A Fuzzy Multicriteria Approach for IT Governance Evaluation

Angel Cobo, Adolfo Alberto Vanti, Rocio Rocha Blanco


This work seeks to provide a new multi-criteria approach to assess IT Governance (ITG) in the area of Strategic Alignment. The complete methodological development process is described. The evaluation model uses Fuzzy Analytic Hierarchy Process (FAHP) and it is targeted to IT processes, more specifically to the COBIT© IT maturity levels, domains and processes, thus providing a differentiated analysis of importance for each item. Its relevance is related to addressing isolated and individual evaluation criteria that are normally practiced in audits of processes. The model allows generating information that extends the guarantees of compliance and corporate governance from different organizations. This research demonstrates that the combined use of multi-criteria decision methodologies and soft computing proves to be particularly suitable for Strategic Alignment such as the focal area of COBIT. The model was applied in a big retail Brazilian company.


Corporate Governance; IT Governance; Strategic Alignment; COBIT; FAHP.

Full Text:



Balli, S. & Korukoglu, S. (2009). Operating System Selection Using Fuzzy AHP and TOPSIS. Mathematical and Computational Applications, 14(2), 119-130.

Benítez, J., Delgado-Galván, X., Izquierdo, J. & Pérez-García, R. (2012). An approach to AHP decision in a dynamic context. Decision Support Systems, 53, 499-506.

Cadbury Committee (2011). Report of the Committee on the Financial Aspects of Corporate Governance. London, 1992. Retrieved March 8, 2014, from http://www.jbs.cam.ac.uk/cadbury/report/index.html

Chang, D. (1992). Extent analysis and synthetic decision. Optimization techniques and applications, World Scientific, Singapore, 1, 352.

Chang, D. (1996). Applications of the extent analysis method on fuzzy AHP. European Journal of Operational Research, 95, 649–655.

Chen, P.C. (2009). A Fuzzy Multiple Criteria Decision Making Model in Employee Recruitment. International Journal of Computer Science and Network Security, 9(7), 113-117.

Chen, L. (2010). Business–IT alignment maturity of companies in China. Information & Management, 47, 9–16.

De Haes, S., Van Grembergen, W. & Debreceny, R. (2013). COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities. Journal of Information Systems, 27(1), 307.

Hirschheim, R., & Sabherwal, R. (2001). Detours in the path toward strategic information systems alignment. California Management Review, 44 (1), 87-108.

IBGC (2012). Código das melhores práticas de governança corporativa. 4ª ed., São Paulo, Instituto Brasileiro de Governança Corporativa (IBGC). Retrieved March 8, 2014, from http://www.ibgc.org.br/CodigoMelhoresPraticas.aspx

Iranmanesh, H., Shirkouhi, S.N. & Skandari, M.R. (2008). Risk Evaluation of Information Technology Projects Based on Fuzzy Analytic Hierarchal Process. World Academy of Science, Engineering and Technology, 40, 351-357.

ISACA, Information Systems Audit and Control Association (2012). COBIT Five: A Business Framework for the Governance and Management of Enterprise IT. Rolling Meadows, IL: ISACA.

ITGI (2013). COBIT 4.1: Framework, Control Objectives, Management Guidelines, Maturity Models. Information Technology Governance Institute. Retrieved March 8, 2014, from http://www.isaca.org

Jensen, M. & Meckling, W. (1976). Theory of the firm: managerial behavior, agency costs and capital structure. Journal of Financial Economics, 3, 305-360.

Kwok, L. & Longley, D. (1999). Information security management and modeling, Information Management & Computer Security, 7(1), 30-40.

Lederer, A. L. & Mendelow, A. L. (1989). Coordination of information systems plans with business plans. Journal of Management Information Systems, 6 (2), 5-19.

Lederer, A. L. & Sethi, V. (1992). Root Causes of Strategic Information System Planning Implementation Problems. Journal of Management Information Systems, 9 (1), 25-45.

Li, Y. & Tan, C.H. (2013). Matching business strategy and CIO characteristics: The impact on organizational performance. Journal of Business Research, 66(2), 248–259.

Lien, C.T. & Chan, H.L. (2007). A Selection Model for ERP System by Applying Fuzzy AHP Approach. International Journal of the Computer, the Internet and Management, 15(3), 58-72.

Markaki, O., Charilas, D. & Askounis, D. (2010). Application of Fuzzy Analytic Hierarchy Process to Evaluate the Quality of E-Government Web Sites. DESE-10 Proceedings of the 2010 Developments in E-systems Engineering, 219-224.

Marnewick, C. & Labuschagne, L. (2011). An investigation into the governance of information technology projects in South Africa. International Journal of Project Management, 29, 661–670.

Meixner, O. (2009). Fuzzy AHP Group Decision Analysis and its Application for the Evaluation of Energy Sources. Proceedings of the 10th International Symposium on the Analytic Hierarchy/Network Process Multi-criteria Decision Making. University of Pittsburgh, USA.

Merali, Y., Papadopoulos, T. & Nadkarni, T. (2012). Information systems strategy: Past, present, future? Journal of Strategic Information Systems, 21, 125-153.

Mikhailov, L. & Tsvetinov, P. (2004). Evaluation of services using a fuzzy analytic hierarchy process. Applied Soft Computing, 5(1), 23–33.

Neto, J.S., Neto, A.N.F. (2013). Metamodel of the IT governance framework COBIT. Journal of Information Systems and Technology Management, 10(3), 521-540.

Preittigun, A., Chantatub, W. & Vatanasakdakul, S. (2012). A Comparison between IT Governance Research and Concepts in COBIT 5. International Journal of Research in Management & Technology, 2(6), 581-590.

Saaty, T. (1980). The Analytical Hierarchy Process: Planning, Priority Setting, Resource Allocation. New York: Mc Graw-Hill.

Simonson, M., Johnson, P. & Ekstedt, M. (2010). The Effect of IT Maturity on IT Governance Performance. Information Systems Management, 27, 10-24.

Taylor, F. & Fitzgerald, T. (2007). Clarifying the Roles of Information Security: 13 Questions the CEO, CIO, and CISO Must Ask Each Other. Information Systems Security, 16(5), 257-263.

Tiwana, A. & Konsynski, B. (2010). Complementarities between organizational IT architecture and governance structure. Information Systems Research, 21(2), 288–304.

Van Laarhoven, P. & Pedrycz, W. (1983). A Fuzzy Extension of Saaty’s Priority Theory. Fuzzy Sets and Systems, 11, 229-241.

Van Grembergen, W. V. & Haes, S. D. (2004). IT Governance and Its Mechanisms, Information Systems Control Journal, 1, 27-33.

Van Grembergen, W., & De Haes, S. (2009). Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. New York: Springer, 233.

Wajeeh, I.A. & Muneeza, A. (2012). Strategic corporate governance for sustainable mutual development. International Journal of Law and Management, 54(3), 197-208.

Weill, P. & Ross, J.W. (2004). IT Governance - How Top Performers Manage IT Decision Rights for Superior Results. Boston. Massachusetts: Harvard Business School Press.

Weiss, J. & Thorogood, A. (2011). Information Technology (IT)/Business Alignment as a Strategic Weapon: A Diagnostic Tool. Engineering Management Journal, 23(2), 30-41.

Zadeh, L.A. (1965). Fuzzy Sets. Information and Control, 8, 338-353.

Zarvi´c, N., Stolze, C., Boehm, M. & Thomas, O. (2012). Dependency-based IT Governance practices in inter-organisational collaborations: A graph-driven elaboration. International Journal of Information Management, 32(6), 541–549.

Zviran, M. (1990). Relationships between Organizational and Information Systems Objectives: Some Empirical Evidence. Journal of Management Information Systems, 7(1), 66-84.

DOI: http://dx.doi.org/10.4301/s1807-17752014000200003

Copyright (c)

Licensed under