Integrating Internal Control Frameworks for Effective Corporate Information Technology Governance

Abdou Ahmed Ettish, Samir M. El-gazzar, Rudolph A. Jacob


This paper examines how several internal control frameworks can be integrated to achieve effective corporate information technology governance. Focusing on three popularized internal control frameworks---ERM, COSO, and COBIT5---can help organizations effectively achieve information technology governance through their interaction. The study uses a deductive approach.
The fundamental tenet that emerges from this genre of early studies is that neither a single framework nor non-integrated multiple frameworks would suffice in achieving effective information technology security and governance. This research developed an integrated framework (see Figure No. 3) to fill the literature gap in this area.


IT Governance, IT Risks, Integrated ITG Framework, Internal Control

Full Text:



Abu-Khadra, H. A., Chan, J. O. & Pavelka, D. D. (2012). Incorporating the COBIT Framework

for IT Governance in Accounting Education, Communications of the IIMA, 12(2), 81-92.

Abu-Musa, A. A. (2006). Evaluating the Security Controls of CAIS in Saudi organizations: The

Case of Saudi Arabia. The International Journal of Digital Accounting Research, 6(11),


Abu-Musa, A. A. (2008). Exploring the importance and implementation of COBIT processes in

Saudi organizations an empirical study. Information Management & Computer Security,

(2), 73-95.

Abu-Musa, A. A. (2009). Exploring COBIT Processes for ITG in Saudi Organizations: An

empirical Study. The International Journal of Digital Accounting Research, 9, 99-126.

Asgarkhani, M. (2013). Corporate ICT Governance: A Tool for ICT Best Practice. The

International Conference on Management, Leadership & Governance, 1-7.

COSO. (2004). Enterprise Risk Management Integrated Framework. 1-7.

COSO. (2013). Internal Control-Integrated Framework, Executive Summary. 5, 1-20.

Eckert, C. (2012). COBIT Changes Focus on IT Risk Management. Pennsylvania CPA Journal,

(2), 8.

Goosen, R. & Rudman, R. (2013). An Integrated Framework to Implement IT Governance

Principles at a Strategic and Operational Level for Medium-To Large Sized South African

Businesses. International Business & Economics Research Journal, 12(7), 835 - 854.

IT Governance Institute. (2003). Board Briefing on IT Governance. 2nd ed.

ISACA. (2012). COBIT 5 a Business Framework for the Governance and Management of

Enterprise IT.

Jairak, K. & Praneetpolgrang, P. (2013). Applying IT governance balanced scorecard and

importance-performance analysis for providing IT governance strategy in university.

Information Management & Computer Security, 21(4), 228-249.

Kepczyk, R. H. (2013). IT Governance With in Accounting Firms. CPA Practice Management

Forum, 9-10.

KO, D. & Fink, D. (2010). Information technology governance: an evaluation of the theory-

practice gap. Corporate Governance, 10(5), 662- 674.

Lin, H., Cefaratti, M., & Wallace, L. (2012). Enterprise Risk Management, COBIT, and ISO

: A Conceptual Analysis. Internal Auditing, 27(2), 3-12.

Nastase, P. & Unchiasu, S. F. (2012). Assessment of the It Governance Perception within the

Romanian Business Environment. Accounting and Management Information Systems,

(1), 44-55.

Peterson, R. (2004). Crafting Information Technology Governance. EDPACS, 32(6), 1-23.

Robles, R. J., Choi, M., Cho, S., Lee, Y., & Kim, T. (2009). SOX and its effects on IT Security

Governance. International Journal of Smart Home, 3(1), 81-88.

Rubino, M., & Vitolla, F. (2014). IT governance, Risk Management and Internal Control

System: the role of the COBIT framework. International OFEL Conference on

Governance, Management and Entrepreneurship, 174-188.

Silva, L. M., & Neto, J. S. (2014). Method for Measuring the Alignment between Information

Technology Strategic Planning and Actions of Information Technology Governance.

Journal of Information Systems and Technology Management, 11(1), 131-152.

Teo, W. L., Manaf, A. A., & Choong, P. L. (2013). Information Technology Governance:

Applying the Theory of Planned Behavior. Journal of Organizational Management

Studies, 9, 1-15.

Trautman, L., & Price, K. Al., (2011). The Board's Responsibility For Information Technology

Governance. The John Marshall Journal Of Computer & Information Law, 28 (3), 312-

Tuttle, B., & Vandervelde, S. D. (2007). An empirical examination of COBIT as an internal

Control framework for information technology. International Journal of Accounting

information systems, 8 (4), 240-263.

Violino, B. (2006). Sorting the Standards. Computer World, 40 (16), 46-57.

Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision

Rights for Superior Results. Massachusetts Institute of Technology, USA,

Yang, M., Lin, W., & Koo, T. (2011). The impact of computerized internal controls adaptation

on operating performance. African Journal of Business Management, 5 (20), 8204-8214.


Copyright (c) 2018 Journal of Information Systems and Technology Management

Licensed under