A Case Study: Implementing COBIT 5 Framework for RFA IT Governance

Verified

Added on 2022/10/01

AI Summary

This report presents a comprehensive case study on the Road Fund Administration (RFA), a public sector company, and its IT governance framework. The study focuses on the implementation of the COBIT 5 framework as a mechanism to address the limitations of the current IT governance structure, which is based on a five-year Integrated Strategic Business Plan, NAMCODE, and KING III. The research aims to analyze the effectiveness of the current framework, identify inadequacies, and evaluate the potential benefits of COBIT 5 implementation. The report explores the research questions, objectives, and rationale, including the advantages of COBIT 5 over other frameworks. The methodology includes a literature review, research methods, and data analysis. The findings highlight themes such as stakeholder needs, enterprise perspective, a single integrative framework, a holistic approach, and the separation of IT governance from general management. The conclusion provides recommendations for the RFA regarding the implementation of COBIT 5 to improve IT governance and achieve strategic goals, operational excellence, and risk management.

Running head: BUSINESS LAW
Implementing COBIT 5 Framework as a Mechanism of IT Governance: A Case Study of
Road Fund Administration with Respect to its Current IT Governance Framework, Standards,
and Processes
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1BUSINESS LAW
Table of Contents
1. Introduction............................................................................................................................3
1.1 Background......................................................................................................................3
1.2 Problem Statement...........................................................................................................5
1.3 Research Aim...................................................................................................................6
1.4 Research Questions..........................................................................................................6
1.5 Research Objective......................................................................................................6
1.6 Rationale of the Research............................................................................................7
1.7 Structure of the Research.............................................................................................8
1.8 Summary..........................................................................................................................9
Chapter 2 - Review of Literature.............................................................................................10
Chapter 3 – Research Methods................................................................................................25
Research Philosophy............................................................................................................25
Research Design...................................................................................................................25
Data Collection.....................................................................................................................26
Data Analysis.......................................................................................................................27
Data Sampling......................................................................................................................27
Sample Size..........................................................................................................................27
Limitations of the Research.................................................................................................27
Ethical Considerations for the Research..............................................................................28
4. Chapter 4 – Findings and Analysis.....................................................................................30

2BUSINESS LAW
4.1. Theme 1 – Meeting the Needs of the Stakeholders.......................................................30
Theme 2 – Governing IT from an End to End Enterprise Perspective................................32
Theme 3 – Application of a Single and Integrative Framework..........................................33
Theme 4 - Facilitating a Holistic Approach.........................................................................35
Theme 5 – Separation of IT Governance from General Management.................................36
5. Chapter 5 – Conclusion and Recommendations..................................................................41
5.1. Recommendations.........................................................................................................43
Reference..................................................................................................................................47

3BUSINESS LAW
1. Introduction
1.1 Background
The corporation involved in this case is the Road Fund Administration (RFA), which is a
public sector company. The recognition of the corporation has been extended by the Act of
the Parliament of Namibia dated 1st April, 2000. The objective of this was to specify a
mandate for the purpose of attaining the Namibian Road User Charging System (RUCS) and
the Road Fund. The view with which this research was required is the assurance of the safety
and adequacy that can support the road sector. The RFA consists of a strong senior
organisation which has engaged highly accomplished along with skilled and capable
employees (Petrus and Krygsman 2018). This strong senior organisation has been working
towards attaining fitness as well as maintenance of infrastructural development. The IT
environment of the RFA is identified to be stable. This stability of the IT environment has
resulted in many successes relating to technology with respect to innovation as well as
management. There has been no rapid growth of knowledge which has the consequence of
increasing the efficiency that is essential for the initiatives and to merge all the obtainable
evidences. These achievements have been met by the RFA with the efficient exploitation of
the diverse methods as well as capital (Nekongo 2018). The senior management pertaining to
the RFA is of the opinion that the development of an information technology supremacy
outline is needed, which should be solitarily as well. This has been suggested by the senior
management belonging to RFA, for the purpose of eradicating the several frameworks as well
as standards that have been undertaken to be applied all through the years. There has been a
desire of the senior management of RFA to carry out a research study of comprehensive
nature for the purpose of analysing the criticality as well as efficiency with respect to the
application of COBIT 5 outline and to inform of a mechanism to assist it in the governance at

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4BUSINESS LAW
the RFA (Mohanan and Menon 2016). The analysis needs to be based on the comparison that
can be drawn with respect to the present IT governance Framework with that of the COBIT 5
along with the standards, procedures and the present status quo.
COBIT 5 depicts a framework that has been developed by the Information Systems Audit
and Control Association (ISACA). This system has been formulated for the purpose of
ensuring management as well as governance in relation to information technology (IT). The
main objective behind the COBIT 5 framework was to extend a commonly used language to
the business executives in order to make effective communication amongst themselves
regarding objectives, goals and consequences. The chief intentions underlying the
development of COBIT 5 can be summarised in the following way (Patón-Romero et al.
2017). Firstly, the system has been formulated for ensuring accuracy of the information for
the purpose of supporting decisions relating to the business. Secondly, the implementation of
the same has been backed with the objective of achieving strategic goals using the assistance
of information technology. Thirdly, this Framework has been designed for the maintenance of
the operational excellence using the technology in an effective manner. Fourthly, it has been
intended to keep the risks relating to information technology to an acceptable level. Fifthly, it
has been designed to bring down the cost relating to information technology services. Lastly,
it has been adopted to maintain compliance with the regulations and legal principles of the
country (Bartens et al. 2015). Presently, the COBIT 5 framework has assumed the status of a
standard practice in the industry for the governance and management of information
technology. Previously, it had been developed under the name of Control Objectives for
Information and related Technology. The COBIT 5 has been more concerned about the
creation of business value. This framework consists of five principles that requires the
satisfaction of the needs of the stakeholders, covering the end to end of an enterprise,

5BUSINESS LAW
application of the single integrated framework, ensuring holistic approach and making a
separation of management from the governance (Wilkin et al. 2016).
The present system that has been covering all the aspects relating to the business as well as
revenue streams of RFA is a five-year Integrated Strategic Business Plan, which has been
implemented from the years 2019 to 2050. The pillars of corporate governance that have been
implemented by RFA are the NAMCODE and the KING III. These structures have been
implemented to extend support to the day to day affairs of the business and streamline the
operations. However the support extended by the recent structure of governance does not
support the IT governance to its entirety and has been proven to be ineffective in certain
circumstances (Huygh et al. 2018). All these inadequacies pertaining to the present system of
governance has paved way for the need for introduction of COBIT 5 by the senior
management of RFA. This particular framework provides a more efficient governance to the
organisation and strives to address and remedy all the internal limitations that have existed in
the previous governance system. The people would strive to analyse the present structure of
governance implemented by the RFA. It will discuss the inadequacy that the senior
management has been facing regarding the present structure of governance framework. It will
also discuss the need for introducing the COBIT 5 IT governance framework within RFA. In
doing that, this paper would point out the advantages of COBIT 5 over any other IT
governance framework (Murad et al. 2018).
1.2 Problem Statement
The IT governance framework that has been implemented by the RFA is a five-year
Integrated Strategic Business Plan running from 2015-2019. The pillars of these corporate
governance Framework are KING III and NAMCODE. These are concerned with the day to
day business operational support and streamlining operations. However, it has been found by

6BUSINESS LAW
the senior management in many instances that the government support was not effective
enough to address all the situations. Several inadequacies have been found in the present
corporate governance Framework used by the organisation. This has made the senior
management to consider the implementation of COBIT 5 as an IT governance and
management framework in the organisation. This is because COBIT 5 has many advantages
over any other corporate governance and management framework existing. There is a
demand in the RFA to implement COBIT 5 as their corporate governance framework to
address all the inadequacies that have been prevailing in the present framework.
1.3 Research Aim
The sole objective of this paper is to present an analysis and evaluation of the
implementation of COBIT 5 as an IT governance and management framework in the RFA
and pointing out the inadequacies that have been identified with the present framework.
1.4 Research Questions
The key questions that will be addressed are:
 What are the IT Governance Framework and standards that have been prevailing in
the RFA and whether these framework and standards are adequate to upkeep the IT
objectives of the RFA business?
 Whether the IT Governance Framework that has been prevailing in the RFA is
effective and successful in supporting the IT commercial goals, in optimizing the
assets of the business and in addressing the risks relating to IT suitably?
 What business benefits are supposed to be realized by the proper implementation
of the COBIT 5 charter in the RFA?

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7BUSINESS LAW
1.5 Research Objective
This paper would analyse the effect of the implementation of COBIT 5 framework within
the RFA in the form of a mechanism of IT governance in place of the present governance
framework. Certain objective that need to be satisfied for the purpose of attaining the same.
These are enlisted in the following few pointers:
 To evaluate the growing demand for the implementation of COBIT 5 as the IT
Supremacy Framework within the RFA in place of the present IT governance in
use. This will be attained by way of primary research bundled with the literature
review.
 To determine the advantages that might be accrued by the implementation of
COBIT 5 as the IT Supremacy Framework within the RFA in place of the present
IT governance in use. This aim would be achieved by data collection and the use of
secondary research processes.
 To arrive at an inference regarding the advantages that might be accrued after the
implementation of COBIT 5 as the IT Supremacy Framework within the RFA in
place of the present IT governance in use. This would be addressed in the
conclusion section of the paper.
1.6 Rationale of the Research
The research rationale relating to this paper is to evaluate the need for the implementation
of the implementation of COBIT 5 as the IT governance and management framework within
the RFA. It will analyse the present IT governance framework that has been implemented in
the RFA. This paper would detect the inadequacies that have been faced with the usage of the
present framework. It will also provide a discussion on the advantages that COBIT 5 has over
the other frameworks. The COBIT 5 framework has assumed the status of a standard in the

8BUSINESS LAW
industry for the governance and management of information technology. COBIT 5 depicts a
framework that has been developed by the Information Systems Audit and Control
Association (ISACA). This system has been formulated for the purpose of ensuring
management as well as governance in relation to information technology (IT) (Haes and
Grembergen 2016).
The pillars of corporate governance that is implemented by RFA are the NAMCODE and
the KING III. These structures have been implemented to extend support to the day to day
affairs of the business and to streamline the operations. The present system that has been
covering all the aspects relating to the business as well as revenue streams of RFA is a five-
year Integrated Strategic Business Plan, which is implemented for the years 2019 to 2050.
However, the support extended by the recent structure of governance does not support the IT
governance in its entirety and has proven to be ineffective in certain circumstances. All these
inadequacies pertaining to the present system of governance have paved way for the
introduction of COBIT 5 by the senior management of RFA (De Haes 2016).
1.7 Structure of the Research
2 Introduction – This chapter will contain the evaluation of the demand for the
implementation of COBIT 5 as the IT Supremacy Framework within the RFA in place of
the present IT governance in use. It would determine the advantages that might be
accrued through the implementation of COBIT 5 as the IT Supremacy Framework within
the RFA in place of the present IT governance in use.
3 Literature Review – This chapter will define the concept and evaluate the need of COBIT
5 framework in RFA. It will address the inadequacies and limitations of the existing
frameworks. A comparative review of COBIT 5 Framework with the other frameworks
will also be carried out. This shall further highlight the major benefits of its adoption.

9BUSINESS LAW
4 Research Methodology – This chapter would indicate the Research Methodology that will
be used by the researcher and in ensuring the successful collection of appropriate data.
This reason and rationale for choosing this particular method will also be highlighted.
5 Data Analysis – This chapter will discuss the analysis of the data that has been collected
and implementation of appropriate tools and techniques regarding the analysis of such
data.
6 Conclusion and Recommendation – This chapter will provide a concluding section in line
with the facts that will be found in the sections of literature review and data analysis. The
chapter will further cover recommendations based on the data analysis that in Chapter 5.
1.8 Summary
Therefore, the present chapter of this paper would provide a summary of the demand for
the implementation of the COBIT 5 as an IT governance and management framework for the
RFA. This is because the present IT governance and management framework that is being
used in RFA is not adequate enough to address the day to day operations with all its
complexities. Moreover, this paper would also provide for certain conclusion and
recommendations based on which other organizations in the industry can comprehend the
leading benefits of the integration of the COBIT 5 Framework.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10BUSINESS LAW
Chapter 2 - Review of Literature
Tim et al. (2018), have examined concerns and issues in global IT governance using
the perspective that is offered by the COBIT 5 framework. The governance as well as the
management of IT processes through the use of the COBIT 5 framework is something that
has been analyzed in detail by the authors. They argue that such management or governance
of processes is leveraged from the point of view of practice, in order to answer to two
important concerns pertaining to modern day IT management, that is, the issue of security
and the issue of alignment. For the purpose of practice, what this particular research is seen to
shed its light on, is the management and government of IT processes that appear to be the
most relevant or the most useful for explaining how security and alignment can be easily
achieved. In the view of the authors, practitioners in the domain of IT governance can make
use of such results in order to make sure that the concerns are answered as best as possible.
The methods that the research has utilized in order to investigate the issues and concerns in
global IT governance from the perspective of COBIT 5 are those that fall within the category
of what may be termed as penalized regression. The primary aim of making use of such a
technique on the part of the researchers has been to identify the type of IT governance and
management approaches that are deemed to be the most important with respect to practice,
especially when it comes to offering a legitimate explanation as to how the concerns or issues
of security and alignment can be easily achieved. In other words the most crucial objective
that this particular research has been guided by is the identification of IT governance and
management processes that are relevant and useful in attaining alignment and security.
Pereira et al. (2017) have studied about IT governance and management using the
COBIT 5 Framework as well. According to the researchers, one of the most common
dilemmas that is faced by organizations and the leaders of such organizations in guaranteeing

11BUSINESS LAW
value from all of the high level investments in IT infrastructure that are made; is the manner
through which organizations make sure of the fact that benefits are reaped by them from the
expensive investment that they make in infrastructure. In the view of the authors, it is
important to arrive at a superior understanding of how value can be delivered to a particular
business through the use of what may be termed as IT initiatives. According to the
researchers this is quite critical, as without such knowledge, gaining an understanding of the
process of IT governance is something that remains incomplete. It is further argued on the
part of the researchers that value is not something that ought to be perceived as a financial
return only but rather as many other strategic factors which are also seen to have an impact
on the running of a business. A resource based theory has been adopted on the part of the
researchers for the purpose of identifying and proposing practices, resources and
competences that contribute towards the process of developing and conceptualizing what may
be termed as IT Value Management Capability Model. An oriental and practical perspective
is taken for viewing the present IT governance and management process namely the Val IT
2.0 framework and the COBIT 5 framework. On the basis of the findings of the research, it is
argued by the authors that the IT Value Management Capability Model is one that is capable
of developing practices, resources and competences, which contribute towards giving a
competitive advantage and business value to a specific organization.
Angligsari et al. (2018) have undertaken an evaluation of the COBIT 5 Framework.
According to the authors information technology governance is used for guiding and
controlling the operations of an organization, in a way that it is able to meet its business goals
and objectives while ensuring the quality parameters. The research undertaken by Anglingsari
et al. (2018) was done in the context of a company that is known as PT DEF. This is an
organization that makes increased use of information technology in order to support the
business processes of its organization. According to Anglingsari et al. (2018), IT governance

12BUSINESS LAW
is essential as it enables IT activities to be implemented or administered in the desired
manner. This research in particular by the authors was carried out with the view of
conducting an audit on the type of IT governance framework that is used by PT DEF to run
its business and this audit is carried out using the COBIT 5 Framework along with a specific
domain known as DSS or Deliver, Support and Service domain. The values that were
obtained as a result of the research process were considered by the authors to not be fully
achieved but partially achieved. The capability level is something that has been utilized on
the part of the researchers to identify the gap that can be witnessed in DSS process. It is
argued by Anglingsari et al. (2018) that the main aim of the research is to provide
recommendations that can be used for improving capability levels with respect to the DSS
domain in order to enhance the performance of PT DEF.
Nguyen et al. (2018), have researched on how IT governance can be mapped to the
software development process, and the frameworks that have been researched upon by the
authors in this respect are GI Tropos and COBIT 5. According to Nguyen et al. (2018),
mapping principles of IT governance through the use of frameworks such as GI Tropos or
COBIT 5 goes a long way in enabling IT managers to go ahead and propose management and
governance rules for the development of software to be able to cope with the needs and
requirements of stakeholders. It is stated by Nguyen et al. (2018) that on one hand
governance in the area of IT and engineering requires ensuring that the business process of
software organization meets all of the strategic requirements that are associated with that
particular organization. Yet the software method which are driven on the basis of requirement
are those that are characterized as developmental processes and which make use of socio-
oriented models of a high level in order to drive software life cycle both as a deductive and
iterative engineering technique and from the perspective of project management. According
to the authors such methods or techniques are those that are quite well suited for adaptation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13BUSINESS LAW
and inclusion of IT governance principles quite quickly into life cycle of the software
development process. In order to be able to consolidate not one but both of these
perspectives, it is proposed on the part of the researchers that a generic framework be adopted
for the purpose of IT governance, that will allow for the mapping of principles of IT
governance to the process of using GI Tropos software.
COBIT 5 is a framework of IT governance that has also been studied from the
perspective of enterprise governance. Haes and Grembergen (2016) for instance, have
researched on the subject of enterprise governance with respect to the domain of information
technology. The study has been undertaken with the purpose of understanding how value and
alignment can be achieved through the use of the COBIT 5 framework. The research is one
that features an allusion to not one but many case studies and that too from all over the world.
Theoretical advances are integrated with empirical data as well as with practical applications,
and ensues an in-depth discussion of how the COBIT 5 framework can be made use of in
order to build, to measure and to audit enterprise governance using a number of IT related
approaches. A comprehensive report has been provided on the best practices that can be
carried out with enterprise IT governance using the COBIT 5 framework with special
emphasis being laid on how IT can be made use of in order to support, sustain and facilitate
the growth of enterprises. Such an all pervasive role as associated with the use of IT is
something that the researchers state to be an integral feature of the process of corporate
governance. In the view of the researchers’ enterprise IT governance is not something that is
associated with superior quality infrastructure only. Instead, it is also about defining and
embedding processes and structures throughout the length and the breadth of the
organization. Thereby it enables IT people, businesses and boards to go ahead and execute
responsibilities in support of IT/business alignment while speaking at the same time about the
value that is created from the IT related investments of the enterprise.

14BUSINESS LAW
Andry et al. (2019) has entered into an investigation on how the COBIT 5 framework
is one that can be utilized as adequate governance of IT systems. The research has been done
in the context of Indonesian companies where an attempt had been made by researchers to
understand and see how COBIT 5 as a framework can be used to evaluate the national library
system of the country. The pros and cons associated with the use of the COBIT 5 framework
in this respect have been well pointed out by the researchers. It also points out that this is a
framework that can be managed and put in place only after undertaking a thorough evaluation
of the IT system that is placed for monitoring and operating the national library system in
Jakarta, Indonesia. It is the argument of Andry et al. (2019) that in order for the National
Library of Indonesia in Jakarta to be managed in an efficient and effective way, it is
necessary for adequate and good IT governance to be in place. In the view of the researchers,
good IT governance and good businesses are things that need to be well aligned with one
another if the objectives associated with managing and running the National library System
of Indonesia is to be well achieved. A thorough overview has been provided by Andry et al.
(2019) of the things that need to be taken into consideration prior to implementation of the
COBIT 5 Framework, failing which the framework will not produce or showcase the desired
results. In the ultimate analysis it is argued by Andry et al. (2019), that elements of the
COBIT 5 Framework make it an ideal tool for IT governance, especially when it comes to
ensuring efficient and effective IT governance over the long term.
Haes et al. (2019) have engaged in in-depth research on how the COBIT 5 framework
is something that can be put to use when it comes to enterprise governance. A history of
COBIT 5 framework has been provided by the author after which the six principles on which
the COBIT 5 framework is managed and run has been pointed. The 2019 model of COBIT 5
along with the forty different aims and objectives of this 2019 COBIT 5 framework has been
pointed out with the greatest degree of aptness and accuracy by the researchers, who have

15BUSINESS LAW
thus explained the crucial need and importance of COBIT 5 in the domain of IT governance
of a business enterprise and the value that the principles of the COBIT 5 framework are seen
to pose for enterprise governance in particular.
Tridoyo et al. (2017) have studied the use of the COBIT 5 framework in improving
the effectiveness and the efficiency of what may be termed as the E-KTP system in the
achievement of organizational goals and objectives. The study has been carried out in the
context of the population administration system. It is argued on the part of the researchers
that population administration is an intricate affair and that there are many small details that
need to be looked into when handling information systems pertaining to population
administration. The COBIT 5 framework and the five important principles of the framework
have been put to the test on the part of the authors in assessing how this can aid or improve
the performance of the population administration system. Then results of the research have
revealed that COBIT 5 not only makes the management of activities pertaining to population
administration a smooth and hassle free affair but that also it has a crucial role to play in
enhancing the efficiency of the E-KTP mode of IT governance that forms an important part
of the population administration process. Tridoyo et al. (2017) argues that the COBIT 5
framework is certainly a useful tool that population administrators can consider using in order
to manage activities and functions pertaining to information technology a lot better through
the use of this framework than they could otherwise. The primary contribution of the COBIT
5 framework in this respect is the fact that it leads to a rise in efficiency in the area of IT
governance. It improves IT governance and functioning like never before and a process as
detailed and intricate as population administration is definitely seen to benefit a good deal
upon the use of the COBIT 5 framework in the area of IT governance.
Bunnell and Weistroffer (2017) have studied about the implementation of the COBIT
5 framework in what may be termed as the user access attestation system. The manner by

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16BUSINESS LAW
which such a system can be conceived and then developed through the use of the principles
of the COBIT 5 framework is something that has been studied by the authors in detail. It is
the argument of the authors that organizations these days are faced with an increasing amount
of regulatory and legal oversight owing to legislation such as HIPPA and SOX controls. With
the use of such legislation having become quite critical in the domain of information
technology. It is therefore imperative as argued by the researchers that those who are working
in the domain of IT governance pay a considerable amount of detail to the manner by which
they initiate and then authorize the process and store important transactions. The entire
purpose of making use of what may be termed as the user access attestation system is to
ensure that the proper controls are made use of at the time of transactions. Fraudulent
transactions are those that are easily avoided or done away with when such a system is put in
place. The COBIT 5 framework is something that has be mapped by the researchers to a
framework that is known as systems lifecycle development with the entire aim and purpose of
creating and developing a useful and effective user access attestation system that will allow
fair and secure transactions to take place. The results of the research reveal that the COBIT 5
framework is one that can be effectively utilized for the development of the user access
attestation system allowing for secure transactions in the domain of IT governance and thus
recommends the use of this framework in IT governance.
Mutiara et al. (2018) have analyzed the effectiveness of the COBIT 5 framework by
using what may be termed as AHP methodology. It is argued on the part of Mutiara et al.
(2018) that the COBIT 5 framework is accepted as one of the best standards of practice in
both the domain of management as well as IT utilization and that it allows for the effective
governing and control of IT systems. The research has been carried out in the context of
Indonesia and an attempt has been made on the part of the researchers to understand how
COBIT 5 framework is something that can be made use of in order to deal with internal

17BUSINESS LAW
control issues. A methodology pertaining to the analytical hierarchy process, known also as
AHP methodology has been utilized and put to the test on the part of the researchers in order
to create a framework of IT auditing and analysis that is entirely new in nature and scope.
The framework is one that has been developed on the basis of user requirement and opinion.
It is concluded on the part of the researchers that the COBIT 5 framework is best suited for
developing an IT audit system for organizations which are located in Indonesia and which
require regular surveillance and control of operations, both internal as well as external. The
IT audit system can be especially well developed using AHP methods and the COBIT 5
framework with the argument being made on the part of the researchers that the COBIT 5
framework is one that allows for great transparency, accuracy and efficiency in the
development of IT governance systems.
Percheiro et al. (2017) have engaged in a detailed study about how the COBIT 5
framework is one that can be analyzed and studied in the area of enterprise governance,
especially with reference to EGIT or enterprise governance as seen to exist in the area of
information technology. The COBIT 5 framework has been put to the test by researchers in
this particular study by seeing how successfully the framework can impart an element of
efficiency and organization to the EGIT mode of functioning. This was done with the
argument being put forward on the part of Percheiro et al. (2017), that logically and
semantically rich structures are those that can be represented well with the COBIT 5
framework is put to use with respect to EGIT or enterprise governance in information
technology. The pros and cons of using the COBIT 5 framework have been pointed out by
the authors in detail. An attempt has been made on the part of Percheiro et al. (2017) to
explain how cohesiveness is an important element of the COBIT 5 framework and that the
use of this framework allows for IT governance activities to be carried out in a manner that is
not only transparent but which is also quite easy to monitor. In the ultimate analysis it is

18BUSINESS LAW
concluded by Percheiro et al. (2017) that using the COBIT 5 framework and the principles
that accompany it is more than feasible for enterprise governance and that enterprise
governance with respect to information technology receives a considerable boost when this
framework is made use of to administer IT governance in the most efficient way possible. In
other words, COBIT 5 makes IT governance, more smooth, secure, transparent as well as a
process that is free from any of the technical glitches that are otherwise likely to arise in the
domain of Enterprise related IT governance.
Maneerattanasak and Wongpinunwatana (2017), have talked about how the elements
of practice as well as principle can be made use of when engaging in risk management
activities in the domain of information technology and the use of the COBIT 5 framework
has been studied and analyzed in this respect. Advanced information systems in the view of
the authors are those that are frequently faced with important risks such as cyber threats, and
it is therefore expected on the part of the stakeholders of an organization that risk
management activities be carried out through IT governance. This is done to ensure that
business operations are carried out in a safe and secure manner, with the IT system being in
place for this purpose being one that is completely free of glitches or difficulties. A
theoretical methodology is one that has been put in place for this particular project. Relevant
theories such as task technology, practice and principle have been put in place and the ITRM
framework and documents are reviewed and assessed on the part of the researchers to
determine how effectively the risks can be managed and averted for the benefit of an
organization. In this context, the authors have put in place the use of the COBIT 5 framework
to effectively assess and analyze the cyber threats that could be posed on the advanced
information systems form a characteristic feature of business organizations in today’s day and
age. The study found among other things, that the use of the COBIT 5 framework is one that
appears to be effective in detecting cyber threats in a quick and efficient manner, thus alerting

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19BUSINESS LAW
IT governance officials about operations that must be undertaken to mitigate the risks and
bring the threats under control.
The use of the COBIT 5 framework is something that has been studied in the context
of King III or the King Code of Governance for the country of South Africa of 2009 by
Maseko and Marx (2016). In the view of Maseko and Marx (2016), one of the biggest
challenges associated with IT governance in South Africa is the complex nature of the work
accompanied by the lack of a proper understanding of the subject matter. The King Code of
South Africa, known also as King III is one that provides recommended practices as well as
principles on how IT governance should be carried out. An attempt has been made on the part
of Mareko and Marx (2016), to see how the COBIT 5 framework and its principles can be
utilized during the implementation of King III to bring about effective IT governance. A
specific attempt has been made on the part of the researchers to see how the practices and
principles of IT governance as put forward in the COBIT 5 framework are similar, related to
or are different from practices and principles for the same as outlined in the King Code of
2009. After engaging in an in-depth study and analysis of the IT systems of South African
administration for this purpose, it was found on the part of the researchers that what the
COBIT 5 framework brings to the table where IT governance is concerned is transparency.
The various controls and operations that are associated with IT governance are those that can
be carried out with a greater degree of transparency and efficiency when the COBIT 5
framework is used in the domain of IT governance. There are strategic control measures that
come with the use of the COBIT 5 framework, the most important of these being the desire or
the ability to meet the needs and the requirements of stakeholders. In the bargain, it is found
that COBIT 5 is a better mode of IT governance than King III by virtue of the fact that it
makes the entire process of IT administration far more transparent than the latter is seen to do
which is why the authors recommend in conclusion, that COBIT 5 as a framework of IT

20BUSINESS LAW
governance be utilized for keeping cyber threats at bay in organizations and companies that
are seen to operate in South Africa.
Pereira et al. (2017) have undertaken a study on the use of the COBIT 5 framework in
the domain of IT value management and IT governance. It is argued on the part of the
researchers that the growth in the amount of investment that is made in the IT sector is
something that has increased by a considerable degree, the expectations of stakeholder.
People who invest in the IT sector wish to see sufficient returns largely because of the high
sum of money that they have to invest in this sector in the first place. It therefore becomes all
the more imperative for IT governance and IT administration to be carried out in an efficient
and secure manner, so that the business interest of stakeholders are never compromised. The
COBIT 5 framework has been studied in this particular project to see how well it is able to
influence IT administration in the area of enterprise governance. The needs and the
expectation of stakeholders is something that is increasing with every passing day and one of
the most important principles of the COBIT 5 framework is its ability to meet the needs and
the interests of stakeholders. This paper argues that the COBIT 5 framework makes the
process of enterprise IT governance an efficient and hassle free affair. The paper also states
that COBIT 5 as a framework is one that needs to be deployed in all types of IT governance
by virtue of the fact that it makes administration a transparent affair, giving stakeholders
every idea of the actions that are undertaken as part of IT administration, the security or the
control measures that are put in place and also the systematic manner by which the
framework requires being implemented.
Vijaykumar and Arun (2018) have undertaken research and analysis on how the
COBIT 5 framework is one that can be put to use when it comes to witnessing risk
assessment practices and activities as undertaken for all types of cloud based enterprises. It is
stated by the researchers that a lot of enterprise applications are available which end users can

21BUSINESS LAW
make use of in various types of domains such as healthcare, business, industry and
manufacturing. With the slow and steady emergence of what may be termed as cloud based
computing standards, the need to engage in risk assessment activities is something that has
become all the more pertinent. Various types of risk assessment frameworks have been
analyzed and put to the test on the part of the researchers, such as the COBIT 5 framework
and it has been argued by the researchers that COBIT 5 is a framework that is worth making
use of in this respect, for a number of reasons. To begin with, the time taken by a framework
such as COBIT 5 to detect risks that can arise in the cloud computing system is quite
minimal. One does not have to wait for too long to detect and see the possibility of risk
surface when this framework is being put to use. This is also an efficient and transparent
system of IT governance. It helps in identifying the various loopholes that may exist in IT
governance, including enterprise IT governance and helps to efficiently address these
loopholes, making sure that transactions and other aspects of IT related governance are
carried out in a safe and secure manner and that security interests of a business organization
are not compromised on, especially organizations that make use of cloud computing activities
as part of their business operations.
A detailed literature review on the effectiveness and the use of the COBIT 5
framework has been carried out by Mulgund et al. (2019) with an attempt being made on the
part of the researchers to argue that this is one of the best practices to adopt for IT governance
in any given part of the world. The strengths and the weaknesses of using various types of IT
governance frameworks have been pointed out in this piece of work after which a conclusion
has been drawn that the elements of COBIT 5 make it the most desirable tool or framework
for the purpose of IT governance. Apart from discussing the strengths and the shortcomings
of the COBIT 5 framework, attempts have been made also on the part of Mulgund et al.
(2019), to discuss the state of the art infrastructure that comes with using the COBIT 5

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

22BUSINESS LAW
framework and an analysis has been carried out on the part of the researchers to analyze how
the COBIT 5 framework is utilized for the purpose of identifying as well as mitigating what
may be termed as organizational risks. It is argued by Mulgund et al. (2019) that COBIT 5 is
a framework that can be easily put to use for the purpose of risk assessment and risk
mitigation in an organization and that it is highly effective for such an activity because of the
fact that the COBIT 5 framework is capable of identifying risks at a very early stage of their
occurrence. In the ultimate analysis, what Mulgund et al. (2019) have to state about the
COBIT 5 framework and its use is that it is an effective and efficient system of running IT
administration and that it is a system that can definitely be put to use for the purpose of risk
mitigation activities. The entire research has been carried out in the form of a systematic
literature review, with as many as ninety-three peer reviewed publications been studied in
detail as part of this project.
Budiarta et al. (2016) have undertaken a case study analysis of how audit frameworks
can be constructed or based on the COBIT 5 framework, specifically, how an audit
information system can be developed through the use of the COBIT 5 framework. The
research work has been carried out in the context of IT systems of governance as seen to
prevail in the country of Bali. It is argued on the part of the researchers that IT governance is
something that requires a lot of investment to be made in on the part of a business
organization, which is why matters pertaining to security that are centered around IT issues
are matters that need to be addressed with care and attention and that one of the best ways of
doing so is through the use of the COBIT 5 framework. In the view of the authors, the
COBIT 5 framework has a standard of its own, which allows it to be used for all types of IT
governance in a hassle free manner. Upon studying the validity and legitimacy of the COBIT
5 framework it is claimed on the part of the researchers that this is a framework which is
hundred percent efficient, which is highly effective when put to use and when does a good

23BUSINESS LAW
job of both identifying as well as mitigating the risks that can arise in the course of IT
governance or IT administration. The COBIT 5 framework can thus be successfully used, as
stated by the researchers in the context of various types of IT related governance and
administration in the country of Bali.
Gerber (2015) has engaged in a study of how the COBIT 5 framework can be used for
the management of incremental risks that arise through the use of social media platforms.
Social media as argued by Gerber (2015) is something that is increasingly made use of in
today’s day and age for the promotion of business activities and business operations and it is
one of the best types of platforms that exists today for communication of ideas. The use of
social media requires the use of information technology to a considerable extent, which is
why when a business enterprise makes use of social media for conducting activities, it needs
to engage in proper IT governance and administration to make sure that all work is done with
efficiency and proficiency. Since the use of social media for the promotion of a business is
something that involves the use of IT, Gerber (2015) has showcased how the COBIT 5
framework can be well utilized to ensure efficiency and effectiveness in such IT governance,
making the social media business promotion activities a smooth and hassle free affair for a
particular business enterprise. In the course of the study, an argument is made on the part of
the researcher that the COBIT 5 framework is a reliable framework that can be used for
detecting the risks that can arise in the system of IT administration and governance when
social media is being used for the promotion of a business. COBIT 5 framework is practical
and effective and it will ensure that IT administrative affairs are run in a safe and secure
manner, especially when the tool of social media is being made use of to market a product or
service of a particular business enterprise. The many pros or benefits of using the COBIT 5
framework for IT governance have been pointed out in this piece of research and it is seen
that with adequate implementation, COBIT 5 can be used to ensure good IT governance not

24BUSINESS LAW
only in the present but also in the future and the long term. In other words, the COBIT 5
framework is a tried and tested mode of IT governance and administration and it can
definitely be put to use when making use of social media platforms for marketing or
promoting business affairs or via the medium of the internet.
Gaps in the Literature Review
The literature that has been reviewed in the above section, points to how the COBIT 5
framework can be useful for implementation in the domain of IT governance with the
argument being made that IT governance can be made more efficient and effective by putting
such a framework to use. The COBIT 5 framework has been analyzed in the literature review
for use in various types of contexts. For example, IT governance pertaining to a national
library system of a country and for IT governance pertaining to business enterprises among
others. What the literature fails to point out is how the COBIT 5 framework can be used to
govern IT matters and IT governance that is needed when managing projects pertaining to
road infrastructure. Specifically, this particular research project will look at how the COBIT 5
framework is one that can be used to generate solutions to IT problems that are incurred by
the Road Fund Administration in Namibia in its management of large scale infrastructure
projects and make this process a more effective and efficient one altogether.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

25BUSINESS LAW
Chapter 3 – Research Methods
Research Philosophy
Research philosophy concerns itself with the perspective that guides an investigation
or a project and as such deals with the views, perceptions and theories of the researcher on
the subject that is being undertaken for scrutiny. There are three important forms or types of
research philosophy that are seen to be in existence. The first is the research philosophy of
positivism. Positivism is a research philosophy that deals primarily with the in-depth analysis
of facts and figures. This is a research philosophy that can definitely be put to use in order to
analyze a project or a subject in a great amount of detail. The second most well-known
research philosophy that is seen to be in use is interpretivism while the third is realism. The
second is a research philosophy that revolves around management functions and various
types of management activities while the third is a research philosophy that entails use of
elements that can be found in both interpretivism and in positivism. When it comes to this
particular research project, it is crucial to remember that it is the research philosophy of
positivism that has been chosen for undertaking the study as the project entails the dissection
and analysis of various important details put forward in the course of interviews and focus
group discussions. The other two philosophies of interpretivism and realism have been
entirely rejected largely because of the fact that these are research philosophies which appear
to be subjective in their nature and are concerned more on individuals rather than dealing
objectively with the matter at hand.
Research Design
Research design refers to the overall layout or structure that is utilized for the purpose
of investigation. As such, there are three important forms of research design that are seen to

26BUSINESS LAW
be in circulation or in use among investigators in various corners of the globe. These are the
explanatory research design, the exploratory research design and the descriptive or analytical
research design. The first research design is one which puts the investigator in a position to
understand the different variables that are used in the course of investigation. The second
research design is one that involves understanding a research topic or the subject matter that
is being investigated from not just one but many different theoretical angles or theoretical
perspectives while the third and final research design is one that involves analyzing the
subject matter in the most accurate way possible and that too by paying attention to detail for
this purpose. For this particular research study it can be said that the descriptive or analytical
research design has been adopted while the other two research designs have been rejected.
Data Collection
Data for this research has been collected by conducting qualitative primary research.
The methods of research comprise of an in-depth personal interview and focus group
discussions that were conducted with employees working for the Road Fund Administration
in Namibia and employed in the sector of IT governance. In addition to focus group
discussions and interviews, the research has also made use of a well-known form of
qualitative research, which is participant observation whereby the people who are interviewed
or who are subjected to the various discussions are observed minutely to see what their body
language is all about and what this might reflect about them. It also included factors such as
observations of the surroundings and the environment etc.
Over and above primary research, this study has also retrieved data pertaining to the
subject matter as contained in books, peer reviewed journal articles and chapters in edited
volumes. An attempt has also been made to look at newspaper reports on the functions and
the activities of the Road Fund Administration in Namibia to gain an understanding of the

27BUSINESS LAW
type of work that is done by the corporation and the ways by which the COBIT 5 framework
is utilized in administrating IT related operations on behalf of the corporation.
Data Analysis
Since this is a research study that has taken recourse to what may be termed as
qualitative research. The analysis of the data is one that has been organized in a thematic way
based on the information that has been provided by the respondent population in the course of
the focus group discussions and the in-depth personal interviews as also through the
secondary sources of data. It is hoped that the thematic form of analysis will provide
sufficient structure and cohesion to the research work that has been undertaken.
Data Sampling
Due to the dearth of time and resources, it is a random and convenient and
probabilistic mode of sampling that the research has made use of. The sample for the research
has been derived by choosing the top most officials in the IT administration of the Road Fund
Administration in Namibia to see how well these individuals make use of the COBIT 5
framework, in the course of their study.
Sample Size
The sample size for the research comprises of 25 odd persons who are working for the
IT sector of the Road Fund Administration in Namibia. 15 of the sample population were
subjected to focus group discussions while about ten of them were subjected to in-depth
personal interviews. The focus group discussions lasted for two hours at the most while the
duration of the interviews was not longer than an hour.
Limitations of the Research
There are a number of limitations that this particular research project is characterized
by, such as the paucity of time and also the absence of enough resources with which to do

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

28BUSINESS LAW
constructive research work. If more time and resources were made available, more in-depth
investigation could have been undertaken by the researcher concerning the use of the COBIT
5 framework in ensuring quick and effective IT operations and IT solutions for the Road
Fund Administration in Namibia.
Ethical Considerations for the Research
This research work has been undertaken by taking a number of ethical factors into
consideration. They are as follows –
 The interviews and the focus group discussions have been undertaken by first duly
informing the members of the respondent population about the nature, the scope and
the expected outcome of the research. None of the respondents were in the dark about
why the research work is being undertaken and what purpose it is going to serve.
 The focus group discussions and interviews were scheduled and conducted at a time
which was convenient for the respondent population. For this purpose, an effort was
made to get in touch with the sample population in person to find out when it is that
they would be free to sit for interviews.
 The duration of the interviews and the focus group discussions are not longer than an
hour or two at the most. This has been done to ensure that participants do not feel
tired, exhausted or worn out after they have finished answering their questions.
 Every effort has been made on the part of the researcher to avoid asking questions that
are of a personal nature or which are likely to induce discomfort in the participants,
when asked.
 The members of the respondent population were given full freedom to opt out of the
interview process or the focus group discussions in the event that they felt
uncomfortable about what it was that was being asked of them. The nature of the

29BUSINESS LAW
participation was kept entirely voluntary and none of the participants were coerced
into taking part in the interview process in any given way whatsoever.
 The secondary sources that have been used for conducting the research have been
duly cited. There has been no duplication of academic content in any given form and
all texts and secondary sources used have been adequately cited throughout the study
in the form of a bibliography as well as in-text citations.
 The use of a video recorder was avoided for this project and whatever the respondents
had to say to the questions that were asked of them were jotted down on pen and
paper. The respondent population was also shown what was being written down for
the matter of transparency.
 Questions of a gender sensitive nature were avoided in the course of the research
primarily because these are not required for or are relevant for the study in the first
place.
 All the interviews and the focus group discussions were documented down diligently
and the respondents were shown the documented version and permission was sought
for using the information that was obtained in the process and for the purpose of
analysis. This consent was obtained from the respondent population verbally and they
were not made to sign any piece of paper to grant their consent in this respect.

30BUSINESS LAW
4. Chapter 4 – Findings and Analysis
4.1. Theme 1 – Meeting the Needs of the Stakeholders
This research seeks to arrive at an understanding of how the principles of the COBIT
5 framework can be used to enhance the IT governance and administration that is undertaken
by the Road Fund Administration in Namibia. It is important to make note in this respect that
the Road Fund Administration in Namibia a corporation that is dedicated to the development
of safe, secure and long-lasting roads, to improve mobility in the area etc. through the
allocation of funds. IT governance forms a crucial feature of the work that is undertaken by
this corporation just as it does for work that is undertaken by any other corporation. As
mentioned earlier. In order to arrive at the answers to the research questions, namely, to
understand how COBIT 5 framework is used to ensure effective governance in the domain of
IT on the part of the RFA in Namibia, primary and secondary research has been conducted
and the information that has been obtained has been analyzed thematically, according to the
five principles of the COBIT 5 Framework.
The first and most important principle of the COBIT 5 Framework lies in meeting
stakeholder needs. It was found from entering into the focus group discussions with IT
personnel working for the Road Fund Administration in Namibia that the framework that is
currently in place for ensuring that the IT operations of the corporation are not run in an
efficient manner. Yet this is needed to meet the needs of the stakeholders. Stakeholders have
made an important investment in the IT activities of the corporation and the COBIT 5
framework takes cognizance of this by allowing for IT processes to be monitored well
enough and for risks to be mitigated significantly enough at an early rather than a later stage
of the monitoring process. IT related risks and dangers are those that are identified at the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

31BUSINESS LAW
outset when the COBIT 5 framework is seen to be in place and it will not take the RFA
officials longer than a few hours to a few days, at the most, to mitigate the risks that appear to
arise in this respect because of the quickness and efficiency with which problems and dangers
are detected and made known to them in the first place. In fact, it has been stated in more
than one way by the RFA officials that the usefulness of the COBIT 5 framework lies in the
fact that it can help them to identify threats in the IT governance system very easily and
quickly as a result of which they can prevent malware from encroaching upon such a system
and causing a complete shutdown of operations. This otherwise appears to be the case given
that at present, the frameworks of NAMCODE and KING III appear not to be too effective in
this respect. The fact that the COBIT 5 framework is one that can be made use of so easily for
the purpose of risk identification and risk mitigation implies that it can do a successful job of
meeting the stakeholder needs at the Road Fund Administration in Namibia. Those who
invest in the IT processes at this corporation, including the Namibian government, will be
safe and secure in the knowledge that IT processes and operations that are adopted into the
development, establishment and running of a secure road network in Namibia are operations
that will not be interfered with or hampered in any given way by cyber threats or advanced
malware attacks. COBIT 5 framework which is used in running IT governance on behalf of
this corporation is one that is capable of identifying risks and problems at a very early stage,
giving the RFA officials sufficient time to look into the matter and get the risks addressed.
All of the RFA personnel who were subjected to focus on group discussions on the IT
governance of the RFA happened to claim that the COBIT 5 framework ought to be in place
here, as it can help them to keep risks averted at all times, and in doing so, it will enable them
to ensure that the interests and the needs of the stakeholders are not compromised in any
given way. The investment that is being made in the IT governance of the RFA will not go in
vain because of the implementation of the COBIT 5 framework. It was also clear from the

32BUSINESS LAW
responses that were generated as part of the focus group discussions and the in-depth personal
interviews, that putting the COBIT 5 framework in place is not something that will prove to
be difficult at all. This is because there is a great degree of efficiency and transparency that is
associated with the use of the COBIT 5 framework which makes it easy for the IT
governance officials to simply put this framework in motion and have it taken care of IT
related processes in a smooth and hassle-free manner. There is no expert knowledge or high
degree of IT related expertise required to arrive at an understanding of how the COBIT 5
framework functions and the manner by which it should be implemented. Hence, the ease and
the convenience with which the COBIT 5 framework can be put in place for the purpose of
IT governance and the fact that it can be used for easy and quick identification of risks and
threats followed by the immediate mitigation of such threats, makes it a perfect framework
for meeting the needs of the stakeholders in the IT governance and administration of the RFA
in Namibia. This in turn implies that IT processes are undertaken in a safe, secure and
transparent manner for the benefit of the public and other stakeholders in the road
development of Namibia.
Theme 2 – Governing IT from an End to End Enterprise Perspective
Looking into IT related operations from an end to end perspective is another key
principle and function of the COBIT 5 framework that will be in place if it is applied to the
manner by which the IT governance is administered by the RFA in Namibia. The end to end
enterprise perspective is one which implies that IT governance when using the COBIT 5
framework is something that is treated as more than just something that involves doing
technical work and it is treated as something that is of value for the organization. The IT
governance and administration of the RFA will be accorded a considerable degree of value by
virtue of the fact that such a heavy investment is being made in this process by the
stakeholders of the company. IT governance by virtue of the fact that it will help to keep the

33BUSINESS LAW
road development operations of the corporation running in a safe and secure manner, is also
something that is perceived to be of immense value within and among the employees of the
corporation. It was revealed in the course of the focused group discussions and the in-depth
personal interviews that were undertaken with the 25 IT security personnel working for the
RFA, that the use of the COBIT 5 framework which involves looking at IT operations from
an end to end enterprise perspective, will lead to the work that is done by the unit to be
perceived with great value and would be given great recognition by the entire corporation
while currently there appears to be little or no appreciation for this work. The use of COBIT 5
will acknowledge that the work which is performed by the IT department is no mean task and
that it is as valuable and important as all the other functions and operations that are performed
by the RFA. In fact, the use of the COBIT 5 framework in this respect will lead to the
acknowledgement that the work which is being done by the IT department is something that
is well aligned with the operations of all other departments of the RFA and that the value of
the work done by IT department can be seen from the fact that it is enabled to ensure the safe
and secure development of road networks in Namibia. Currently, the important components
of the IT governance or administrative system of the RFA involves making sure of the fact
that operations are conducted timely, risks are detected and mitigated as quickly as possible
and efficiency is ensured at all times. All of this by all means ought to lead to the acceptance
and recognition of the fact that the work which is being done by the IT department of the
RFA is more than mere technical work and that the operations of the corporation as a whole
could not have run successfully without the presence, the involvement and the work of the IT
division of the corporation.
Theme 3 – Application of a Single and Integrative Framework
The IT department of the Road Fund Administration of Namibia is one that ought to
make use of a single and integrative framework for conducting its operations through use of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

34BUSINESS LAW
COBIT 5, as a result of which the work or the operations of the IT division is something that
will be well aligned with the work that is carried out by other important divisions of the
organization. It was revealed in the course of the interviews and the focus group discussions
that were carried out with the RFA officials, from about 25 of them, that the operations of the
IT division are seldom carried out by engaging in close collaboration with other important
divisions of the corporation such as the finance and accounting division, the sales and
marketing and promotions division as also the division that is responsible for mechanical
operations. No adequate communication and collaboration have been maintained in the
process that has helped the IT division in particular to put the frameworks and systems in
place that are needed to monitor road development work and work related to road
infrastructure that is done from the perspective of IT. The other departments of the RFA are
not able to relate to the work that is being carried out by the IT department by virtue of the
COBIT 5 system being in place, yet the common goal and objective of all of the departments
of the corporation is to make sure of the fact that road development in Namibia is something
that takes place in an efficient and timely manner and without the need or the requirement of
stakeholders being compromised in this respect. Other officials of the RFA are not well
acquainted with the work which is being performed by the RFA and this has led to the
absence of good collaboration and cooperation within the corporation as a whole. Not
allowing for operations to be undertaken in a way that the goals and objectives of all of the
different departments of the corporation are achieved to meet the single goal of the
corporation which is to engage in road development work in Namibia in a way that is good
for the public and where the needs, the interest and most importantly the requirements of the
stakeholders in the process of road administration in general and IT administration of road
development in particular, have been fully and thoroughly met. This is something that can be
made possible through the use of the COBIT 5 framework in IT governance whereby a single

35BUSINESS LAW
and integrative framework will be made use of in order to connect the work that is carried out
by the IT division with the work which is undertaken by all the other departments of the
network. All of the different divisions or departments of the RFA need to be connected well
with each other and in the bargain, they should have a good understanding of what it is it that
needs to be done to take the RFA in forward direction.
Theme 4 - Facilitating a Holistic Approach
The holistic approach that is advocated by the COBIT 5 framework of IT governance
and administration is also something that can help RFA. It was discussed in the focus group
discussions and in the in-depth personal interviews that were conducted with the 25 RFA IT
personnel for this research study about how the King Code III and NAMCODE are currently
not being able to connect all the various departments of RFA together under one single and
common goal. The collaboration and the cooperation that is encouraged as part of the COBIT
5 framework is something that will help the IT division of the RFA to connect easily with
other members of the corporation in order to carry out IT related work and administration in a
smooth and efficient manner. Regular communication and dialogues need to be engaged with
members of the mechanical department as well as those who are involved in accounting and
finance work to ensure that transactions, reports and updates for road development work are
undertaken in a timely fashion and while keeping with the standards that are expected from
the stakeholders. All of the people who are working for the RFA need to have some
knowledge or understanding of the work which is done by the IT division and this is a
department that does not do its work in isolation and this is something that can be made
feasible only if the COBIT 5 framework is in place over here.
The operations of the IT division depend greatly on insights and inputs that are made
available by members of the mechanical department and also the finance and accounting

36BUSINESS LAW
division, the latter department being especially dependent on the IT division to make sure of
the fact that all of the financial related work including transactions, investments etc. are done
in a safe and secure manner. The heavy investment that is made in the IT affairs of the RFA,
on the part of the stakeholders to make sure that road development work is not hindered in
Namibia and that it takes place in accordance with high standards is something that requires
the officials of the RFA to collaborate quite frequently with members of the financial division
of the company. Thus, ensuring that all IT related operations are conducted in a way that
stakeholder needs are met. This is one of the key elements of the COBIT 5 framework and it
will definitely help the IT governance and administration of the RFA to be conducted with
much success, given the fact that operations are being generated with efficiency and even
risks and threats are being detected and managed before these can do any harm to the IT
system of the corporation in general. Indeed the active collaboration and engagement that is
fostered and encouraged by the COBIT 5 framework needs to be manifest in the work of the
RFA which has made the operations of the RFA efficient, secure and of a high standard
especially since all the members of the corporation are in loop with one another about the
nature of the work that is being done to meet the goals and the objectives of the corporation.
Theme 5 – Separation of IT Governance from General Management
One of the principle elements of the COBIT 5 framework is the fact that it requires IT
governance to be treated as something that is exclusive from the management process of a
company in general. IT is to be recognized as something which is exclusive in character and
the management process and structure of IT need to be treated separately from management
process and structure of other operations of a corporation. The absence of this in the RFA is
something that became evident from the responses that were generated by the participant
population who divulged in the course of the interviews as well as the focus group
discussions that the general management of the corporation interferes heavily with the work

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

37BUSINESS LAW
that is carried out by the IT division and that operations of the IT department of the
corporation are treated as exclusive.
A separate management team needs to be set up for the purpose of supervising the
work that is carried out by the IT department and the members of the IT department are
answerable to this management team and not the managers who run the other affairs of the
corporation. This separation of the IT department as a mutually exclusive entity, whose work
is not to be equated or compared with the work done by other departments of the organization
is something that will enable people who are involved in the IT administration of the RFA to
carry out their duties and their responsibilities with a great degree of concentration and
privacy. Their work will not be hampered with or interfered with and they will not be
disturbed time and again by other members of the RFA over work related matters. As
discussed above though, collaboration and cooperation are something that can be facilitated
by the COBIT 5 framework and this is not seen to be in place in the RFA and which has led
to IT operations being not being conducted in a smooth and efficient manner. It is also
important to take cognizance of the fact that since the IT department is treated as a separate
division of the management of the corporation, it will enable the high tech and high skilled
labor of the division to be performed in the desired environment, with no undue interruptions
occurring and with no stress being generated by the general management of the company on
the IT executives of the firm. They should be provided a safe and secure and hassle-free
environment in which to do their work and should only be answerable to their immediate
supervisors and not the people who are managing the affairs of the corporation on an overall
basis.
Finally, it can be stated upon hearing the answers provided in the course of the focus
group discussions and the in-depth personal interviews that the division of IT governance
from the general management needs to give the workers in the IT department a good deal of

38BUSINESS LAW
autonomy and flexibility with which to do their work. The IT specialists who work for the
Road Fund Administration in Namibia should be allowed to carry out their work in an
environment where they are not questioned too much, where they are given the scope to be
innovative and where they are not required to do their work in a way that is in keeping with
the goals and objectives that have been set for the other workers of the organization. They
must be allowed to be able to perform their duties and their responsibilities in a secure,
flexible and dynamic environment and they are not subjected to unnecessary questioning or
harassment even by the other supervisors of the corporation. As a result, they can get the
freedom that they need to perform their complex duties and responsibilities in the manner
desired and are answerable to supervisors who are also IT experts and who have full
knowledge of the complex and technical work that is being undertaken by them. This
dynamism and flexibility that can be accorded to IT administration and governance by virtue
of the COBIT 5 framework is something that accounts for the success of the framework and it
appears to be one of the foremost reasons why the IT department of the RFA should be able
to meet with success in the performance of its operations if it makes use of such a framework.
There is no hindrance and no objection that these IT personnel have to face from others in the
organization, notably people who are holding managerial positions in the organization, apart
from supervisors in their own department, who happen to be understanding by nature and
who have full knowledge and expertise concerning the type of work that is being undertaken
by them. The IT workers for the RFA will able to do their best for the corporation because of
this lack of interference.
In the ultimate analysis it can be said that the COBIT 5 framework will be useful for
implementation by RFA as it can make the IT governance and administration of the RFA
something that is efficient, transparent and free from glitches in every sense of the term. All
of the principles of the COBIT 5 framework as implemented in running the affairs of the IT

39BUSINESS LAW
department of the RFA will play a crucial role in getting the work done by this department to
be of a high standard, to be delivered in a timely manner and to be looked up to and
appreciated by others in the organization. Indeed, the COBIT 5 framework is definitely
something that the RFA should avail at all times in order to keep its IT system free from
defects and problems at all times, and to ensure that IT operations are conducted in keeping
with stakeholder interests and requirements.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

40BUSINESS LAW
5. Chapter 5 – Conclusion and Recommendations
The aim of this research project has been to uncover the various ways by which the
COBIT 5 framework can be utilized to help the RFA officials carry out their day to day
functions with ease and to lead the corporation to achieve its goals and objectives in a
quicker, safer and more secure manner. The Road Fund Administration as mentioned before
is a corporation that concerns itself with the development of a safe and secure road
infrastructure in Namibia. The IT governance that the RFA has been making use of to look
into such development work and which the stakeholders of the RFA have heavily invested in,
includes frameworks such as NAMCODE and King III. While these are sound frameworks,
the interviews and focus group discussions conducted with as many as 25 IT personnel
working for the RFA reveals that the employees here are not given much autonomy to do
their work, that a lot of their activities are interfered with by the general administration of the
corporation and that there is little cohesion and communication when it comes to the internal
matters of the RFA. No special acknowledgement is made of the fact that the IT department
is one of the most valued divisions of the corporation and that by all means it ought to be
treated as a separate entity that is capable of doing its work autonomously without answering
to the rest of the corporation for this. It is also found that at present the stakeholder needs are
not being looked into adequately since risk detection in the IT governance of the RFA is at an
all-time low, and that the efficiency of the IT department is being compromised on because of
the fact that it is not able to detect and mitigate risks too easily.
Given the fact that a substantive amount of money is invested in the IT governance of
the RFA by the stakeholders, it is highly important or imperative rather, for the stakeholders
of the organization to see that the investment that they are making is going to give them good
returns, that they are going to get full value for the money which is being invested and that

41BUSINESS LAW
the work of the corporation will not be compromised with, something that at present RFA’s
IT department is not able to show or fulfil. Hence it can be concluded from the literature
review and the analysis that has been carried out of the information that was obtained through
the focus group discussions and interviews with 25 IT personnel at RFA that it is the COBIT
5 framework that needs to be place in RFA. By putting the COBIT 5 framework in place, the
RFA is going to be able to do a better job of running its IT operations than what it is able to at
the moment, given the many benefits that are associated with the use of this framework. The
literature review that was carried out prior to data collection and data analysis showcases the
fact that of all the IT frameworks that are seen to be in place worldwide it is COBIT 5 which
is deemed to be the most useful. While other frameworks such as NAMCODE and KING III
are also being used in places like Indonesia and South Africa, and which are also in place in
the IT administration of the RFA, these are not as efficient or as effective as the COBIT 5
framework primarily because of the five principles or modes of operation that the COBIT 5
framework is characterized by. Specifically, it must be pointed out in this respect that the
principles of the COBIT 5 framework especially the importance that it places on meeting
stakeholder needs is what accounts for the success of this framework, as seen from the
literature review. The data collection and analysis for this study showcases the fact that
stakeholder needs are not being successfully met at the RFA, that efficiency is minimal in the
area of IT operations and that IT officials of the corporation are not distinguished from
people who do other types of work for the corporation and are not provided with the
flexibility and the dynamic environment that they need to do a good job for the corporation.
Hence it can be concluded in the final analysis that the COBIT 5 framework needs to be put
in place by the IT department of the RFA if it is to manage its IT affairs better than what it is
able to at the moment. The COBIT 5 framework is one which will help the corporation to do
a successful job of making sure that IT affairs related to road development in Namibia are

42BUSINESS LAW
carried out in a safe and secure manner, that there are no cyber threats or difficulties that can
arise in the course of running such operations, and in the event that such issues do arise, the
system that is in place by virtue of the COBIT 5 framework can successfully analyse and
mitigate the risks which arise. Hence the officials of the RFA especially the management of
the IT division of the organization should waste no time at all in getting the COBIT 5
framework in place at the RFA to add greater efficiency, effectiveness and stakeholder
accountability to the work of the IT division of the corporation.
5.1. Recommendations
The following recommendations can be taken into consideration by the IT officials at the
RFA when implementing the COBIT 5 framework for improving IT operations –
 The COBIT 5 framework is something that the IT department at the RFA must put in
place, replacing the other frameworks such as NAMCODE and King III in the
process. The COBIT 5 framework must be used by first making sure that the money
which is being invested in the organization by the stakeholders is respected and
valued and some returns are shown to the stakeholders for the money which they are
investing in the corporation.
 The COBIT 5 framework needs to be put in place by the IT officials at the RFA to
ensure that IT operations are being carried out with plenty of efficiency and
effectiveness. The COBIT 5 framework needs to be installed and implemented in a
way by which operations can be delivered in a better turnaround time and which are
free from dangers and risks in any form. In fact the risk mitigation feature of the
COBIT 5 framework is something that the RFA officials need to cash in on to ensure
that there are no threats posed to the running of the IT system of the corporation. If
risks are detected and averted on time, and which is something which the COBIT 5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

43BUSINESS LAW
framework is known to do, then greater accountability can be ensured for the
stakeholders who will know that the IT system of the corporation is safe and secure
and free from any risk and that the workings of this system will not be affected by
risks and dangers at any given point of time.
 The COBIT 5 framework must be put in place and implemented in the RFA in a way
that one integrated framework is used for conducting the operations of the RFA. This
implies that the work of the IT department will be linked to the work that is performed
by other important departments of the RFA such as the department that is involved in
marketing and fund-raising activities as also the department that is responsible for
accounting, finances and billing. In this way all the different departments of the RFA
will be in the loop about the type of work that is being done by all of the employees
who are working for this corporation. This in turn is something that is going to
facilitate greater cooperation and harmony among the people working in the various
divisions of the corporation which is something that is needed if the goals and the
objectives of the RFA are to be achieved as efficiently and as effectively as possible.
COBIT 5 framework and its integrative system of working will mean that all the goals
of the various departments of the RFA be IT related goals or other types of goals will
be aligned with the one common goal of the corporation which is to develop a secure
and safe road network for the public of Namibia.
 Specifically, the RFA officials should use the COBIT 5 Framework for improving IT
operations in Namibia by ensuring that there is plenty of collaboration and
cooperation with other departments of the corporation as well. For instance, the
finance department and the IT department of the RFA need to be in sync with one
another, as IT plays a crucial role in making sure that all types of financial
transactions for and on behalf of the corporation are those that are carried out in a

44BUSINESS LAW
secure and safe manner at all times. In much the same way, the other departments and
members of such departments like marketing and communications need to understand
be familiar with the work that is being done by the IT division so that they can use IT
related mediums of communication quite effectively for disseminating knowledge
about the work that is done by the corporation. For instance, regular communication
between the members of the IT department and the finance division or the marketing
division will instruct the members of the latter departments on how they can use IT
platforms like social media for instance to spread greater awareness about the work
that is done by the RFA and in the process even solicit funds for the work of the RFA
even though much of the money for this corporation comes from the government of
Namibia rather than from private stakeholders or investors in the private sector.
 Finally, it needs to be borne in mind by the RFA officials who wish to use the COBIT
5 Framework to improve IT governance in the corporation to make sure that this
framework is used in a way that it makes a sharp distinction between the work that is
done by the IT division and the work which is performed by the rest of the
corporation. The COBIT 5 framework needs to be made use of on the part of the RFA
to showcase the fact that the IT department of the corporation must be acknowledged
as a separate and exclusive entity and that the workers of this particular department
are to be answerable only to supervisors who are also IT experts and who work in the
same department as them. They must not be made answerable to managers or
supervisors who have no knowledge of the specialized work that they are undertaking.
What this will end up doing is that it will give the IT workers of the RFA the secure
and the flexible work environment that they need to do their work with care and
attention and it will also prevent them from running into a rift with the general
management of the corporation. Tiffs and problems can be easily avoided by

45BUSINESS LAW
secluding the IT department as an exclusive entity and giving the IT workers of the
RFA the space and the authority that is needed to do their work without having to
explain themselves to higher authority that has no clue or idea about the specialized
work that they do.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

46BUSINESS LAW
Reference
Bartens, Y., De Haes, S., Lamoen, Y., Schulte, F. and Voss, S., 2015, January. On the way to
a minimum baseline in IT governance: using expert views for selective implementation of
COBIT 5. In 2015 48th Hawaii International Conference on System Sciences (pp. 4554-
4563). IEEE.
De Haes, S., Huygh, T., Joshi, A. and Van Grembergen, W., 2016. Adoption and impact of IT
governance and management practices: a COBIT 5 perspective. International Journal of
IT/Business Alignment and Governance (IJITBAG), 7(1), pp.50-72.
Haes, S.D. and Grembergen, W.V., 2016. Enterprise governance of information technology:
achieving alignment and value, featuring COBIT 5.
Huygh, T., De Haes, S., Joshi, A. and Van Grembergen, W., 2018, January. Answering key
global IT management concerns through IT governance and management processes: A
COBIT 5 View. In Proceedings of the 51st Hawaii International Conference on System
Sciences.
Mohanan, C. and Menon, V., 2016, October. Disaster management in India—An analysis
using COBIT 5 principles. In 2016 IEEE Global Humanitarian Technology Conference
(GHTC) (pp. 209-212). IEEE.
Murad, D.F., Fernando, E., Irsan, M., Kosala, R.R., Ranti, B. and Supangkat, S.H., 2018,
September. Implementation of COBIT 5 Framework for Academic Information System Audit
Perspective: Evaluate, Direct, and Monitor. In 2018 International Conference on Applied
Information Technology and Innovation (ICAITI) (pp. 102-107). IEEE.

47BUSINESS LAW
Nekongo, T.N., 2018. Investigating the criteria for appointing board memebrs of selected
public enterprises within the road industryin Namibia (Doctoral dissertation, University of
Namibia).
Patón-Romero, J., Baldassarre, M., Piattini, M. and García Rodríguez de Guzmán, I., 2017. A
governance and management framework for Green IT. Sustainability, 9(10), p.1761.
Petrus, H.N. and Krygsman, S., 2018. Evaluation of national road network funding in
Namibia: the curse of efficient road user charges.
Wilkin, C.L., Couchman, P.K., Sohal, A. and Zutshi, A., 2016. Exploring differences
between smaller and large organizations' corporate governance of information technology.
International Journal of Accounting Information Systems, 22, pp.6-25.