Evaluating COBIT 2019-Based IT Governance and Risk Management in a University Environment
Article Sidebar
Main Article Content
Abstract
This study examines how the implementation of COBIT 2019 can enhance information governance, risk management, and technological performance in higher education institutions. Focusing on a medium-sized private higher education institution in Saudi Arabia, the research adopts a mixed-methods design that integrates quantitative survey data from IT personnel, administrators, faculty members, and decision-makers with qualitative insights from structured interviews and document analysis. Governance and management objectives were prioritized using the COBIT 2019 Governance System Design Toolkit, with particular attention to domains related to risk optimization, service continuity, security, and data governance.
The results show that Managed Risk achieved the highest capability and effectiveness (target level fully achieved), followed by Managed Service Requests and Incidents, and Managed Problems. By contrast, Managed Security Services, Managed Data, and Managed Operations remain relatively weak and exhibit misalignment between desired and actual capability levels. Operational KPIs such as downtime minutes, mean time to repair (MTTR), SLA attainment, and data-loss frequency confirm an asymmetric pattern: risk-related processes are comparatively mature, while data governance and day-to-day operations lag behind.
The study concludes that COBIT 2019 provides a robust reference model for designing and assessing IT governance in universities, but also highlights that achieving higher capability scores in selected domains is not sufficient on its own. Sustainable improvement requires integrated investment in continuity planning, data stewardship, and service management, together with stronger stakeholder engagement and systematic monitoring. The paper contributes empirical evidence from the higher education sector and offers practical recommendations for institutions seeking to leverage COBIT 2019 to support digital transformation, cybersecurity resilience, and institutional performance.