COBIT 5 Framework Implementation for RFA IT Governance Project

Verified

Added on 2022/10/12

AI Summary

This project examines the implementation of the COBIT 5 framework for IT governance within the Road Fund Administration (RFA), a public sector company in Namibia. The research investigates the current IT governance framework, standards, and processes at RFA, highlighting the challenges faced in IT operations. Through a literature review and qualitative primary research involving interviews and focus group discussions, the project analyzes the effectiveness of the COBIT 5 framework in addressing these challenges. The study focuses on how incorporating the COBIT 5 framework can benefit RFA by improving IT governance and administration, using the framework's five principles for thematic analysis. The project concludes with recommendations for RFA IT personnel on adopting and utilizing the COBIT 5 framework for efficient IT operations. The research includes background on the RFA, problem statements, research aims, questions, and objectives, along with a detailed methodology, findings, and analysis based on the COBIT 5 framework's principles. The project also includes a discussion of limitations and ethical considerations.

Running head: BUSINESS LAW
Implementing COBIT 5 Framework as a Mechanism of IT Governance: A Case Study of
Road Fund Administration with Respect to its Current IT Governance Framework, Standards,
and Processes
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1BUSINESS LAW
Abstract
The Road Fund Administration, a public sector company operating in Namibia, has
been facing difficulties in running IT operations, which otherwise form a crucial aspect of the
work done by the organization. As its name suggests, the corporation is involved in the
development of public roads and urban infrastructure for the people of the country and one of
its key stakeholders is the government of Namibia. Financial transactions form a crucial
component of the business of the Road Fund Administration, since the corporation concerns
itself with allocating proper funds that can be utilized for the development of a secure road
network in Namibia and in order to make sure that such financial transactions are performed
with efficiency, a proper system of IT governance needs to be in place that will facilitate such
work to be carried out in a smooth and hassle free manner. This research project aims at
finding out how the COBIT 5 Framework of IT governance can be utilized by the IT
department at the Road Fund Administration, to manage IT governance better than
what it is able to at the moment. For this purpose, the research project has conducted a
detailed literature review on how effective the COBIT 5 framework can be for ensuring good
IT governance and administration. In addition, detailed qualitative primary research has
been conducted by taking interviews and focus group discussions with members of the
IT administration at Road Fund Administration via Video Call, over the phone the in
person at the RFA office. Details revealed during the interview make it clear that the present
IT frameworks that are being used by the Road Fund Administration are not too efficient or
effective and the thematic analysis of the research findings, which has been conducted using
the 5 principles of the COBIT 5 framework, indicates how incorporating the COBIT 5
framework by the IT administration at RFA can prove to be beneficial for the company. The
research concludes with a number of important recommendations that can be taken into

2BUSINESS LAW
consideration by the RFA IT personnel on incorporating and using COBIT 5 framework to
run IT operations with efficiency for the company.

3BUSINESS LAW
Table of Contents
1. Introduction............................................................................................................................5
1.1 Background......................................................................................................................5
1.2 Problem Statement...........................................................................................................7
1.3 Research Aim...................................................................................................................8
1.4 Research Questions..........................................................................................................8
1.5 Research Objective......................................................................................................8
1.6 Rationale of the Research............................................................................................9
1.7 Structure of the Research...........................................................................................10
1.8 Summary........................................................................................................................11
Chapter 2 - Review of Literature.............................................................................................12
Chapter 3 – Research Methods................................................................................................27
Aim...........................................................................................................................................27
Research Philosophy............................................................................................................27
Research Design...................................................................................................................28
Data Collection.....................................................................................................................28
Data Analysis.......................................................................................................................30
Content of the Interviews.....................................................................................................31
Data Sampling......................................................................................................................33
Sample Size..........................................................................................................................33
Limitations of the Research.................................................................................................35

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4BUSINESS LAW
Ethical Considerations for the Research..............................................................................35
4. Chapter 4 – Findings and Analysis.....................................................................................38
4.1. Theme 1 – Meeting the Needs of the Stakeholders.......................................................39
4.2. Theme 2 – Governing IT from an End to End Enterprise Perspective.........................42
4.3. Theme 3 – Application of a Single and Integrative Framework...................................43
4.4. Theme 4 - Facilitating a Holistic Approach..................................................................45
4.5. Theme 5 – Separation of IT Governance from General Management..........................47
5. Chapter 5 – Conclusion and Recommendations..................................................................50
5.1. Recommendations.........................................................................................................52
5.2. Study Weaknesses.............................................................................................................55
References................................................................................................................................56
Andry, J.F. and Setiawan, A.K., 2019. IT GOVERNANCE EVALUATION USING COBIT
5 FRAMEWORK ON THE NATIONAL LIBRARY. Jurnal Sistem Informasi, 15(1), pp.10-
17..............................................................................................................................................56

5BUSINESS LAW
1. Introduction
1.1 Background
The corporation involved in this case is the Road Fund Administration (RFA), which is a
public sector company. The recognition of the corporation has been extended by the Act of
the Parliament of Namibia dated on the 1st of April of the year 2000. The objective of this
was to specify a mandate for the purpose of attaining the Namibian Road User Charging
System (RUCS) and the Road Fund. The view with which this achievement was required is
the safety and adequacy that can support the road sector. The RFA consists of a strong senior
organisation which has engaged highly accomplished as well as capable employees (Petrus
and Krygsman 2018). This strong senior organisation has been ensured for the focus of
attaining fitness as well as maintenance of development. The IT environment of the RFA is
ensured to be stable. This stability of the IT environment has resulted in many successes
relating to technology with respect to innovation as well as management. There has been no
rapid growth of knowledge which has the consequence of increasing the efficiency essential
for the initiatives and to merge all the obtainable evidences. These achievements have been
met by the RFA with the efficient exploitation of the diverse methods as well as capitals
(Nekongo 2018). The senior management pertaining to the RFA is of the opinion that the
development of an information technology supremacy outline, which is solitarily combined.
This has been suggested by the senior management belonging to RFA, for the purpose of
eradicating the several frameworks as well as standards that has been undertaken to be
applied all through the years. There has been a desire of the senior management of RFA to
carry out a research study of comprehensive nature for the purpose of analysing the criticality
as well as efficiency with respect to the application of COBIT 5 outline inform of a
mechanism to assist it governance at the RFA (Mohanan and Menon 2016). The analysis

6BUSINESS LAW
needs to be based on the comparison that can be drawn with respect to the present IT
governance Framework with that of the COBIT 5 and the standard and procedures as well as
the present status quo.
COBIT 5 depicts a framework that has been developed by the Information Systems Audit
and Control Association (ISACA). This system has been formulated for the purpose of
ensuring management as well as governance in relation to information technology (IT). The
main objective behind the COBIT 5 framework was to extend a commonly used language to
the business executive for making communication among themselves regarding the it related
objectives, goals as well as consequences. The chief intentions underlying the development of
COBIT 5 can be summarised in the following way (Patón-Romero et al. 2017). Firstly, the
system has been formulated for ensuring accuracy of the information for the purpose of
supporting decisions relating to the business. Secondly, the implementation of the same has
been backed with the objective of achieving strategic goals using the assistance of
information technology. Thirdly, this Framework has been designed for the maintenance of
the operational excellence using the technology in an effective manner. Fourthly, it has been
intended to keep the risks relating to information technology to an acceptable level. Fifthly, it
has been designed to bring down the cost relating to information technology services. Lastly,
it has been intended to maintain the compliance of the regulations and legal principles
(Bartens et al. 2015). Presently, the COBIT 5 framework has assumed the status of a standard
in the industry for the governance and management of information technology. Previously, it
has been developed under the name of Control Objectives for Information and related
Technology. The COBIT 5 has been more concerned about the creation of business value.
This framework consisted of five principles that requires the satisfaction of the needs of the
stakeholders, covering the end to end of an enterprise, application of the single integrated

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7BUSINESS LAW
framework, ensuring holistic approach and making a separation of management from the
governance (Wilkin et al. 2016).
The present system that has been covering all the aspects relating to the business as well as
revenue streams of RFA is a five year Integrated Strategic Business Plan, which has been
implemented from the year 2050 to the year 2019. The pillars of corporate governance that
has been implemented by RFA are the NAMCODE and the KING III. These structures have
been implemented to extend support to the day to the affairs of the business and streamline
the operations. However the support extended by the recent structure of governance does not
support the IT governance to its entirety and has been proven to be ineffective in certain
circumstances (Huygh et al. 2018). All these inadequacies pertaining to the present system of
governance has paved the way for the need for introduction of COBIT 5 by the senior
management of RFA. This particular framework provides more efficient governance to the
organisation and strives to address and remedy all the inner decreases that have existed in the
previous governance system. This people would strive to analyse the present structure of
governance implemented by the RFA. It will discuss the inadequacy that the senior
management has been facing regarding the present structure of governance framework. It will
also discuss the need for introducing the COBIT 5 IT governance framework within RFA. In
doing that this paper would point out the advantages of COBIT 5 over any other it
governance framework (Murad et al. 2018).
1.2 Problem Statement
The IT governance framework that has been implemented by the RFA are a five year
Integrated Strategic Business Plan running from 2015-2019. The pillars of these corporate
governance Framework are KING III and NAMCODE. These are concerned with the day to
day business operation support and streamlining operations. However, it has been found by

8BUSINESS LAW
the senior management in many of the instances that the government support was not
effective enough to address all the situations. Several inadequacies has been found in the
present corporate governance Framework used by the organisation. This has made the senior
management to consider the implementation of COBIT 5 as the IT governance and
management framework to be implemented in the organisation. This is because COBIT 5 has
many advantages over any other corporate governance and management Framework existing.
There is a demand in the RFA to implement COBIT 5 as their corporate governance
framework to address all the adequacies that has been prevailing in the present framework.
1.3 Research Aim
The sole objective of this paper is to present an analysis as well as evaluation of the
implementation of COBIT 5 as an IT governance and management framework in the RFA
and pointing out the inadequacies that has been faced with the present framework.
1.4 Research Questions
The key questions that are required to be addressed are:
 What are the IT Governance Framework and standards that has been prevailing in
the RFA and whether these framework and standards adequate to upkeep the IT
objectives of the business of RFA?
 Whether the IT Governance Framework that has been prevailing in the RFA is
effectively successful in supporting the IT commercial goals, in exploiting the
assets of the business as well as in addressing the risks relating to IT suitably?
 What business benefits are supposed to be realized by the proper implementation
of the COBIT 5 charter in the RFA?

9BUSINESS LAW
1.5 Research Objective
This paper would analyse the effect of the implementation of COBIT 5 framework within
the RFA in form of a mechanism of IT governance in place of the present governance
framework. Certain objective needs to be satisfied for the purpose of attaining the same.
These are:
 To evaluate the demand for the implementation of COBIT 5 as the IT Supremacy
Framework within the RFA in place of the present IT governance in use. This
needs to be attained by way of primary research bundled with the literature review.
 Determine the advantages that might be accrued for the implementation of COBIT
5 as the IT Supremacy Framework within the RFA in place of the present IT
governance in use. The same would be done by data collection and the use of
secondary research processes.
 To arrive at an inference regarding the the advantages that might be accrued for the
implementation of COBIT 5 as the IT Supremacy Framework within the RFA in
place of the present IT governance in use. This would be addressed in the
conclusion section of the paper.
1.6 Rationale of the Research
The research rationale relating to this paper is to evaluate the need for the implementation
of the implementation of COBIT 5 as the IT governance and management framework within
the RFA. It will analyse the present IT governance framework that has been implemented in
the RFA. This paper would detect the inadequacies that have been faced with the usage of the
present framework. It will also provide a discussion on the advantages that COBIT 5 has over
the other frameworks. The COBIT 5 framework has assumed the status of a standard in the
industry for the governance and management of information technology. COBIT 5 depicts a

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10BUSINESS LAW
framework that has been developed by the Information Systems Audit and Control
Association (ISACA). This system has been formulated for the purpose of ensuring
management as well as governance in relation to information technology (IT) (Haes and
Grembergen 2016).
The pillars of corporate governance that has been implemented by RFA are the
NAMCODE and the KING III. These structures have been implemented to extend support to
the day to the affairs of the business and streamline the operations. The present system that
has been covering all the aspects relating to the business as well as revenue streams of RFA is
a five year Integrated Strategic Business Plan, which has been implemented from the year
2050 to the year 2019. However the support extended by the recent structure of governance
does not support the IT governance to its entirety and has been proven to be ineffective in
certain circumstances. All these inadequacies pertaining to the present system of governance
has paved the way for the need for introduction of COBIT 5 by the senior management of
RFA (De Haes 2016).
1.7 Structure of the Research
2 Introduction – This chapter will contain the evaluation of the demand for the
implementation of COBIT 5 as the IT Supremacy Framework within the RFA in place of
the present IT governance in use. It would determine the advantages that might be
accrued for the implementation of COBIT 5 as the IT Supremacy Framework within the
RFA in place of the present IT governance in use.
3 Literature Review – This chapter will evaluate the need of the COBIT 5 framework in the
RFA and in doing the same it will address the inadequacies in the present system. It will
also present a discussion upon the advantages of this framework over the others.

11BUSINESS LAW
4 Research Methodology – This chapter would indicate the various Methodologies that
would be sued by the researcher in conducting this research and for ensuring the
successful collection of appropriate data. This reason for using this particular method
would also be provided.
5 Data Analysis – This chapter will discuss the analysis of the data that has been collected
and implement appropriate tools and techniques regarding the analysis of such data.
6 Conclusion and Recommendation – This chapter will provide a concluding section in
lines with the facts that has been found in the section of literature review and data
analysis. This will also present certain recommendations that would seem to be
appropriate through the paper.
1.8 Summary
Therefore, the present chapter of this paper would provide a summary of the demand for
the implementation of the COBIT 5 as an IT governance and management framework for the
RFA. This is because the present IT governance and management framework that is being
used in RFA is not adequate enough to address the day to day operations with all its
complexities. Moreover, this paper would also provide for certain conclusion as well as
recommendations that can be conceived from the paper.

12BUSINESS LAW
Chapter 2 - Review of Literature
Tim et al. (2018), have examined concerns and issues in global IT governance using
the perspective that is offered by the COBIT 5 framework. The governance as well as the
management of IT processes through the use of the COBIT 5 framework is something that
has been analyzed in detail by the authors, arguing that such management or governance of
processes is something that is leveraged from the point of view of practice, in order to answer
two important concerns pertaining to modern day IT management. These are the issue of
security and the issue of alignment, respectively. For the purpose of practice, what this
particular research is seen to shed its light on is the management and government of IT
processes that appear to be the most relevant or the most useful for explaining how security
and alignment can be easily achieved. In the view of the authors, practitioners in the domain
of IT governance can make use of such results in order to make sure that the concerns are
answered as best as possible. The methods that the research has utilized in order to
investigate the issues and concerns in global IT governance from the perspective of COBIT 5
are those that fall within the category of what may be termed as penalized regression. The
primary aim of making use of such a technique on the part of the researchers has been to
identify the type of IT governance and management approaches that are deemed to be the
most important with respect to practice, especially when it comes to offering a legitimate
explanation as to how the concerns or issues of security and alignment can be easily
achieved. In other words the most crucial objective that this particular research has been
guided by is the identification of IT governance and management processes that are relevant
and useful in attaining alignment and security.
Pereira et al. (2017) have studied about IT governance and management using the
COBIT 5 Framework as well. According to the researchers, one of the most common

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13BUSINESS LAW
dilemmas that is faced by organizations as well as the leaders of such organizations in
guaranteeing value from all of the high level investments in IT infrastructure that they are
seen to make, that is the manner by which organizations make sure of the fact that benefits
are reaped by them from the expensive investment that they make in infrastructure. In the
view of the authors it is important to arrive at a superior understanding of how value can be
delivered to a particular business through the use of what may be termed as IT initiatives.
According to the researchers this is quite critical, as without such knowledge, gaining an
understanding of the process of IT governance is something that remains incomplete. It is
further argued on the part of the researchers that value is not something that ought to be
perceived as a financial return only but rather as many of the other strategic factors which are
also seen to have an impact on the running of a business. A resource based theory has been
adopted on the part of the researchers for the purpose of identifying as well as proposing a set
of practices, resources and competences that contribute towards the process of developing
and conceptualizing what may be termed as IT Value Management Capability Model. An
oriental and practical perspective is taken for viewing the present IT governance and
management process namely the Val IT 2.0 framework and the COBIT 5 framework. On the
basis of the findings of the research, it is argued by the authors that the IT Value Management
Capability Model is one that is capable of developing practices, resources as well as
competences which have a contribution to make to competitive advantage and business value.
Angligsari et al. (2018) have undertaken an evaluation of the COBIT 5 Framework.
According to the authors information technology governance is something that is made use of
for the purpose of guiding and controlling the operations of an organization, in a way that it is
able to meet its business goals and objectives. The research that has been undertaken by
Anglingsari et al. (2018) is something that has been carried out in the context of a company
that is known as PT DEF. This is an organization that makes increased use of information

14BUSINESS LAW
technology in order to support the business processes of its organization. According to
Anglingsari et al. (2018), IT governance is essential as it enables IT activities to be
implemented or administered in the desired manner. This research in particular is one that has
been carried out with the view of conducting an audit of the type of IT governance
framework that is used by PT DEF to run its business and this audit is carried out using the
COBIT 5 Framework, specifically a domain known as DSS or Deliver, Support and Service
domain. The values that were obtained as a result of the research process were considered by
the authors to not be fully achieved but partially achieved. The capability level is something
that has been utilized on the part of the researchers to identify the gap that can be witnessed
in DSS process. It is argued by Anglingsari et al. (2018) that the main aim of the research is
to provide recommendations that can be used for improving capability levels with respect to
the DSS domain in order to enhance the performance of PT DEF.
Nguyen et al. (2018), have researched on how IT governance can be mapped to the
software development process, and the frameworks that have been researched upon by the
authors in this respect are GI Tropos and COBIT 5. According to Nguyen et al. (2018),
mapping principles of IT governance through the use of frameworks such as GI Tropos or
COBIT 5 is something that goes a long way in enabling IT managers to go ahead and propose
management and governance rules for the development of software in order to be able to
cope with the needs and the requirements of stakeholders. It is stated by Nguyen et al. (2018)
that on the one hand governance in the area of IT and engineering is something that requires
ensuring that the business process of software organization meets all of the strategic
requirements that are associated with that particular organization. Yet the software method
which are driven on the basis of requirement are those that are characterized as
developmental processes and which make use of socio-oriented models of a high level in
order to drive software life cycle both as a deductive and iterative engineering technique and

15BUSINESS LAW
from the perspective of project management. According to the authors such methods or
techniques are those that are quite well suited for adaptation and inclusion of IT governance
principles quite quickly into life cycle of the software development process. In order to be
able to consolidate not one but both of these perspectives, it is proposed on the part of the
researchers that a generic framework be adopted for the purpose of IT governance, that will
allow for the mapping of principles of IT governance to the process of using GI Tropos
software.
COBIT 5 is a framework of IT governance that has also been studied from the
perspective of enterprise governance. Haes and Grembergen (2016) for instance, have
researched on the subject of enterprise governance with respect to the domain of information
technology. The study has been undertaken with the purpose of understanding how value and
alignment can be achieved through the use of the COBIT 5 framework. The research is one
that features an allusion to not one but many case studies and that too from all over the world.
Theoretical advances are integrated with empirical data as well as with practical applications,
and what ensues is an in-depth discussion of how the COBIT 5 framework can be made use
of in order to build, to measure as well as to audit enterprise governance using a number of IT
related approaches. A comprehensive report has been provided of how enterprise IT
governance can be carried out using the COBIT 5 framework with special emphasis being
laid on how IT or information technology can be made use of in order to support, sustain as
well as facilitate the growth of enterprises. Such an all pervasive role as associated with the
use of IT is something that the researchers state to be an integral feature of the process of
corporate governance. In the view of the researchers’ enterprise IT governance is not
something that is associated with superior quality infrastructure only. Instead, it is also about
defining as well as embedding processes and also structures throughout the length and the
breadth of the organization thereby enabling IT people, businesses and boards to go ahead

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16BUSINESS LAW
and execute responsibilities in support of IT/business alignment while also speaking at the
same time about the value that is created from the IT related investments of the enterprise.
Andry et al. (2019) has entered into an investigation on how the COBIT 5 framework
is one that can be utilized as adequate governance of IT systems. The research has been done
in the context of Indonesia where an attempt has been made on the part of the researchers to
understand and see how COBIT 5 as a framework can be used to evaluate the national library
system of the country. The pros and cons associated with the use of the COBIT 5 framework
in this respect is something that has been well pointed out by the researchers over and above
the fact that this is a framework that can be managed and put in place only after undertaking a
thorough evaluation of the IT system that is in place for monitoring and operating the
national library system in Jakarta in Indonesia. It is the argument of Andry et al. (2019) that
in order for the National Library of Indonesia in Jakarta to be managed in an efficient and
effective way, it is necessary for adequate and good IT governance to be in place. In the view
of the researchers good IT governance and good business are things that need to be well
aligned with one another if the objectives associated with managing and running the National
library System of Indonesia is to be well achieved. A thorough overview has been provided
by Andry et al. (2019) of the things that need to be taken into consideration prior to
implementation of the COBIT 5 Framework, failing which the framework will not produce or
showcase the desired results. In the ultimate analysis it is argued by Andry et al. (2019), that
elements of the COBIT 5 Framework make it an ideal tool for IT governance, especially
when it comes to ensuring efficient and effective IT governance over the long term.
Haes et al. (2019) have engaged in in-depth research on how the COBIT 5 framework
is something that can be put to use when it comes to enterprise governance. A history of
COBIT 5 framework has been provided by the author after which the six principles on which
the COBIT 5 framework is managed and run has been pointed out by the authors. The 2019

17BUSINESS LAW
model of COBIT 5 along with the forty different aims and objectives of this 2019 COBIT 5
framework has been pointed out with the greatest degree of aptness and accuracy by the
researchers, who have thus explained the crucial need and importance of COBIT 5 in the
domain of IT governance of a business enterprise and the value that the principles of the
COBIT 5 framework are seen to pose for enterprise governance in particular.
Tridoyo et al. (2017) have studied the use of the COBIT 5 framework in improving
the effectiveness and the efficiency of what may be termed as the E-KTP system in the
achievement of organizational goals and objectives. The study has been carried out in the
context of the population administration system. It is argued on the part of the researchers
that population administration is an intricate affair and that there are many small details that
need to be looked into when handling information systems pertaining to population
administration. The COBIT 5 framework and the five important principles of the framework
have been put to the test on the part of the authors in assessing how this can aid or improve
the performance of the population administration system. Then results of the research have
revealed that COBIT 5 not only makes the management of activities pertaining to population
administration a smooth and hassle free affair but that it has a crucial role to play in
enhancing the efficiency of the E-KTP mode of IT governance that forms an important part
of the population administration process. Tridoyo et al. (2017) argues that the COBIT 5
framework is certainly a useful tool that population administrators can consider using in order
to manage activities and functions pertaining to information technology a lot better through
the use of this framework than they could otherwise. The primary contribution of the COBIT
5 framework in this respect is the fact it leads to a rise in efficiency in the area of IT
governance. It improves IT governance and functioning like never before and a process as
detailed and intricate as population administration is definitely see to benefit a good deal
upon the use of the COBIT 5 framework in the area of it I.T governance.

18BUSINESS LAW
Bunnell and Weistroffer (2017) have studied about the implementation of the COBIT
5 framework in what may be termed as the user access attestation system. The manner by
which such a system can be conceived and then developed through the use of the principles
of the COBIT 5 framework is something that has been studied by the authors in detail. It is
the argument of the authors that organizations these days are faced with an increasing amount
of regulatory and legal oversight owing to legislation such as HIPPA and SOX controls, with
the use of such legislation having become quite critical in the domain of information
technology. It is therefore imperative as argued by the researchers that those who are working
in the domain of IT governance pay a considerable amount of detail to the manner by which
initiate and then authorize as well as process and also store important transactions. The entire
purpose of making use of what may be termed as the user access attestation system is to
ensure that the proper controls are made use of at the time of transactions. Fraudulent
transactions are those that are easily avoided or done away with when such a system is put in
place. The COBIT 5 framework is something that has be mapped by the researchers to a
framework that is known as systems lifecycle development with the entire aim and purpose of
creating and developing a useful and effective user access attestation system that will allow
for fair and secure transactions to take place. The results of the research reveals that the
COBIT 5 framework is one that can be effectively utilized for the developed of the user
access attestation system allowing for secure transactions in the domain of IT governance,
and thus recommends the use of this framework in IT governance.
Mutiara et al. (2018) have analyzed the effectiveness of the COBIT 5 framework by
using what may be termed as AHP methodology. It is argued on the part of Mutiara et al.
(2018) that the COBIT 5 framework is accepted as one of the best standards of practice in
both the domain of management as well as IT utilization and that it allows for the effective
governing as well as control of IT systems. The research is one that has been carried out in

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19BUSINESS LAW
the context of Indonesia and an attempt has been made on the part of the researchers to
understand how COBIT 5 framework is something that can be made use of in order to deal
with internal control issues. A methodology pertaining to the analytical hierarchy process,
known also as AHP methodology is something that has been utilized and put to the test on the
part of the researchers in order to create a framework of IT auditing and analysis that entirely
new in its nature and scope and which has never been put to the test before. The framework is
one that has been developed on the basis of user requirement as well as user opinion. It is
concluded on the part of the researchers that the COBIT 5 framework is one that is best suited
for developing an IT audit system for organizations which are located in Indonesia and which
require regular surveillance and control of operations, both internal as well as external. The
IT audit system can be especially well developed using AHP methods and the COBIT 5
framework with the argument being made on the part of the researchers that the COBIT 5
framework is one that allows for great transparency, accuracy and efficiency in the
development of IT governance systems.
Percheiro et al. (2017) have engaged in a detailed study about how the COBIT 5
framework is one that can be analyzed and studied in the area of enterprise governance,
especially with reference to EGIT or enterprise governance as seen to exist in the area of
information technology. The COBIT 5 framework has been put to the test by in this particular
study by seeing how successfully the framework can impart an element of efficiency and
organization to the EGIT mode of functioning, with the argument being put forward on the
part of Percheiro et al. (2017), that logically as well as semantically rich structures are those
that can be represented well with the COBIT 5 framework is put to use with respect to EGIT
or enterprise governance in information technology. The pros and cons of using the COBIT 5
framework have been pointed out by the authors in detail. An attempt has been made on the
part of Percheiro et al. (2017) to explain how cohesiveness is an important element of the

20BUSINESS LAW
COBIT 5 framework and that the use of this framework allows for IT governance activities to
be carried out in a manner that is not only transparent but which is also quite easy to monitor.
In the ultimate analysis it is concluded by Percheiro et al. (2017) that using the COBIT 5
framework and the principles that accompany it is something that is more than feasible for
enterprise governance and that enterprise governance with respect to information technology
receives a considerable boost when this framework is made use of to administer IT
governance in the most efficient way possible. In other words, COBIT 5 makes IT
governance, more smooth, secure, transparent as well as a process that is free from any of the
technical glitches that are otherwise likely to arise in the domain of Enterprise related IT
governance.
Maneerattanasak and Wongpinunwatana (2017), have talked about how the elements
of practice as well as principle can be made use of when engaging in risk management
activities in the domain of information technology and the use of the COBIT 5 framework
has been studied and analyzed in this respect. Advanced information systems in the view of
the authors are those that are frequently faced with important risks such as cyber threats, and
it is therefore expected on the part of the stakeholders of an organization that risk
management activities be carried out for IT governance so as to ensure that business
operations are carried out in a safe and secure manner, with the IT system being in place for
this purpose being one that is completely free of glitches or difficulties. A theoretical
methodology is one that has been put in place for this particular project. Relevant theories
such as task technology, practice and principle have been put in place and the ITRM
framework as well as documents have been reviewed and assessed on the part of the
researchers to determine how effectively it is that risks can be managed and averted for the
benefit of an organization. It is in this context that the authors have put in place the use of the
COBIT 5 framework to effectively assess and analyze the cyber threats that could be posed to

21BUSINESS LAW
the advanced information systems that form a characteristic feature of business organizations
in today’s day and age. The study found among other things, that the use of the COBIT 5
framework is one that appears to be effective in detecting cyber threats in a quick and
efficient manner, thus alerting IT governance officials to operations that must be undertaken
to mitigate the risks and bring the threats under control.
The use of the COBIT 5 framework is something that has been studied in the context
of King III or the King Code of Governance for the country of South Africa of 2009 by
Maseko and Marx (2016). In the view of Maseko and Marx (2016) one of the biggest
challenges associated with IT governance in South Africa is firstly the complex nature of the
work accompanied by the lack of a proper understanding of the subject matter. The King
Code of South Africa, known also as King III is one that provides recommended practices as
well as principles on how IT governance should be carried out. An attempt has been made on
the part of Mareko and Marx (2016), to see how the COBIT 5 framework and its principles
can be utilized during the implementation of King III to bring about effective IT governance.
A specific attempt has been made on the part of the researchers to see how the practices and
principles of IT governance as put forward in the COBIT 5 framework are similar, are related
to or are different from practices and principles for the same as outlined in the King Code of
2009. After engaging in an in-depth study and analysis of the IT systems of South African
administration for this purpose, it was found on the part of the researchers that what the
COBIT 5 framework brings to the table where IT governance is concerned is transparency.
The various controls and operations that are associated with IT governance are those that can
be carried out with a greater degree of transparency and efficiency when the COBIT 5
framework is used in the domain of IT governance. There are strategic control measures that
come with the use of the COBIT 5 framework, the most important of these being the desire or
the ability to meet the needs and the requirements of stakeholders. In the bargain, it is found

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

22BUSINESS LAW
that COBIT 5 is a better mode of IT governance than King III by virtue of the fact that it
makes the entire process of IT administration far more transparent than the latter is seen to do
which is why the authors recommend in conclusion, that COBIT 5 as a framework of IT
governance be utilized for keeping cyber threats at bay in organizations and companies that
are seen to operate in South Africa.
Pereira et al. (2017) have undertaken a study on the use of the COBIT 5 framework in
the domain of IT value management and IT governance. It is argued on the part of the
researchers that the growth in the amount of investment that is made in the IT sector is
something that has increased by a considerable degree the expectations of stakeholder. People
who invest in the IT sector wish to see sufficient returns upon doing so, largely because of the
high sum of money that they have to invest in this sector in the first place. It therefore
becomes all the more imperative for IT governance and IT administration to be carried out in
an efficient and secure manner, so that the business interest of stakeholders are never
compromised. The COBIT 5 framework has been studied in this particular project to see how
well it is able to influence IT administration in the area of enterprise governance. The needs
and the expectation of stakeholders is something that is increasing with every passing day,
and one of the most important principles of the COBIT 5 framework is its ability to meet the
needs and the interests of stakeholders. This paper argues that the COBIT 5 framework
makes the process of enterprise IT governance an efficient and hassle free affair. The paper
also states that COBIT 5 as a framework is one that needs to be deployed in all types of IT
governance by virtue of the fact that it makes administration a transparent affair, giving
stakeholders every idea of the actions that are undertaken as part of IT administration, the
security or the control measures that are put in place and also the systematic manner by which
the framework requires being implemented.

23BUSINESS LAW
Vijaykumar and Arun (2018) have undertaken research and analysis on how the
COBIT 5 framework is one that can be put to use when it comes to witnessing risk
assessment practices and activities as undertaken for all types of cloud based enterprises. It is
stated by the researchers that a lot of enterprise applications are available which end users can
make use of in various types of domains such as healthcare, business, industry and
manufacturing. With the slow and steady emergence of what may be termed as cloud based
computing standards, the need to engage in risk assessment activities is something that has
become all the more pertinent. Various types of risk assessment frameworks have been
analyzed and put to the test on the part of the researchers, such as the COBIT 5 framework
and it has been argued by the researchers that COBIT 5 is a framework that is worth making
use of in this respect, for a number of reasons. To begin with, the time taken by a framework
such as COBIT 5 to detect risks that can arise in the cloud computing system is quite
minimal. One does not have to wait for too long to detect and see the possibility of risk
surface when this framework is being put to use. This is also an efficient and transparent
system of IT governance. It helps in identifying the various loopholes that may exist in IT
governance, including enterprise IT governance, and helps to efficiently address these
loopholes, making sure that transactions and other aspects of IT related governance are
carried out in a safe and secure manner and that security interests of a business organization
are not compromised on, especially organizations that make use of cloud computing activities
as part of their business operations.
A detailed literature review on the effectiveness and the use of the COBIT 5
framework has been carried out by Mulgund et al. (2019) with an attempt being made on the
part of the researchers to argue that this is one of the best practices to adopt for IT governance
in any given part of the world. The strengths and the weaknesses of using various types of IT
governance frameworks have been pointed out in this piece of work after which a conclusion

24BUSINESS LAW
has been drawn that the elements of COBIT 5 make it the most desirable tool or framework
for the purpose of IT governance. Apart from discussing the strengths and the shortcomings
of the COBIT 5 framework, attempts have been made also on the part of Mulgund et al.
(2019), to discuss the state of the art infrastructure that comes with using the COBIT 5
framework and an analysis has been carried out on the part of the researchers to analyze how
the COBIT 5 framework is utilized for the purpose of identifying as well as mitigating what
may be termed as organizational risks. It is argued by Mulgund et al. (2019) that COBIT 5 is
a framework that can be easily put to use for the purpose of risk assessment and risk
mitigation in an organization and that it is highly effective for such an activity because of the
fact that the COBIT 5 framework is capable of identifying risks at a very early stage of their
occurrence. In the ultimate analysis, what Mulgund et al. (2019) have to state about the
COBIT 5 framework and its use is that it is an effective and efficient system of running IT
administration and that it is a system that can definitely be put to use for the purpose of risk
mitigation activities. The entire research has been carried out in the form of a systematic
literature review, with as many as ninety three peer reviewed publications having been
studied in detail as part of this project.
Budiarta et al. (2016) have undertaken a case study analysis of how audit frameworks
can be constructed or based on the COBIT 5 framework, specifically, how an audit
information system can be developed through the use of the COBIT 5 framework. The
research work has been carried out in the context of IT systems of governance as seen to
prevail in the country of Bali. It is argued on the part of the researchers that IT governance is
something that requires a lot of investment to be made in on the part of a business
organization, which is why matters pertaining to security that are centered around IT issues
are matters that need to be addressed with care and attention, and that one of the best ways of
doing so is through the use of the COBIT 5 framework. In the view of the authors, the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

25BUSINESS LAW
COBIT 5 framework has a standard of its own, which allows it to be used for all types of IT
governance in a hassle free manner. Upon studying the validity and legitimacy of the COBIT
5 framework it is claimed on the part of the researchers that this is a framework which is
hundred percent efficient, which is highly effective when put to use and when does a good
job of both identifying as well as mitigating the risks that can arise in the course of IT
governance or IT administration. The COBIT 5 framework can thus be successfully used, as
stated by the researchers in the context of various types of IT related governance and
administration in the country of Bali.
Gerber (2015) has engaged in a study of how the COBIT 5 framework can be used for
the management of incremental risks that arise through the use of social media platforms.
Social media as argued by Gerber (2015) is something that is increasingly made use of in
today’s day and age for the promotion of business activities and business operations and it is
one of the best types of platforms that exists today for communication of ideas. The use of
social media is something that requires the use of information technology to a considerable
extent, which is why when a business enterprise makes use of social media for conducting
activities it needs to engage in proper IT governance as well as administration to make sure
that all work is done with efficiency and proficiency. Since the use of social media for the
promotion of a business is something that involves the use of IT, Gerber (2015) has
showcased how the COBIT 5 framework can be well utilized to ensure efficiency and
effectiveness in such IT governance, making the social media business promotion activities a
smooth and hassle free affair for the particular business enterprise. In the course of the study,
an argument is made on the part of the researcher that the COBIT 5 framework is a reliable
framework that can be used for detecting the risks that can arise in the system of IT
administration and governance when social media is being used for the promotion of a
business. COBIT 5 framework is practical and effective and it will ensure that IT

26BUSINESS LAW
administrative affairs are run in a safe and secure manner, especially when the tool of social
media is being made use of to market a product or service of a particular business enterprise.
The many pros or benefits of using the COBIT 5 framework for IT governance have been
pointed out in this piece of research and it is seen that with adequate implementation, COBIT
5 can be used to ensure good IT governance not only in the present but also in the future and
the long term. In other words, the COBIT 5 framework is a tried and tested mode of IT
governance and administration and it can definitely be put to use when making use of social
media platforms for marketing or promoting business affairs or via the medium of the
internet.
Gaps in the Literature Review
The literature that has been reviewed above points to how the COBIT 5 framework
can be useful for implementation in the domain of IT governance with the argument being
made that IT governance can be made more efficient and effective by putting such a
framework to use. The COBIT 5 framework has been analyzed in the literature review for use
in various types of contexts be it for the IT governance pertaining to a national library system
of a country or for IT governance pertaining to business enterprises among others. What the
literature fails to point out is how the COBIT 5 framework can be used to govern IT matters
and IT governance that is needed when managing projects pertaining to road infrastructure.
Specifically, this particular research project will look at how the COBIT 5 framework is one
that can be used to generate solutions to IT problems that are incurred by the Road Fund
Administration in Namibia in its management of large scale infrastructure projects and make
this process a more effective and efficient one altogether.

27BUSINESS LAW
Chapter 3 – Research Methods
Aim
The purpose of this chapter is to outline the research philosophy and the research
design that have been adopted in order to carry out this project. It also mentions the specific
types of research methods that have been put to use, whether quantitative or qualitative, and
also the ways and means by which data has been collected, the size of the research
population, the data analysis that has been deployed and the important ethical factors that
have been taken into consideration for the research. Additionally, some of the limitations
associated with the research project and its implementation have also been mentioned.
Research Philosophy
Research philosophy concerns itself with the perspective that guides an investigation
or a project and as such it deals with the views and perceptions and theories of the researcher
on the subject that is being undertaken for scrutiny (Glaser and Strauss 2017). There are three
important forms or types of research philosophy that are seen to be in existence. The first of
these is the research philosophy of positivism. Positivism is a research philosophy that deals
primarily with the in-depth analysis of facts and figures. This is a research philosophy that
can definitely be put to use in order to analyze a project or a subject in a great amount of
detail. The second most well-known research philosophy that is seen to be in use is
interpretivism while the third is realism (Flick 2015). The second is a research philosophy
that revolves around management functions and various types of management activities while
the third is a research philosophy that entails use of elements that can be found in both
interpretivism and in positivism. When it comes to this particular research project, it is crucial
to remember that it is the research philosophy of positivism that has been chosen for

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

28BUSINESS LAW
undertaking the study as the project entails the dissection and analysis of various important
details put forward in the course of interviews and focus group discussions. The other two
philosophies of interpretivism and realism have been entirely rejected largely because of the
fact that these are research philosophies which appear to be subjective in their nature and are
concerned more on individuals rather than dealing objectively with the matter at hand
(Silverman 2016).
Research Design
Research design refers to the overall layout or structure that is utilized for the purpose
of investigation. As such, there are three important forms of research design that are seen to
be in circulation or in use among investigators in various corners of the globe. These are the
explanatory research design, the exploratory research design and the descriptive or analytical
research design (Glaser and Strauss 2017). The first research design is one which puts the
investigator in a position to understand the different variables that are used in the course of
investigation. The second research design is one that involves understanding a research topic
or the subject matter that is being investigated from not just one but many different
theoretical angles or theoretical perspectives while the third and final research design is one
that involves analyzing the subject matter in the most accurate way possible and that too by
paying attention to detail for this purpose. For this particular research study it can be said that
the descriptive or analytical research design has been adopted while the other two research
designs have been rejected (Glesne 2016).
Data Collection
Data for this research has been collected by conducting qualitative primary research.
The methods of research comprise of in-depth personal interviews and focus group
discussions that are conducted with employees who are working for the Road Fund

29BUSINESS LAW
Administration in Namibia and who are employed in the sector of IT governance. In addition
to focus group discussions and interviews, the research has also made use of a well-known
form of qualitative research, which is participant observation, whereby the people who are
interviewed or who are subjected to the various discussions, are observed minutely to see
what their body language is all about and what this might reflect about them, observation of
the surroundings etc.
Over and above primary research, this study has also retrieved data pertaining to the
subject matter as contained in books, peer reviewed journal articles and chapters in edited
volumes. An attempt has also been made to look at newspaper reports on the functions and
the activities of the Road Fund Administration in Namibia to gain an understanding of the
type of work that is done by the corporation and the ways by which the COBIT 5 framework
is utilized in administrating IT related operations on behalf of the corporation.
The secondary articles that were chosen to conduct the literature review were filtered
by first conducting a broad based search through scholarly databases online such as Pro-
Quest and Google Scholar on the subject of COBIT 5 first, after which the search was
narrowed down to the use of the COBIT 5 framework in IT governance as implemented in
different parts of the world. The information that was acquired through the search will be
used in the final data analysis to validate the findings of the interviews, and to put forward the
argument that the COBIT 5 framework needs to be in place at RFA for IT governance here to
be properly administered.
Designing of Research Questions
Since the primary research questions for this study are those that are aimed at finding
out how effective and useful the COBIT 5 framework is for governing IT administration with
efficiency and accuracy, the questions that were used to conduct the interviews for the

30BUSINESS LAW
research were based on the primary research questions. The interview questions that were
designed to conduct the research were those that therefore aimed at finding out whether the
present system of IT governance that is being used at the RFA is efficient or satisfactory or
not, if not, what are the disadvantages associated with the present mode of IT governance in
the country and whether or not the workers in the IT department at RFA are provided with
the dynamic and flexible environment that is needed to perform the complex operations that
are associated with IT administration. An attempt was also made as part of the interview
process to find out if stakeholder needs are being met by the current IT governance
framework that is being implemented at the RFA, taking into consideration the large sums of
money that are invested in IT governance by stakeholders and given the fact that meeting
stakeholder needs forms an important principle of the COBIT 5 framework.
Data Analysis
Since this is a research study that has taken recourse to what may be termed as
qualitative research. The analysis of the data is one that has been organized in a thematic way
based on the information that has been provided by the respondent population in the course of
the focus group discussions and the in-depth personal interviews as also through the
secondary sources of data. Specifically the themes that have been chosen for the analysis of
the data for this project are themes that are based on the five principles of the COBIT 5
framework. These are, the importance and the ability to meet the needs of the stakeholders,
the importance of implementing an end to end system of IT governance, the application of a
single and integrative system or framework when engaging in IT administration, adopting a
holistic approach to the matter of IT governance, and also finally, understanding the need to
segregate IT matters and IT administration from the general management of a company’s
affairs. It is hoped that the thematic form of analysis will provide sufficient structure and
cohesion to the research work that has been undertaken.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

31BUSINESS LAW
Content of the Interviews
A number of revelations were divulged in the course of the qualitative interviews that
were conducted for this research study. To begin with, it was observed during the interview
process that participants were hesitant to say what was on their minds, and when assured that
their identity would be kept anonymous, were more willing to speak freely during the
interviews. The questions were asked not in a rush, but with patience and in a steady manner
and sufficient time was given to the members of the respondent population to provide
answers to the questions that were being asked of them. One of the most important
revelations made during the interview process is that most of the participants do not find it
comfortable to be working in the IT domain of the RFA as there is little flexibility that is
accorded to the employees for them to be able to do their work. They are not provided with
the exclusive space or environment that is needed for them to be able to think out of the box
and come up with useful IT solutions and methods to ensure that the operations of the
company with respect to IT are performed as securely as possible. Another important
revelation that was unanimously made by the respondent population is that people in the
higher management of the RFA tend to interfere a lot with the work of the IT department and
the efficiency and productivity of IT workers is often compared with the rest of the
employees at the RFA, not taking out the specialized nature of work related to IT governance
in the process, and causing many IT employees to feel dissatisfied with the way by which IT
is being managed here.
It was mentioned by the interviewees that the current frameworks which are being
used to govern IT processes at RFA such as King III and Namcode are not too efficient and
are slowing down the process of IT governance rather than giving it the boost that is needed
to ensure that the operations of the RFA are conducted securely and efficiently. Some of the
specific observations of the participants in this respect, as stated during the interviews is that

32BUSINESS LAW
risk detection is proving to be difficult using the frameworks mentioned as a consequence of
which risk mitigation is also becoming difficult to do. It was further revealed on the part of
the members of the research population that there is little connection or cooperation between
the IT department at RFA and other departments of the company. There is no integrated
network or system in place that connects the different departments of the company together.
The fact that the accounting department and the IT department are not well connected and
don’t communicate too often is especially problem at RFA, as there is plenty of assistance
needed by the IT department members from the members of the accounting department and
vice versa to ensure that online financial transactions transpire smoothly.
The interviews that were designed were not tested when they were actually tested.
Some of the interviews were conducted through video call on Skype while some of the
interviews were conducted over voice call and some in person. The duration of every
interview was restricted between forty five minutes and one hour to make sure of the fact that
the interviewees did not suffer from any discomfort or tiredness as part of the interview
process. The permission to take the interview was obtained from the RFA over email, after
details of the research project and its purpose were sent to them, and after permission was
granted to speak to members of the IT department here, the interviews were scheduled.
Participants were emailed and asked to mention a convenient time for the interviews to be
held.
The interviews were not recorded as the respondent population was not happy about
their answers being recorded. Hence the use of a respondent population was strictly avoided
when The processes that were used to record the information of the interviews, included
jotting down notes on a piece of pen and paper and which were discarded after the
information was transferred to the computer.

33BUSINESS LAW
The information that has been obtained in the course of the interview has been
thematically analyzed using the five important principles of the COBIT 5 framework to make
the argument as to why COBIT 5 Framework can be useful for running IT affairs at the RFA.
Data Sampling
Due to the dearth of time and resources, it is a random and convenient and
probabilistic mode of sampling that the research has made use of. The sample for the research
has been derived by choosing the top most officials in the IT administration of the Road Fund
Administration in Namibia to see how well these individuals make use of the COBIT 5
framework, in the course of their study.
Sample Size
The sample size for the research comprises of 25 odd persons who are working for the
IT sector of the Road Fund Administration in Namibia. 15 of the sample population were
subjected to focus group discussions while about ten of them were subjected to in-depth
personal interviews. The focus group discussions lasted for two hours at the most while the
duration of the interviews was not longer than an hour.
It was not easy to obtain the contact details of the members of the respondent
population. The general management of the Road Fund Administration had to be provided
with important details about the project through email, the scope and the purpose of the
project was explained, what the outcomes of the project will be made known to the
respondent population and only after some time had passed that the permission to interview
members of the IT department at RFA was sanctioned. Once this permission was obtained,
the contact details were asked for, which were then provided and which in turn were then
used to get in touch with the IT department members individually, on a one to one basis
(Glesne 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

34BUSINESS LAW
As mentioned above, the most important and influential members of the IT
department were selected for interview based on the designations that they held in the
department, even though a general database of contact details had been provided by the RFA
administration. Some of the members of the respondent population were reached out to over
the phone and also over email and interviews were also scheduled with those who were
willing to sit for face to face discussions instead of communicating virtually (Flick 2015).
Although the sample size had been narrowed down to 25 research participants for
convenience and feasibility, it was still unsure as to how many would actually be willing to
talk and answer the interview questions that were posed to them. Ultimately though, all 25
members of the respondent population replied quite favorably to being interviewed and also
cooperated as much as possible while the interviews were taking place (Flick 2015).
The people who were chosen for the interviews for this research project are people
who have been working at the RFA for at least one year and who were therefore likely to
respond to the interview questions in the manner that was expected. The questions that were
posed before the respondent population were questions that were kept quite impersonal in
their tone and the answers that were provided by the respondent population were kept rather
impersonal too. While the members of the respondent population did express negative
emotions and personal dissatisfaction at times, for the most part, the answers to the interview
questions were rational and objective (Glaser and Straus 2017).
None of the people at the RFA IT Department who were chosen to take part in the
interviews and in the focus group discussions (group interviews) were acquainted with the
researcher on a personal level. No effort was also made by the researcher to get to know the
members of the respondent population personally, on a one to one basis. Interactions with

35BUSINESS LAW
research participants were kept discreet and impersonal so that objectivity could be
maintained while doing and documenting the research (Glaser and Straus 2017).
Conflict of interest and bias is completely absent from this research because as
mentioned above, the interactions that were carried out with the members of the research
population were highly impersonal in nature and no personal conversations were engaged in
or entertained in any form, as is required when engaging in qualitative research (Glaser and
Straus 2017).
Limitations of the Research
There are a number of limitations that this particular research project is characterized
by, such as the paucity of time and also the absence of enough resources with which to do
constructive research work. If more time and resources were made available, more in-depth
investigation could have been undertaken by the researcher concerning the use of the COBIT
5 framework in ensuring quick and effective IT operations and IT solutions for the Road
Fund Administration in Namibia. Specifically, with more money available at hand, a greater
number of experts could have been interviewed for the project, especially IT experts in
Namibia who work regularly with COBIT 5 framework and who are well versed with the
knowledge as to why it is the ideal network for management of IT affairs and functions
today. More funding and time could also have enabled the researcher to subscribe to leading
closed source journals to access articles on the use and the implementation of the COBIT 5
framework (Corbin et al. 2015).
Ethical Considerations for the Research
This research work has been undertaken by taking a number of ethical factors into
consideration. They are as follows –

36BUSINESS LAW
 The interviews and the focus group discussions have been undertaken by first duly
informing the members of the respondent population about the nature, the scope and
the expected outcome of the research. None of the respondents were in the dark about
why the research work is being undertaken and what purpose it is going to serve
(Silverman 2016).
 The focus group discussions and interviews were scheduled and conducted at a time
which was convenient for the respondent population. For this purpose, an effort was
made to get in touch with the sample population in person to find out when it is that
they would be free to sit for interviews (Silverman 2016).
 The duration of the interviews and the focus group discussions are not longer than an
hour or two at the most, This has been done to ensure that participants do not feel
tired, exhausted or worn out after they have finished answering their questions.
 Every effort has been made on the part of the researcher to avoid asking questions that
are of a personal nature or which are likely to induce discomfort in the participants
when asked (Flick 2015).
 The members of the respondent population were given the full freedom to opt out of
the interview process or the focus group discussions in the event that they felt
uncomfortable about what it was that was being asked of them. The nature of the
participation was kept entirely voluntary and none of the participants were coerced
into taking part in the interview process in any given way whatsoever (Flick 2015).
 The secondary sources that have been used for conducting the research have been
duly cited. There has been no duplication of academic content in any given form and
all texts and secondary sources used have been adequately cited throughout the study
in the form of a bibliography as well as in-text citations (Glesne 2016).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

37BUSINESS LAW
 The use of a video recorder was avoided for this project and whatever the respondent
population had to say to the questions that were asked of them were jotted down on
pen and paper. The respondent population was also shown what was being written
down for the matter of transparency (Glaser and Straus 2017).
 Questions of a gender sensitive nature were avoided in the course of the research
primarily because these are not required for or are relevant for the study in the first
place (Glaser and Straus 2017).
 All the interviews and the focus group discussions were documented down diligently
and the respondent population was shown the documented version and permission
was sought for using the information that was obtained in the process, for the purpose
of analysis. This consent was obtained from the respondent population verbally and
they were not made to sign any piece of paper to grant their consent in this respect
(Flick 2015).

38BUSINESS LAW
4. Chapter 4 – Findings and Analysis
The total number of research participants for this project was fixed at 25. Questions
were asked through the medium of focus group discussions and in-depth personal interviews.
Some of the interviews were conducted over phone, some over video call and some face to
face at the RFA office. Participant observant behavior is something that was limited to
respondents who agreed to take part in the face to face interactions at the RFA office in
Namibia, a place where a general observation was undertaken as well of the type of work
climate prevailing here and the type of work culture that could be seen to be in place.
There were no problems that were encountered during the data collection process as
such. The members of the respondent population were fairly willing to answer all the
questions that were asked of them as part of the interviews and the focus group discussions
and the books, journal articles and chapters in edited volumes that have been used for this
research were fairly easy to procure through online platforms as well as through local and
online libraries.
The secondary sources that were selected for this research are the sources that have
been critically reviewed and analyzed as part of the literature review. It is those same sources
that are now going to be used below to add legitimacy to the research findings as obtained
through the focus group discussions and in-depth personal interviews with IT department
workers at the RFA in Namibia. The primary reason for using the same sources is the fact
that the sources that have been reviewed are those that highlight the effectiveness and
importance of the using the COBIT 5 Framework in IT governance in not just one type but
different types of companies and enterprises the world over. Hence the findings of the
interviews and discussions will be analyzed thematically now below and it will be compared
to the arguments that have been made in these sources, recommending in the process that

39BUSINESS LAW
COBIT 5 be deployed by the Road Fund Administration in Namibia to govern its IT related
affairs.
The structure that this chapter follows is an analysis of the research findings as
collated from primary and secondary sources, and according to themes, with the themes being
based on the five important principles of the COBIT 5 Framework. Using the principles of
the COBIT 5 framework as the main themes of analysis for this chapter, the findings from
primary and secondary sources are discussed simultaneously and arguments are made as to
how COBIT 5 as an IT governance framework could prove to be highly effective for the IT
department at the Road Fund Administration in Namibia.
4.1. Theme 1 – Meeting the Needs of the Stakeholders
This research seeks to arrive at an understanding of how the principles of the COBIT
5 framework can be used to enhance the IT governance and administration that is undertaken
by the Road Fund Administration in Namibia. It is important to make note in this respect that
the Road Fund Administration in Namibia a corporation that is dedicated to the development
of safe, secure and long lasting roads, to improve mobility in the area etc. through the
allocation of funds. IT governance forms a crucial feature of the work that is undertaken by
this corporation just as it does for work that is undertaken by any other corporation. As
mentioned earlier. in order to arrive at the answers to the research questions, namely, to
understand how COBIT 5 framework is used to ensure effective governance in the domain of
IT on the part of the RFA in Namibia, primary and secondary research has been conducted
and the information that has been obtained has been analyzed thematically, according to the
five principles of the COBIT 5 Framework.
The first and most important principle of the COBIT 5 Framework lies in meeting
stakeholder needs. It was found from entering into the focus group discussions with IT

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

40BUSINESS LAW
personnel working for the Road Fund Administration in Namibia that the framework that is
currently in place for ensuring that the IT operations of the corporation are not run in an
efficient manner yet this is needed to meet the needs of the stakeholders. When asked during
the focus group discussion about whether stakeholders are presently happy with the running
of IT operations, one of the respondents stated that “Stakeholders are displeased with how
risk detection appears to be slow and problematic even when using King III and
NAMCODE”. Another respondent revealed that “Stakeholders are currently unhappy with
risk mitigation and detection at RFA and if we don’t address their concerns soon enough,
there may be a risk of funding shortage for the company for IT governance, in the near
future”. Stakeholders have made an important investment in the IT activities of the
corporation and the COBIT 5 framework takes cognizance of this by allowing for IT
processes to be monitored well enough and for risks to be mitigated significantly enough at
an early rather than a later stage of the monitoring process (Durachman et al. 2017). IT
related risks and dangers are those that are identified at the outset when the COBIT 5
framework is seen to be in place and it will not take the RFA officials longer than a few hours
to a few days at the most to mitigate the risks that appear to arise in this respect, because of
the quickness and efficiency with which problems and dangers are detected and made known
to them in the first place. In fact, it has been stated in more than one way by the RFA officials
that the usefulness of the COBIT 5 framework lies in the fact that it can help them to identify
threats in the IT governance system very easily and quickly as a result of which they can to
prevent malware from encroaching upon such a system and causing a complete shutdown of
operations, which otherwise appears to be the case given that at present, the frameworks of
NAMCODE and KING III appear not to be too effective in this respect (Durachman et al.
2017). According to one interview respondent, “NAMCODE and KING III are complicated
networks and training IT professionals in using them itself takes a lot of time. Add to that

41BUSINESS LAW
the fact that these systems make risk detection quite a lengthy procedure and often days
and months are spent on the act of risk detection alone.” The fact that the COBIT 5
framework is one that can be made use of so easily for the purpose of risk identification and
risk mitigation implies that it can do a successful job of meeting the stakeholder needs at the
Road Fund Administration in Namibia. Those who invest in the IT processes at this
corporation, including the Namibian government will be safe and secure in the knowledge
that IT processes and operations that are look into the development, establishment and
running of a secure road network in Namibia are operations that will not be interfered with or
hampered in any given way by cyber threats or advanced malware attacks as the COBIT 5
framework which is used in running IT governance on behalf of this corporation is one that is
capable of identifying risks and problems at a very early stage, giving the RFA officials
sufficient time to look into the matter and get the risks addressed. All of the RFA personnel
who were subjected to focus group discussions on the IT governance of the RFA happened to
claim that the COBIT 5 framework ought to be in place here as it can help them to keep risks
averted at all times, and in doing so, it will enable them to ensure that the interests and the
needs of the stakeholders is something that was not being compromised on in any given way.
As argued by one respondent “COBIT 5 is being utilized extensively in different parts of
the world for IT governance, including Indonesia, so there is no need why it can’t be
utilized by the RFA as well”. The investment that is being made in the IT governance of the
RFA is not something that will go in vain because of the implementation of the COBIT 5
framework (Durachman et al. 2017). It was also clear from the responses that were generated
as part of the focus group discussions and the in-depth personal interviews that putting the
COBIT 5 framework in place is not something that will prove to be difficult at all. This is
because there is a great degree of efficiency and transparency that is associated with the use
of the COBIT 5 framework which makes it easy for the IT governance officials to simply put

42BUSINESS LAW
this framework in motion and have it take care of IT related processes in a smooth and hassle
free manner (De Haes et al. 2016). There is no expert knowledge or high degree of IT related
expertise that is required to arrive at an understanding of how it is that the COBIT 5
framework functions and the manner by which it should be implemented. Hence the ease and
the convenience with which the COBIT 5 framework can be put in place for the purpose of
IT governance and the fact that it can be used for the easy and quick identification of risks
and threats followed by the immediate mitigation of such threats, makes it a perfect
framework for meeting the needs of the stakeholders in the IT governance and administration
of the RFA in Namibia which in turn implies that IT processes are undertaken in a safe,
secure and transparent manner for the benefit of the public and other stakeholders in the road
development of Namibia (De Haes and Grembergen 2016).
4.2. Theme 2 – Governing IT from an End to End Enterprise Perspective
Looking into IT related operations from an end to end perspective is another one of
the key principles and functions of the COBIT 5 framework that will be in place if it is
applied to the manner by which the IT governance is administered by the RFA in Namibia.
The end to end enterprise perspective is one which implies that IT governance when using the
COBIT 5 framework is something that is treated is more than just something that involves
doing technical work and it is treated as something that is of value for the organization
(Budiarta et al. 2016). The IT governance and administration of the RFA will be accorded a
considerable degree of value by virtue of the fact that such a heavy investment is being made
in this process by the stakeholders of the company. IT governance by virtue of the fact that it
will help to keep the road development operations of the corporation running in a safe and
secure manner, is also something that is perceived to be of immense value within and among
the employees of the corporation. It was revealed in the course of the focus group discussions
and the in-depth personal interviews that were undertaken with the 25 IT security personnel

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

43BUSINESS LAW
working for the RFA that the use of the COBIT 5 framework which involves looking at IT
operations from an end to end enterprise perspective, will lead, to the work that is done by the
unit to be perceived with great value and given great recognition by the entire corporation as
a whole while currently there appears to be little or no appreciation for this work (Bartens et
al. 2015). According to one respondent, “The use of COBIT 5 framework will ensure
better communication of RFA IT administrators with other department members and vice
versa. The use of COBIT 5 will acknowledge that the work which is performed by the IT
department is no mean task and that it is as valuable and as important as all the other
functions and operations that are performed by the RFA”. Thus, the use of the COBIT 5
framework in this respect will lead to the acknowledgement that the work which is being
done by the IT department is something that is well aligned with the operations of all other
departments of the RFA and that the value of the work done by IT department can be seen
from the fact that it will enable to ensure the safe and secure development of road networks in
Namibia (Bartens et al. 2020). Currently, the important components of the IT governance or
administrative system of the RFA involve making sure of the fact that operations are
conducted timely, that risks are detected and mitigated as quickly as possible and that
efficiency is ensured at all times. All of this by all means ought to lead to the acceptance and
recognition of the fact that the work which is being done by the IT department of the RFA is
more than mere technical work and that the operations of the corporation as a whole could
not have been run with success without the presence, the involvement and the work of the IT
division of the corporation.
4.3. Theme 3 – Application of a Single and Integrative Framework
The IT department of the Road Fund Administration of Namibia is one that ought to
make use of a single and integrative framework for conducting its operations through use of
COBIT 5, as a result of which the work or the operations of the IT division is something that

44BUSINESS LAW
will be well aligned with the work that is carried out by other important divisions of the
organization (Murad et al. 2018). It was revealed in the course of the interviews and the focus
group discussions that were carried out with the RFA officials, about 25 of them that the
operations of the IT division are seldom carried out by engaging in close collaboration with
other important divisions of the corporation such as the finance and accounting division, and
the sales and marketing and promotions division as also the division that is responsible for
mechanical operations. One member of the respondent population for instance stated that “IT
workers at RFA have little or no knowledge about how the rest of the company works as
there is little or no communication between IT department and other departments. We
don’t even know how the accounts department works as they speak to us very rarely”. No
adequate communication and collaboration has been maintained in the process that has
helped the IT division in particular to put the frameworks and systems in place that are
needed to monitor road development work and work related to road infrastructure that is done
from the perspective of IT. The other departments of the RFA are not able to relate to the
work that is being carried out by the IT department by virtue of the COBIT 5 system being in
place, yet the common goal and objective of all of the departments of the corporation is to
make sure of the fact that road development in Namibia is something that takes place in an
efficient and timely manner and without the needs and the requirements of stakeholders being
compromised in this respect (Mulgund et al. 2019). Other officials of the RFA are not well
acquainted with the work which is being performed by the RFA and this has led to the
absence of good collaboration and cooperation within the corporation as a whole, not
allowing for operations to be undertaken in a way that the goals and objectives of all of the
different departments of the corporation are achieved to meet the single goal of the
corporation which is to engage in road development work in Namibia in a way that is good
for the public and where the needs, the interest and most importantly the requirements of the

45BUSINESS LAW
stakeholders in the process of road administration in general and IT administration of road
development in particular have been fully and thoroughly met (Mutiara et al. 2018). This is
something that can be made possible through the use of the COBIT 5 framework in IT
governance whereby a single and integrative framework will be made use of in order to
connect the work that is carried out by the IT division with the work which is undertaken by
all the other departments of the network (Bunnell and Weistroff 2017). All of the different
divisions or departments of the RFA need to be connected well with each other and in the
bargain they should have a good understanding of what it is it that needs to be done to take
the RFA in forward direction.
4.4. Theme 4 - Facilitating a Holistic Approach
The holistic approach that is advocated by the COBIT 5 framework of IT governance
and administration is also something that can help RFA. It was discussed in the focus group
discussions and in the in-depth personal interviews that were conducted with the 25 RFA IT
personnel for this research study about how the King Code III and NAMCODE are currently
not being able to connect all the various departments of RFA together under one single and
common goal. In the view of one member of the respondent population, “The IT
department works in isolation from the rest of the company. We are not shown much
appreciation for our work and we have little or no knowledge about how other departments
work. The finance department is particularly aloof yet much of the work we do is aimed at
assisting them with their operations.”. The collaboration and the cooperation that is
encouraged as part of the COBIT 5 framework is something that will help the IT division of
the RFA to connect easily with other members of the corporation in order to carry out IT
related work and administration in a smooth and efficient manner (Mulgund et al. 2019).
Regular communication and dialogues need to be engaged with, with members of the
mechanical department as well as those who are involved in accounting and finance work to

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

46BUSINESS LAW
ensure that transactions, reports, and updates for road development work are undertaken in a
timely fashion, without any delay and in keeping with the standards that are expected from
the stakeholders (Mutiara et al. 2017). All of the people who are working for the RFA need to
have some knowledge or understanding of the work which is done by the IT division and this
is a department that does not do its work in isolation and this is something that can be made
feasible only if the COBIT 5 framework is in place over here (Murad et al. 2018).
The operations of the IT division depend greatly on insights and inputs that are made
available by members of the mechanical department and also the finance and accounting
division, the latter department being especially dependent on the IT division to make sure of
the fact that all of the financial related work including transactions, investments etc, are under
in a safe and secure manner (Budiarta et al. 2016). The heavy investment that is made in the
IT affairs of the RFA on the part of the stakeholders to make sure that road development
work is not hindered in Namibia and that it takes place in accordance with high standards is
something that requires the officials of the RFA to collaborate quite frequently with members
of the financial division of the company, ensuring that all IT related operations are conducted
in a way that stakeholder needs are met. This is one of the key elements of the COBIT 5
framework and it will definitely help the IT governance and administration of the RFA to be
conducted with much success, given the fact that operations are being generated with
efficiency and even risks and threats are being detected and managed before these can do any
harm to the IT system of the corporation in general. Indeed the active collaboration and
engagement that is fostered and encouraged by the COBIT 5 framework needs to be manifest
in the work of the RFA has made the operations of the RFA efficient, secure and of a high
standard especially since all the members of the corporation are in the loop with one another
about the nature of the work that is being done to meet the goals and the objectives of the
corporation (Mulgund et al. 2018).

47BUSINESS LAW
4.5. Theme 5 – Separation of IT Governance from General Management
One of the principle elements of the COBIT 5 framework is the fact that it requires IT
governance to be treated as something that is exclusive from the management process of a
company in general. IT is to be recognized as something which is exclusive in character and
the management process and structure of IT needs to be treated separately from management
process and structure of other operations of a corporation (Bartens et al. 2015). The absence
of this in the RFA is something that became evident from the responses that were generated
by the participant population who divulged in the course of the interviews as well as the focus
group discussions that the general management of the corporation interferes heavily with the
work that is carried out by the IT division and that operations of the IT department of the
corporation are treated as exclusive (Bartens et al. 2020).
A separate management team needs to be set up for the purpose of supervising the
work that is carried out by the IT department and the members of the IT department are
answerable to this management team and not the managers who run the other affairs of the
corporation. This separation of the IT department as a mutually exclusive entity, whose work
is not to be equated or compared with the work done by other departments of the organization
is something that will enable people who are involved in the IT administration of the RFA to
carry out their duties and their responsibilities with a great degree of concentration and
privacy (Nekongo 2018). Their work will not be hampered with or interfered with and they
will not be disturbed time and again by other members of the RFA over work related matters.
As discussed above though, collaboration and cooperation is something that can be facilitated
by the COBIT 5 framework and this is not seen to be in place in the RFA and which has led
to IT operations being not being conducted in a smooth and efficient manner. It is also
important to take cognizance of the fact that since the IT department is treated as a separate
division of the management of the corporation, it will enable the high tech and high skilled

48BUSINESS LAW
labor of the division to be performed in the desired environment, with no undue interruptions
occurring and with no stress being generated by the general management of the company on
the IT executives of the firm. They should be provided a safe and secure and hassle free
environment in which to do their work and should only be answerable to their immediate
supervisors and not the people who are managing the affairs of the corporation on an overall
basis (Nugroho 2017).
Finally, it can be stated upon hearing the answers provided in the course of the focus
group discussions and the in-depth personal interviews that the division of IT governance
from the general management needs to give the workers in the IT department a good deal of
autonomy and flexibility with which to do their work (De Haes et al. 2016). During the focus
group discussions, one person stated that “The general management is quite harsh on us
when monitoring our work and no consideration is made of the fact that our work is so
specialized”. Yet another member of the respondent population stated that “We are equated
with other employees at the RFA and we are not given the exclusive environment we need
to do our specialized work. We want the general management to understand that we need
to be given more flexibility to perform our complex operations better than what we are at
the moment, by being clubbed together with departments and being treated at par with
other department members, even though our work is so unique and so specialized.” “The
IT specialists who work for the Road Fund Administration in Namibia should be allowed to
carry out their work in an environment where they are not questioned too much, where they
are given the scope to be innovative and where they are not required to do their work in a
way that is in keeping with the goals and objectives that have been set for the other workers
of the organization. They must be allowed to be able to perform their duties and their
responsibilities in a secure, flexible and dynamic environment and they are not subjected to
unnecessary questioning or harassment even by the other supervisors of the corporation. As a

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

49BUSINESS LAW
result, they can get the freedom that they need to perform their complex duties and
responsibilities in the manner desired and are answerable to supervisors who are also IT
experts and who have full knowledge of the complex and technical work that is being
undertaken by them (Durachman 2017). This dynamism and flexibility that can be accorded
to IT administration and governance by virtue of the COBIT 5 framework is something that
accounts for the success of the framework and it appears to be one of the foremost reasons
why the IT department of the RFA should be able to meet with success in the performance of
its operations if it makes use of such a framework. There is no hindrance and no objection
that these IT personnel have to face from others in the organization, notably people who are
holding managerial positions in the organization, apart from supervisors in their own
department, who happen to be understanding by nature and who have full knowledge and
expertise concerning the type of work that is being undertaken by them. The IT workers for
the RFA will able to do their best for the corporation because of this lack of interference
(Durachman 2017).
In the ultimate analysis it can be said that the COBIT 5 framework will be useful for
implementation by RFA as it can make the IT governance and administration of the RFA
something that is efficient, transparent and free from glitches in every sense of the term. All
of the principles of the COBIT 5 framework as implemented in running the affairs of the IT
department of the RFA will play a crucial role in getting the work done by this department to
be of a high standard, to be delivered in a timely manner and to be looked up to and
appreciated by others in the organization. Indeed the COBIT 5 framework is definitely
something that the RFA should avail at all times in order to keep its IT system free from
defects and problems at all times, and to ensure that IT operations are conducted in keeping
with stakeholder interests and requirements.

50BUSINESS LAW
5. Chapter 5 – Conclusion and Recommendations
The aim of this research project has been to uncover the various ways by which the
COBIT 5 framework can be utilized to help the RFA officials carry out their day to day
functions with ease and to lead the corporation to achieve its goals and objectives in a
quicker, safer and more secure manner. The Road Fund Administration as mentioned before
is a corporation that concerns itself with the development of a safe and secure road
infrastructure in Namibia. The IT governance that the RFA has been making use of, in
order to look into such development work and which the stakeholders of the RFA have
heavily invested in, are frameworks such as NAMCODE and King III. While these are
sound frameworks, the interviews and focus group discussions conducted with as many as 25
IT personnel working for the RFA reveals that the employees here are not given much
autonomy to do their work, that a lot of their activities are interfered with by the general
administration of the corporation and that there is little cohesion and communication when it
comes to the internal matters of the RFA. No special acknowledgement is made of the fact
that the IT department is one of the most valued divisions of the corporation and that by all
means it ought to be treated as a separate entity that is capable of doing its work
autonomously without answering to the rest of the corporation for this. It is also found that at
present the stakeholder needs are not being looked into adequately since risk detection in the
IT governance of the RFA is at an all-time low, and that the efficiency of the IT department is
being compromised on because of the fact that it is not able to detect and mitigate risks too
easily.
When it comes to meeting the business interests of the corporation, given the fact
that a substantive amount of money is invested in the IT governance of the RFA by the
stakeholders, it is highly important or imperative rather, for the stakeholders of the

51BUSINESS LAW
organization to see that the investment that they are making is going to give them good
returns, that they are going to get full value for the money which is being invested and that
the work of the corporation will not be compromised with, something that at present RFA’s
IT department is not able to show or fulfil. Hence it can be concluded from the literature
review and the analysis that has been carried out of the information that was obtained through
the focus group discussions and interviews with 25 IT personnel at RFA that it is the COBIT
5 framework that needs to be place in RFA. By putting the COBIT 5 framework in
place, the RFA is going to be able to do a better job of running its IT operations than
what it is able to at the moment, given the many business benefits that are associated
with the use of this framework.
The literature review that was carried out prior to data collection and data analysis
showcases the fact that of all the IT frameworks that are seen to be in place worldwide it is
COBIT 5 which is deemed to be the most useful. While other frameworks such as
NAMCODE and KING III are also being used in places like Indonesia and South Africa, and
which are also in place in the IT administration of the RFA, these are not as efficient or as
effective as the COBIT 5 framework primarily because of the five principles or modes of
operation that the COBIT 5 framework is characterized by. Specifically, it must be pointed
out in this respect that the principles of the COBIT 5 framework especially the importance
that it places on meeting stakeholder needs is what accounts for the success of this
framework, as seen from the literature review. The data collection and analysis for this study
showcases the fact that stakeholder needs are not being successfully met at the RFA, that
efficiency is minimal in the area of IT operations and that IT officials of the corporation are
not distinguished from people who do other types of work for the corporation and are not
provided with the flexibility and the dynamic environment that they need to do a good job for
the corporation. Hence it can be concluded in the final analysis that the COBIT 5 framework

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

52BUSINESS LAW
needs to be put in place by the IT department of the RFA if it is to manage its IT affairs better
than what it is able to at the moment. The COBIT 5 framework is one which will help the
corporation to do a successful job of making sure that IT affairs related to road development
in Namibia are carried out in a safe and secure manner, that there are no cyber threats or
difficulties that can arise in the course of running such operations, and in the event that such
issues do arise, the system that is in place by virtue of the COBIT 5 framework can
successfully analyse and mitigate the risks which arise. Hence the officials of the RFA
especially the management of the IT division of the organization should waste no time at all
in getting the COBIT 5 framework in place at the RFA to add greater efficiency,
effectiveness and stakeholder accountability to the work of the IT division of the corporation.
5.1. Recommendations
The following recommendations can be taken into consideration by the IT officials at the
RFA when implementing the COBIT 5 framework for improving IT operations –
 The COBIT 5 framework is something that the IT department at the RFA must put in
place, replacing the other frameworks such as NAMCODE and King III in the
process. The COBIT 5 framework must be used by first making sure that the money
which is being invested in the organization by the stakeholders is respected and
valued and some returns are shown to the stakeholders for the money which they are
investing in the corporation (Andry and Setiawan 2019).
 The COBIT 5 framework needs to be put in place by the IT officials at the RFA to
ensure that IT operations are being carried out with plenty of efficiency and
effectiveness. The COBIT 5 framework needs to be installed and implemented in a
way by which operations can be delivered in a better turnaround time and which are
free from dangers and risks in any form (Bartens et al. 2020). In fact the risk

53BUSINESS LAW
mitigation feature of the COBIT 5 framework is something that the RFA officials
need to cash in on to ensure that there are no threats posed to the running of the IT
system of the corporation (Mohanan and Menon 2016). If risks are detected and
averted on time, and which is something which the COBIT 5 framework is known to
do, then greater accountability can be ensured for the stakeholders who will know that
the IT system of the corporation is safe and secure and free from any risk and that the
workings of this system will not be affected by risks and dangers at any given point of
time (Astuti et al. 2017).
 The COBIT 5 framework must be put in place and implemented in the RFA in a way
that one integrated framework is used for conducting the operations of the RFA. This
implies that the work of the IT department will be linked to the work that is performed
by other important departments of the RFA such as the department that is involved in
marketing and fund raising activities as also the department that is responsible for
accounting, finances and billing (Bartens et al. 2015). In this way all the different
departments of the RFA will be in the loop about the type of work that is being done
by all of the employees who are working for this corporation. This in turn is
something that is going to facilitate greater cooperation and harmony among the
people working in the various divisions of the corporation which is something that is
needed if the goals and the objectives of the RFA are to be achieved as efficiently and
as effectively as possible (De Haes and Grembergen 2016). COBIT 5 framework and
its integrative system of working will mean that all the goals of the various
departments of the RFA be it IT related goals or other types of goals will be aligned
with the one common goal of the corporation which is to develop a secure and safe
road network for the public of Namibia (Bartens et al. 2020).

54BUSINESS LAW
 Specifically, the RFA officials should use the COBIT 5 Framework for improving IT
operations in Namibia by ensuring that there is plenty of collaboration and
cooperation with other departments of the corporation as well. For instance, the
finance department and the IT department of the RFA need to be in sync with one
another, as IT plays a crucial role in making sure that all types of financial
transactions for and on behalf of the corporation are those that are carried out in a
secure and safe manner at all times. In much the same way, the other departments and
members of such departments like marketing and communications need to understand
be familiar with the work that is being done by the IT division so that they can use IT
related mediums of communication quite effectively for disseminating knowledge
about the work that is done by the corporation (Hugh et al. 2018). For instance,
regular communication between the members of the IT department and the finance
division or the marketing division will instruct the members of the latter departments
on how they can use IT platforms like social media for instance to spread greater
awareness about the work that is done by the RFA and in the process even solicit
funds for the work of the RFA even though much of the money for this corporation
comes from the government of Namibia rather than from private stakeholders or
investors in the private sector (Bartens et al. 2015).
 Finally, it needs to be borne in mind by the RFA officials who wish to use the COBIT
5 Framework to improve IT governance in the corporation to make sure that this
framework is used in a way that it makes a sharp distinction between the work that is
done by the IT division and the work which is performed by the rest of the
corporation. The COBIT 5 framework needs to be made use of on the part of the RFA
to showcase the fact that the IT department of the corporation must be acknowledged
as a separate and exclusive entity and that the workers of this particular department

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

55BUSINESS LAW
are to be answerable only to supervisors who are also IT experts and who work in the
same department as them (Budiarta et al. 2016). They must not be made answerable to
managers or supervisors who have no knowledge of the specialized work that they are
undertaking. What this will end up doing is that it will give the IT workers of the RFA
the secure and the flexible work environment that they need to do their work with care
and attention and it will also prevent them from running into a rift with the general
management of the corporation. Tiffs and problems can be easily avoided by
secluding the IT department as an exclusive entity and giving the IT workers of the
RFA the space and the authority that is needed to do their work without having to
explain themselves to higher authority that has no clue or idea about the specialized
work that they do (Bunnell and Weistroffer 2017).
5.2. Study Weaknesses
As mentioned in the chapter on research methodology, this project was faced with
limitations such as limited time and resources. With more time at hand, a greater number of
IT experts including those working at other corporations in Namibia could have been spoken
to understand the type of IT solutions and frameworks that can be recommended for use by
RFA to meet its business interests suitably enough. With more resources, more journals and
libraries online could be subscribed to and more reading could have been done to understand
in detail, the various benefits of COBIT 5 and if there are other IT frameworks that are being
used in the world today, that can prove to be effective and useful for running IT operations at
RFA, at least better than what King III and NAMCODE is able to assure.

56BUSINESS LAW
References
Andry, J.F. and Setiawan, A.K., 2019. IT GOVERNANCE EVALUATION USING COBIT
5 FRAMEWORK ON THE NATIONAL LIBRARY. Jurnal Sistem Informasi, 15(1), pp.10-
17.
Astuti, H.M., Muqtadiroh, F.A., Darmaningrat, E.W.T. and Putri, C.U., 2017. Risks
Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case
Study of ITS Service Desk. Procedia Computer Science, 124, pp.569-576.
Bartens, Y., Chunpir, H.I., Schulte, F. and Voß, S., 2020. Business/IT alignment in two-sided
markets: a cobit 5 analysis for media streaming business models. In Sustainable Business:
Concepts, Methodologies, Tools, and Applications (pp. 1123-1146). IGI Global.
Bartens, Y., De Haes, S., Lamoen, Y., Schulte, F. and Voss, S., 2015, January. On the way to
a minimum baseline in IT governance: using expert views for selective implementation of
COBIT 5. In 2015 48th Hawaii International Conference on System Sciences (pp. 4554-
4563). IEEE.
Budiarta, K., Iskandar, A.P.S. and Sudarma, M., 2016. Audit Information System
Development using COBIT 5 Framework (case Study: STMIK STIKOM Bali). International
Journal of Engineering and Emerging Technology, 1(1).
Bunnell, L. and Weistroffer, H.R., 2017. Integration of the COBIT 5 Framework into the
SDLC for Development of a User Access Attestation System. Integration, 3, pp.25-2017.
Corbin, J., Strauss, A.L. and Strauss, A., 2015. Basics of qualitative research. sage.

57BUSINESS LAW
De Haes, S., Huygh, T., Joshi, A. and Van Grembergen, W., 2016. Adoption and impact of IT
governance and management practices: a COBIT 5 perspective. International Journal of
IT/Business Alignment and Governance (IJITBAG), 7(1), pp.50-72.
De-Haes, S.D. and Grembergen, W.V., 2016. Enterprise governance of information
technology: achieving alignment and value, featuring COBIT 5.
Durachman, Y., Chairunnisa, Y., Soetarno, D., Setiawan, A. and Mintarsih, F., 2017, August.
IT security governance evaluation with use of COBIT 5 framework: A case study on UIN
Syarif Hidayatullah library information system. In 2017 5th International Conference on
Cyber and IT Service Management (CITSM) (pp. 1-5). IEEE.
Flick, U., 2018. An introduction to qualitative research. Sage Publications Limited.
Glaser, B.G. and Strauss, A.L., 2017. Discovery of grounded theory: Strategies for
qualitative research. Routledge.
Glesne, C., 2016. Becoming qualitative researchers: An introduction. Pearson. One Lake
Street, Upper Saddle River, New Jersey 07458.
Hugh, TDe Haes, S., Joshi, A. and Van Grembergen, W., 2018, January. Answering key
global IT management concerns through IT governance and management processes: A
COBIT 5 View. In Proceedings of the 51st Hawaii International Conference on System
Sciences.
Mohanan, C. and Menon, V., 2016, October. Disaster management in India—An analysis
using COBIT 5 principles. In 2016 IEEE Global Humanitarian Technology Conference
(GHTC) (pp. 209-212). IEEE.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

58BUSINESS LAW
Mulgund, P., Pahwa, P. and Chaudhari, G., 2019. Strengthening IT Governance and Controls
Using COBIT: A Systematic Literature Review. International Journal of Risk and
Contingency Management (IJRCM), 8(4), pp.66-90.
Murad, D.F., Fernando, E., Irsan, M., Kosala, R.R., Ranti, B. and Supangkat, S.H., 2018,
September. Implementation of COBIT 5 Framework for Academic Information System Audit
Perspective: Evaluate, Direct, and Monitor. In 2018 International Conference on Applied
Information Technology and Innovation (ICAITI) (pp. 102-107). IEEE.
Mutiara, A.B., Prasetyo, E. and Widya, C., 2017. Analyzing COBIT 5 IT Audit Framework
Implementation using AHP Methodology. JOIV: International Journal on Informatics
Visualization, 1(2), pp.33-39.
Nekongo, T.N., 2018. Investigating the criteria for appointing board memebrs of selected
public enterprises within the road industryin Namibia (Doctoral dissertation, University of
Namibia).
Nugroho, H., 2017. Proposed IT Governance at Hospital Based on COBIT 5
Framework. IJAIT (International Journal of Applied Information Technology), 1(02), pp.52-
58
Patón-Romero, J., Baldassarre, M., Piattini, M. and García Rodríguez de Guzmán, I., 2017. A
governance and management framework for Green IT. Sustainability, 9(10), p.1761.
Percheiro, I., Almeida, R., Pinto, P.L. and da Silva, M.M., 2017, September. Towards
conceptual meta-modeling of ITIL and COBIT 5. In European, Mediterranean, and Middle
Eastern Conference on Information Systems (pp. 478-491). Springer, Cham.

59BUSINESS LAW
Pereira, C., Ferreira, C. and Amaral, L., 2017, September. IT Value Management Capability
Enabled with COBIT 5 Framework. In European, Mediterranean, and Middle Eastern
Conference on Information Systems (pp. 431-446). Springer, Cham.
Petrus, H.N. and Krygsman, S., 2018. Evaluation of national road network funding in
Namibia: the curse of efficient road user charges.
Putri, M.A., Aknuranda, I. and Mahmudy, W.F., 2017. Maturity evaluation of information
technology governance in PT DEF using Cobit 5 Framework. Journal of Information
Technology and Computer Science, 2(1), pp.19-27
Sabatini, G., Setyohadi, D.B. and Purnomo, W.Y.S., 2017, September. Information
technology governance assessment in universitas Atma Jaya Yogyakarta using COBIT 5
framework. In 2017 4th International Conference on Electrical Engineering, Computer
Science and Informatics (EECSI) (pp. 1-5). IEEE.
Silverman, D. ed., 2016. Qualitative research. Sage
van Wyk, J. and Rudman, R., 2019. COBIT 5 compliance: best practices cognitive computing
risk assessment and control checklist. Meditari Accountancy Research
Wijaya, A.F., 2017, November. Analysis of information technology governance e-KTP using
COBIT 5 framework. In 2017 International Conference on Innovative and Creative
Information Technology (ICITech) (pp. 1-6). IEEE
Wilkin, C.L., Couchman, P.K., Sohal, A. and Zutshi, A., 2016. Exploring differences
between smaller and large organizations' corporate governance of information technology.
International Journal of Accounting Information Systems, 22, pp.6-25.

60BUSINESS LAW
Wolden, M., Valverde, R. and Talla, M., 2015. The effectiveness of COBIT 5 information
security framework for reducing cyber attacks on supply chain management system. IFAC-
PapersOnLine, 48(3), pp.1846-1852.
Appendix 1
Questionnaire for Interviews
1. How long have you been working at RFA?
2. How congenial is the work environment at the IT department?
3. Are glitches and technical interruptions a common affair in the IT department?
4. What are the principle IT framework’s being used for IT administration?
5. How are orders distributed for IT administration?
6. Are IT professionals accountable to general administration of RFA?
7. Are IT professionals in RFA aware of the work done by other departments at RFA?
8. Are stakeholders happy with the work being done by RFA?
9. If not, what are the areas that are lagging behind that makes stakeholders upset?
10. How good is the risk detection system in the IT administration at RFA?
Questionnaire for Focus Group Discussions
1. Are IT professionals allowed flexibility and dynamism by RFA administration?
2. Are other departments of the RFA aware of the work being done by the IT
department?
3. What are the current benefits of the IT frameworks being used by RFA?
4. What are the current disadvantages of the IT frameworks being used by RFA?
5. Can COBIT 5 be useful for the IT work done by RFA?

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

61BUSINESS LAW
6. Are IT professionals at RFA respected for their work? Is their work given any
exclusive recognition?
7. Does the general management of RFA interfere in the work of the IT department?
8. Is the finance and accounting department in sync with the work that is done by the IT
division?
9. Are stakeholders happy or dissatisfied at present?
10. What are the areas of concern for stakeholders?