive
when implementing IT if the component were limited
resources (Amali et al., 2020). Considering the points
encountered and stated at the established ISSP, the
assessment of financial management focus area based
on COBIT 5 and INFO-TECH research group will put
into emphasis. More so, the significance of this study
is to provide an understanding of IT governance and
COBIT framework. To grasp the gaps and to improve
future state process and services of University.
Further, the significance of ISSP is to acquire external
funds for ICT proposed projects of any public
organization. Hence, the paper highlighted a statement
as such how to assess the IT governance maturity level
of the university, with a particular emphasis on the
context of financial management focus area?
According to Lanto et al. (2020), the importance of
assessing IT performance is to identify the strength,

Mama & Caguiat 932/939

Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
weakness, opportunities, and threats (SWOT) and to
improve the quality of IT-related services. By this, the
organization can prioritize and optimize operational
activities. Information technology (IT) governance is
associates by process and structure in controlling and
achieving goals through balancing resources and risks
and benefits of I&T processes (Sihotang et al., 2019).
Research Objectives
Prior to several literature, the governance of IT is an
integral part of governance to ensure the alignment of
IT to support the objectives, goals, and strategies based
on the specific strategic planning of the organization
(Silva & Neto, 2014). The paper objective is to
determine the level of the information technology (IT)
governance of MSU-Maguindanao. Specifically, the
study aims to assess the current and expected maturity
level of the university that relates to financial
management focus area based on COBIT 5 framework
and Information Technology (INFO-TECH) Research
Group. More so, the paper wants to grasp the gap on
the identified processes in based on COBIT 5.
Further, the focus of this paper is limited to the
assessment of maturity level of IT Governance in
associates to financial management focus area, with a
particular emphasis on the COBIT 5 framework
processes, namely: EDM02 (Ensure Benefits
Delivery), EDM04 (Ensure Resource Optimization),
APO06 (Manage Budget Costs), and APO10 (Vendor
Management).
Literature Review
This section includes the information technology (IT)
governance, COBIT framework, and the information
system strategic plan (ISSP) established by the
university.
IT Governance
According to ISO/IEC 38500:2015, IT Governance
applied to various organizations (i.e., non-for-profit
organizations, public sectors, or private entities)
despite the size and regardless of the degree of their IT
utilization. Along these line, IT governance is a
framework that provides a structure for entities to align
IT strategy to business strategy (Lindros, 2017). It
gives methods to assess and determine IT performance
and how it connects to organization development (ISO,
2015). IT governance is identify by decision rights and
implementation of accountable framework to
encourage and increase the desirable condition in
Mama & Caguiat
utilizing of I&T (Wijayanti et al., 2017; Katili et al.,
2019).
COBIT Framework
COBIT or otherwise known as Control Objectives for
Information and Related Technology is an IT
Governance framework for small and large size of
non-profit organizations, entities, industry, & public
and private sectors to develop, organize, monitor,
controlling, maintaining risks and security, and
implement strategies to improve procedures and
provides a reliable information system (White, 2019;
Hanna, 2021). The framework was developed by
ISACA known as the Information Systems Audit and
Control Association year 1996. This framework's
purpose is to bridge the critical gap between IT-related
issues and business risks (Hanna, 2021) and also to
navigate the expansion of IT domains (White, 2019).
According to Chrissy (2019), ISACA released the first
version of COBIT in 1996, and different COBIT
version followed. Due to the need for IT reliability and
feedback from users, COBIT 2019 was the latest
iteration framework of technology within the business.
More so, according to D-ICT solution, COBIT 2019 is
an IT governance framework that provides directions
for IT enterprises and professionals to acquire better
outcomes by enhancing their governance management,
compliances practices, and security and risk control.
The paper will applied framework based in COBIT 5.
Considering the framework practice in relation to IT
governance would provide I&T processes to measure
and assess the university performance particularly in
financial management area. With framework, table 1
shows the identified processes with sub-process under
the following domain namely: EDM (Evaluate, Direct,
and Monitor) and APO (Align, Plan, and Organise).
According to ISACA organization, EDM is a domain
under governance objectives layer of COBIT core
model. EDM contained five (5) processes namely:
EDM01 (Ensured Governance Framework Setting and
Maintenance), EDM02 (Ensure Benefits Delivery),
EDM03 (Ensured Risk Optimization), EDM04
(Ensured Resource Optimization), EDM05 (Ensured
Stakeholder Engagement). On the other hand, APO is
another domain under management objectives layer of
framework core model. APO included fourteen (14)
processes namely: APO01 ( Managed I&T
Management Framework), APO02 (Managed
Strategy), APO03 (Managed Enterprises Architecture,
APO04 (Managed Innovation), APO05 (Managed
Portfolio), APO06 ( Managed Budget and Costs),
APO07 (Managed Human Resources), APO08
(Managed Relationships), APO09 ( Managed Service
933/939
Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
Agreements), APO10 (Managed Vendors), APO11
(Managed Quality), APO12 (Managed Risk), APO13
(Manage Security), and APO14 (Managed Data). On a
general note, the paper highlighted the processes such
as EDM02, EDM04, APO06, and APO10 to evaluate.
Table 1 below represents the financial management
including the domain, processes, and sub-process.
Under EDM domain EDM02 with three (3) sub-
processes (EDM02.1, EDM02.2, and EDM02.3) and
EDM04 with three (3) sub-processes (EDM04.1,
EDM04.2, and EDM04.3) were considered whereas
for APO domain APO06 with five (5) sub-processes
(APO06.1, APO06.2, APO06.3, APO06.4, APO06.5)
and APO10 with sub-processes (APO10.1, APO10.2,
APO10.3, APO10.4, APO10.5) was selected.
Table 1. Financial Management processes and sub-
process based in COBIT 5 framework
The paper used the range of levels based on COBIT
framework as presented in table 2 to evaluate the
maturity. The value is comprises into 6 levels such as
incomplete for level 0, initial for level 1, managed for
level 2, defined for level 3, quantitatively managed for
level 4, and optimizing for level 5 with corresponding
descriptions.
Table 2. Representation of Maturity Level (Adapted
from ISACA, 2012)
Mama & Caguiat
The table 3 presents the value and measurement to rate
the compliance status in evaluating the IT governance
achievement. Measurement represents a specific
nominal value in compliance status of the identified
processes. Indication of the following value are as
follows such as: Not (N) there is no or small evidence
of accomplishment within defined evaluated process,
Partially (P) there is evidence and systematic approach
of accomplishment in defined evaluated process;
Largely (L) there is evidence and systematic approach
of significant accomplishment in defined evaluated
process; and Fully (F) there is evidence and systematic
approach of complete accomplishment in defined
evaluated process.
Table 3. Compliance Status Measuring Rate (Adapted
from ISACA, 2012)
Information System Strategic Plan
Information Systems Strategic Plan (ISSP) will serve
as an organizational strategic plan consisting of the
agency's medium-term planning (i.e., a 3 to 5 years
plan) programs and overall strategies for its
Information and Communication Technology (ICT)
development. In accordance with the law, ISSP is
anchored to the Department of Information and
Communication Technology mandate by the Republic
Act (RA) 10844 or the DICT Act of 2015. More so,
the formulation of ISSP aims to provide a big picture
of how an agency plans to utilize ICT to uphold
organization processes, and how the organization helps
in realizing and prioritizing its mission, vision,
objectives, and goals. ISSP is divided into five parts
such as organizational profile, information system
strategy, detailed description of ICT projects,
resources requirements, and development and
investment program.
Methodology
The paper is a single-case study method as to evaluate
the IT governance in MSU-Maguindanao. This method
is a single unit of analysis (Yin, 2018) that can be
934/939
Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
utilized to assess the success of a treatment on a
specific case (Ryan & Filene, 2012). The method were
composed of six (6) stages namely: Plan, Design,
Prepare, Collect, Analyse, and Share (Yin, 2018).
More so, the paper applied the COBIT 5 framework
such as informal techniques and maturity level
assessment. The informal method as shown in table 3
is used to rate and to provide a specific nominal value
in compliance status of the identified processes
whereas maturity level assessment as shown in table 2
is use to evaluate the degree of maturity and to define
the current and projected level. Furthermore, the paper
applied an ordinal scale to use as range in evaluating
maturity level as shown in table 4.
Table 4. Ordinal Scale for Maturity Level Assessment
The table 4 presents the following six ordinal scale.
The scale convey the increasing level of processes and
a range basis to assess the maturity level of IT
governance of the university. From incomplete that
associates to level 1 with scale value of 0 – 0.50 to
optimizing that associates to the highest level with
4.51-5.00. On a general note, from the level of not
achieving the selected processes to achieving the
current state and projected goals.
Data Collection
The paper is conveyed through the following actions
as presented in figure 1. Instrument used to gather the
data needed for this paper are divided into five such as
interview, observation, document review, survey
questionnaire, and literature review. The collected
documents like Five Year Development Plan
(2021-2025) and the Information System Strategic
Plan (2023-2025) was used to identify the university
visions and I&T goals. The questionnaire is distributed
to three (3) different divisions namely: CIEC, Budget
Office, and Procurement Office.
Mama & Caguiat
Figure 1. Procedure of Maturity Level Assessment
(Adapted from Yin, 2018)
Figure 1 shows the paper step-by-step procedure in
evaluating the maturity level. First to organize and
strengthen the study the exploration of several
literature was done during planning stage. Second in
design stage the paper used a single-case study method
to evaluate the IT governance in organization. Third
identifying of focus area based on the provided
documents (i.e., ISSP and Five Year Development
Plan). Preparation of survey and interview
questionnaire was formulated based with highlighted
critical points. Followed by collection of data and
distribution of questionnaire to the corresponding
research participants. Analyzing the maturity level of
IT governance using COBIT framework. Lastly, to
give recommendations to improve future state process
and services of MSU-Maguindanao IT governance.
Results and Discussion
To evaluate the level of maturity of MSU-
Maguindanao IT governance, the paper would analyze
the area of financial management that occurs the
following domain processes namely: EDM02,
EDM04, APO06, and APO10. This section would
presents the tables and graphs that contains average of
current and projected maturity level, and status of
compliance.
Numerical Results
EDM02 – Evaluate Value Optimisation
In table 5 presents the average current, projected
maturity level, and status of compliance within the
EDM02 process. The current level of maturity of the
following sub-processes such as EDM02.01 is at level
2 with the largely status of 56% of compliance
whereas the EDM02.02 and EDM02.03 are both at its
initial stage. Currently, the level of maturity of
EDM02 process is at state of manage stage with the
average of 1.61. On the other hand, the projected level
935/939
Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
for EDM02 process is level 4. This means that the
processes in evaluating, directing, and monitoring to
deliver the IT-related values have been initially
implemented that need to be managed to optimize
value creation.
Table 5. The average maturity level and status of
compliance within the EDM02 process
EDM04 – Evaluate Resource Management
Table 6 shows the EDM04 process degree of maturity
with corresponding percentage of compliance. The
sub-processes EDM04.01 and EDM04.03 are both at
initial currents state while the stage of EDM04.02 is
level 2 with equal partial status of compliance. The
EDM04 process average is 1.47 initial maturity level
and quite distant from the projected maturity level.
Further, this implies that evaluating the resources
optimization of IT-related resources has initially been
implemented. There is a lack of IT-related resources
(people, processes, and technology) available to
support university objectives effectively at optimal
cost.
Table 6. The average maturity level and status of
compliance within the EDM04 domain process
APO06 – Manage Finance and Accounting
The table 7 presents the manage finance accounting
sub-processes that includes the corresponding maturity
level and compliance. Level 2 is the current maturity
of the sub-processes such as APO06.01, APO06.02,
APO06.03, and APO06.04 however the sub-process
Mama & Caguiat
APO06.05 (Manage Costs) is in level 3 with largely
compliance of 56%. Thus, the current maturity average
of APO06 process is 2.15 whereas level 4 for projected
level. More so, it indicates that IT- related financial
activities and the used of IT-related resources based on
the stakeholders needs has been implemented, well
planned, managed and monitored the performance
regardless of the IT costing model.
Table 7. The average maturity level and status of
compliance within the APO06 domain process
APO10 – Identify and Evaluate Supplier Relationship
and Contracts
In table 8 shows sub-processes in identifying and
evaluating supplier relationship and contracts. The
table presents the current and projected maturity level
together with the status of compliance. The sub-
processes like APO10.01, APO10.04, and APO10.05
currently in quantitatively managed level with
corresponding status of compliance such as APO10.01
is largely status of 66% compliance, partially status of
50% for APO10.04, and APO10.05 is largely status a
value of 54%. However, the two sub-processes such as
APO10.02 and APO10.03 are both in level 4 with the
largely status of 55% for APO10.02 and 55% for
APO10.03 is partial status with a 49%. More so, the
average maturity of APO10 process is 3.74 within
level 4 while 4.60 for projected maturity. This implies
that managing suppliers, particularly in IT-related
services has been well defined and implemented to
meet the university requirements such as supplier
performance, effective compliance, and minimizing
supplier risk are properly monitored and addressed.
Along these lines, since the organization followed and
aligned in accordance with, the national policy (i.e.,
bidding process and procurement policy), the aspect of
managing the supplier was well-structured and
standard-managed.
936/939
 Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
Table 8. The average maturity level and status of
compliance within the APO10 domain process
Graphical Results
The paper use a radar graphical representation to
presents the maturity level of processes, as shown in
figure 2. The figure 2 shows the average results of the
evaluation of IT-related activities' maturity level
within the following identified processes namely:
EDM02, EDM04, APO06, and APO10. Both EDM02
(Ensure Benefits Delivery) process and the EDM04
(Ensure Resource Optimization) process depict the
current average score of maturity level on level 1
(Initial Level). These two processes hold initial and
less controlled to the implemented activities. In other
words, some rules and requirements, methods, and
activities were developed but occasionally reactive
with less in IT-related plans, evaluations, standardized,
and monitoring. As shown in figure 2, the APO06
(Manage Budget Costs) process current level of
maturity is on level 2 (Managed Level). At this level,
the performance of IT-related activities was planned,
monitored, and repeatable but intuitive. The APO10
(Manage Suppliers) process depicts the current
average maturity level on level 4 (Quantitatively
Level). At this point, the IT-related activities were well
measured and consistent of performance improvement.
The level where data management was clearly defined,
standardized methods were established, rules and
resources were well used and controlled, and strategic
values were documented and maintained.
Figure 2. Maturity level of Processes Diagram
Mama & Caguiat
On the contrary, as reflected in figure 2, the EDM02,
EDM04, and APO06 processes are quite distant from
the projected maturity level except for the APO10
process. Therefore, the university should enhance its
IT governance performance, particularly to the
EDM02, EDM04, and APO06 processes that involve
establishing and maintaining methods, defining
policies and documentation, and evaluating and
monitoring the implementation to improve into level 4
maturity level (Quantitatively Managed). More so, the
organization needs to conduct more evaluations,
reviews, and adjustments to acquire the projected level
of maturity.
The results shown in figure 2 implies the occurrences
of the highest gap mainly to the EDM04 (Ensure
Resource Optimization) process, in which the gap
scale is 2.53, followed by the EDM02 (Ensure Benefits
Delivery) process, with a gap value of 2.39, and next
by APO04 (Manage Budget Costs) process, with a gap
result of 1.85. Conversely, the lowest gap appears in
APO10 (Manage Suppliers) process, in which the gap
scale is 0.86. The highlighted current highest gap
signifies that the organization has less awareness of
every level of IT governance activities and services.
More so, the lack of IT-related resources was also
identified. With this, it may affect the consistency of
quality and standardized methods which may cause
inefficient and ineffective services to stakeholders and
delays in achieving the university IT-related
objectives.
Proposed Improvements
The paper highlighted the following to improve and
achieve the organization's expected level and to
address and minimize the gaps such as: (1) The
organization requires to increase the understanding of
the stakeholders’ IT-related needs to clearly define the
program plan (key goals, targets), key capabilities and
benefits, significance associated risk, balanced set of
metrics (i.e., outcome measures, financial and non-
financial measures), and appropriate resource
requirements. To continually address, identify and
assess any changes in the direction required to deliver
the optimized value and resources management; (2)
Requires the creation and ratify IT governance policy
mainly for IT-related activities. A comprehensive
Standard Operating Procedure (SOP) involving
process guidelines and IT governance implementation.
Along these lines, the organization will implement a
937/939
Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
thorough detailed IT process management; (3) The
organization needs to establish its specific framework
to measure the status of its IT management; and (4)
Enhancement and optimization of the information,
communication, and technology (ICT) service system
are essential for the university to perform and acquire
good governance.
Validation
The analysis process is carried out by questionnaires
based on the standard in accordance with the COBIT 5
framework but focuses only on the selected, as
described in Table 1. To determine and calculate both
level values and nominal values the use of
mathematical formula was made. To determine the
average score of each process the mathematical
equation is as follows:
The use of Microsoft Excel 2013 to tabulate and
calculate the average value of the process EDM02 ()
involving the sub-process EDM02.01+ EDM02.02 +
EDM02.03 divided by total sub-process = (2 + 1.43 +
1.40) / 3 = 1.61, the same mathematical calculation is
done for process EDM04, APO06, and APO10.
Further, the use of a radar graph, as shown in figure 2
was made under the EdrawMax application.
Conclusion
The paper wants to evaluate the IT governance of
MSU-Maguindanao with particular emphasis on the
context of financial management. With that, the results
of this study verified the current overall average
maturity level of IT services was on a scale of 2
(Managed Level) with a partial status compliance
value of 49%. The results convey that the
organization's IT governance was controlled and
implemented but lack of consistent documentation and
well-structured policies to review, monitor, and asses
the IT activities. Further, the institution should put into
consideration the vital of IT governance.
More so, the organization's compliance with RA No.
10173 or known as the Data Privacy Act of 2012 must
also be put into consideration. According to Michelle
et al. (2018), there are identified factors in compliance
Mama & Caguiat
with DPA 2012 of some agencies such as the lack of
awareness, budget, and time constraints. Thus, the
organization should consider the compliance and
require to include it with their established ISSP. On
top of that, the stakeholders require their complete
commitment to enhance and achieve effective and
good IT governance.
Furthermore, for the organization to assess their ICT
service management, the advice to use and integrate
the COBIT framework as their basis and guide to
determine specific requirements that align with the
organization's needs to improve their IT governance
and to assess their IT performance.
References
Amali, L., Katili, M., Suhada, S., and Hadjaratie, L., The
measurement of maturity level of information technology service
b a s e d on C O B IT 5 f r a m e w o r k , T E L K O M N IK A
Telecommunication, Computing, Electronics and Control Vol. 18,
No. 1, February 2020, pp. 133~139
Ching, M., Fabito, B., and Celis, N., Data Privacy Act of 2012: A
Case Study Approach to Philippine Government Agencies
Compliance, Advanced Science Letters, Volume 24, Number 10,
October 2018, pp. 7042-7046(5).
Department of Information and Communications Technology
(DICT) Organization, Republic Act No. 10844, Available:
https://dict.gov.ph/about-us/republic-act-no-10844/, n.d.
D-ICT (Detachering Interim management Consultancy Training)
Solution, What you need to know about the COBIT 2019
framework, Available:
https://dictsolutions.com/en/cobit-2019-framework/, n.d.
Edmead, M., CISA, COBIT 2019 Accredited Trainer, COBIT 5
Assessor, BRMP, CBRM, DevOps Foundation, and Lean IT, Using
COBIT 2019 to Plan and Execute an Organization’s Transformation
Strategy, Available:
https://www.isaca.org/resources/news-and-trends/industry-news/202
0/using -cobit-2019-to-plan -and-execute -an-organization -
transformation-strategy, September 28, 2020.
Elue, E., CISA, & CDPSE, Effective Capability and Maturity
Assessment Using COBIT 2019, Available:
https://www.isaca.org/resources/news-and-trends/industry-news/202
0/effective-capability-and-maturity-assessment-using-cobit-2019,
July 27, 2020.
Hanna, K., Definition COBIT, Avalable:
https://www.techtarget.com/searchsecurity/definition/COBIT,
September 2021.
Hardi, H.,Sadikin, M., Fitrianah, D., Sarinanto, M., Nurhaida, I., and
Dwiyanto, A., IS Strategic Plan for Higher Education Based on
COBIT Assessment: A Case Study, International Journal of
Information and Education Technology, Vol. 5, No. 8, pp. 629-633,
August 2015.
Information Technology (Info-Tech) Research Group, IT
Management and Governance Framework, Available:
https://www.infotech.com/browse/management-and-governance,
938/939
Psych Educ, 2023, 7: 932-939, Document ID:2023 PEMJ612, doi:10.5281/zenodo.7776129, ISSN 2822-4353
Research Article
n.d.
IT Governance Institute, COBIT 4.1: Framework, Control
Objectives, Management Guidelines, & Maturity Models,
ISACA, COBIT 5 Supplementary Guide for the COBIT 5 Process
Assessment Model (PAM), Version 1.0, APM Group International,
2012.
ISO, ISO/IEC 38500:2015 Information technology — Governance
of IT for the organization, Available:
https://www.iso.org/standard/62816.html, February 2015.
Katili, M., Pateda, V., Djafri, M., and Amali, L., Measuring the
capability level of IT governance: A research study of COBIT 5 at
Universitas Negeri Gorontalo, Journal of Physics: Conference
Series, Volume 1387, International Conference on Education,
Science and Technology 2019 13–16 March 2019, Padang,
Indonesia ,J. Phys.: Conf. Ser. 1387 012021, 2019.
Kidd, C., What is COBIT? COBIT Explained, Available:
https://www.bmc.com/blogs/cobit/, June 21, 2019.
Lindros, K., What is IT governance? A formal way to align IT &
business strategy, Available:
https://www.cio.com/article/272051/governanceit-governance-defini
tion-and-solutions.html, July 31, 2017.
Mathenge, J., IT Governance: An Introduction, Available:
https://www.bmc.com/blogs/it-governance/, March 4, 2022.
Medium-Term Information and Communications Technology
Harmonization Initiative (MITHI) Organization, What is ISSP?,
Available: https://mithi.gov.ph/what-is-issp/, n.d.
Ryan, K. & Filene, J. Single Case Design Brief, Available:
https://www.jbassoc.com/wp-content/uploads/2018/03/Selecting-Sin
gle-Case-Designs.pdf, March 2012.
Sihotang, H., Zarlis, M., Efendi, S., Jollyta, D., and Husain
Mama & Caguiat
,Evaluation of Maturity Level of Information and Communication
Technology (ICT) Governance with CobIT 5.0 Case Study: STMIK
Pelita Nusantara Medan, Journal of Physics: Conference Series,
Volume 1255, The International Conference on Computer Science
and Applied Mathematic 10–12 October 2018, Niagara Hotel,
Parapat, Indonesia, J. Phys.: Conf. Ser. 1255 012046, 2019.
Silva, L. & Neto, J., Method for Measuring the Alignment between
Information Technology Strategic Planning abd Actions of
Information Technology Governance, JISTEM - Journal of
Information Systems and Technology Management, Vol. 11, No. 1,
pp. 131-152, Jan/April 2014.
White, S., What is COBIT? A framework for alignment and
governance, Available:
https://www.cio.com/article/228151/what-is-cobit-a-framework-for-
alignment-and-governance.html, January 15, 2019.
Wijayanti N., Setiawan, W., and Sukamto, R., Performance
Assessment of IT Governance with Balanced Score Card and
COBIT 4.1 of Universitas Pendidikan, Journal of Physics:
Conference Series, Volume 812, International Seminar on
Mathematics, Science, and Computer Science Education (MSCEIS
2016)15 October 2016, Bandung, Indonesia, J. Phys.: Conf. Ser. 812
012072, 2017.
Affiliations and Corresponding Information
Bai Rafsan-Zahna I. Mama
De La Salle University Manila - Philippines
Dr. Ma.Rowena Raguin Caguiat
De La Salle University Manila - Philippines
939/939