Research Journal of Recent Sciences _________________________________________________ ISSN 2277-2502 Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci. International Science Congress Association 9 IT Governance Issues in Banking Sector of Pakistan Khuram Mushtaque, Kamran Ahsan1 and Ahmer Umer 2 Federal Urdu University of Arts, Science and Technology, Karachi, PAKISTANMohammad Ali Jinnah University, Karachi, PAKISTAN Available online at: www.isca.in,www.isca.me Received 12th November 2013, revised 26th September 2014, accepted 21st December 2014Abstract Banks of current era rely heavily over the performance of Information Technology and its infrastructure adopted inside the banks to produce the best services with the help of technology as well as stay alive the extremely competitive era of banking. Therefore it has become one of the highly rated priorities of banks to govern the IT and take full value of it. Since the IT enables the various segments of any bank therefore aligning the IT with the core business and other segments of the bank is vital. In order to take the competitive advantage over other banks in the market, appropriate processes to measure the performance of the IT are key to govern the IT. Risk is another threat to IT, hence management of risk and management of the performance of IT are the seriously significant elements of IT governance. Various frameworks to govern the IT are introduced to assist and guide the technical persons who run and control the IT in their respective banks. Every framework contains different processes and standards but the objective of all the frameworks is only the governance of IT in any organization comprising IT. In this research status of IT governance is identified in the banking industry of Pakistan today. This research will be helpful study for those technical persons who are associated with the banking industry and technical management have the intention to strengthen their respective banks to decrease the loop holes in the field of IT. Keywords: Infrastructure, technology, competitive. IntroductionInformation technology governance is identified as division of the corporate governance focusing over the IT systems, their performance and management of associated risks. The domain of IT governance initially introduced in year 1993 as a derived from the corporate governance that deals mainly with the relationship between the strategic objectives and organizational IT management. The main objectives of IT governance are to reassure that the amount and resources invested in IT produce business value and alleviate the potential risks linked with IT. This could be achieved by employing an organizational structure along with defining the roles in fine manner for responsibility of the information, business processes, performance measurement, performance management and ICT infrastructure, etc. Information technology has become a back bone of most of the organizations. Different effective mechanism are employed by enterprises such as Biometrics authentication techniques, applying strict security over associated networks including ad hoc networks and implementing restrictions over internal employees over downloading, accessing restricted areas and browsing irrelevant websites, most common example of such restriction includes browsing social networking sites. A lot of data is made available by organizations for users to download as well as the facility of creating logins etc are provided in order to get the benefit of knowing about the customers. If the presentation of massive content make complex to discover related information on organizational website then search engine provides more options to clients to explore the services and products available online. Organizations are sacrificing money, productivity and competitive advantage by not implementing effective IT governance. Controlled and properly managed IT section provides great support to organizations in order to achieve their set targets and stay alive in the market of competition. Although IT mostly serves at backhand of the business but yet its significance and participation to industry remain as essential as (if not more than) any other sector of the industry. Banking sector is one sector which relies heavily over the performance of IT, not only to improve their efficiency and gain profit, but also earn best reputation and maintain it. It is known that anything that is as much significant and impact creating as IT is, that needs to be governed or managed carefully. In order to govern the IT, organizations take the different measures like hiring the External Auditors often annually along with permanent establishment of Internal Audit department within the organization. Besides the financial audit, banks avail separate audit function for the IT section to identify vulnerabilities within that section and then implement the necessary steps to overcome it or reduce its impact10. Along with IT Audit, banks form IT Steering Committees and IT Strategic Committees for the purpose of monitoring the functions of IT. These committees also perform the continual measurement and management of the performance of IT department and the services provided by IT. These committees Research Journal of Recent Sciences _____________________________________________________________ ISSN 2277-2502Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci International Science Congress Association 10 perform the job of getting approval of different projects from the higher management after justifying these projects. These committees also stand responsible of performance of IT in front of higher management11. The governance of IT has been a crucial part of governance of entire banks; therefore separate budget has been dedicated and invested in this task as well therefore it becomes necessary that the IT produces business value. Especially since the core business and profit has started to depend over the services and assistance of IT, the importance of IT governance has risen swiftly12. Information Technologies participates significantly in the growth of activities pertaining banking industry. In order to achieve IT governance, while at the same time giving exceptional concerns to the accomplishment of business objectives is of vital interest to any bank13. In the case of the banking sector it is also necessary to consider that the globalization of financial services, coupled with the increasing sophistication of the technologies that should support them, do more complex activities of banks and thus increase their risk profiles. In order to govern the IT efficiently and ensure its alignment with the core business of banking industry, different frameworks are used to govern the IT. In this research thesis try will be to focus on banking industry of Pakistan using these frameworks to govern the IT, mitigate Risk factor, achieve maximum out of IT sector etc14. Information Technology Governance Frameworks: COBIT (Control Objectives for information and Related Technology), The COBIT framework is issued by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). The original version that was issued in year 1996 focused mainly over the auditing. The newest COBIT 5 version was published in year 2013 that underlines the worth that information governance could supply to success of a business. Besides, it also presents some sort of guidance regarding management of risk associated with risk. COBIT is a framework to develop, implement, monitor and improve IT governance and management practices. The objective of COBIT is providing a widespread language for the senior management of business to correspond with each other concerning goals, objectives and the outcomes15. COBIT gives guidance for executive management in order to govern IT within the organization. It endow with further efficient tools for IT to support the business goals, helps to attain more reliable and timely information out of IT, provides services of higher quality, further successful projects and more efficient IT risks management. Latest version of COBIT 5 contains 5 vital principles to govern and manage IT in enterprises: Principle 1is the Meeting the needs of Stakeholder, Principle 2 is to Cover the entire Enterprise, Principle 3 is to Apply a Single and Integrated Framework, Principle 4 is to Enable a Holistic Approach, Principle 5 is to Segregate the Governance from the Management16. Information Technology Infrastructure Library (ITIL): The Information Technology Infrastructure Library (ITIL) is worldwide known set of best practices for management of IT services. An Agency of United Kingdom named Central Computer and Telecommunication (CCTA) produced framework of ITIL in year 1980 to meet the increasing reliance on IT for meeting the business goals and needs. ITIL offers organizations with a customizable framework with best practices to attain service of quality and to triumph over difficulties relevant with the development of the IT systems. Hewlett-Packard (HP) and Microsoft are two companies that have employed ITIL as element of their own best practices frameworks17. ITIL framework is structured into the sets of books, defined by associated functions: service strategy, service design, managerial, service transition, service operation and continual service improvement software. Besides the books which can be bought online, ITIL products and services comprise qualifications, training, software tools and user groups such as the IT Service Management Forum (itSMF). The first version of ITIL framework was in fact originally known as Government Information Technology Infrastructure Management (GITIM). Evidently it was extremely diverse to the existing ITIL but theoretically very alike, focusing around the service support and the delivery. In year 2001, ITIL version 2 was introduced in the market. Service Support and Service Delivery books were reproduced into additional brief practical volumes. Till 2006 ITIL became certainly the most broadly used approach for IT service management best practice worldwide18ITIL version 3 was published in year 2007. This implemented more of a lifecycle approach to service management, with larger emphasis over business and IT incorporation. Latest version of ITIL framework published in year 2011 is update of ITIL version 3. ITIL is at present developed and maintained by Office of Government Commerce in U.K.19. COSO (Committee of Sponsoring Organizations): COSO launched in year 1985 with an aim is to supply thought management dealing with three interconnected issues: enterprise risk management (ERM), fraud prevention and internal control. This model for analyzing internal controls is by the Committee of Sponsoring Organizations of the Treadway Commission. It comprises guiding principles on several functions as well as human resource management, external resources, inbound logistics, outbound logistics, information technology, legal affairs, risk, all financial functions, the enterprise, operations, reporting and procurement. This framework is a more business specific framework that is lesser IT-specific than the other frameworks20. Research Journal of Recent Sciences _____________________________________________________________ ISSN 2277-2502Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci International Science Congress Association 11 ISO 27002: ISO/IEC 27002 is a standard of information security launched by the International Organization for Standardization (ISO) and by the International Electro technical Commission (IEC), permitted IT – Security procedures – Code of practice for management of information security. ISO/IEC 27002:2005 has developed from BS7799 launched in the mid of 1990s. The British Standard was implemented by ISO/IEC as ISO/IEC 17799:2000, modified in year 2005 and rearranged in year 2007 to line up with standards of other ISO/IEC 27000 series21. ISO/IEC 27002 offers best practice proposals on management of information security for exercise by those responsible who initiate, implement or maintain information security management systems (ISMS). Information security is described within the standard in the perspective of the C-I-A triad: Confidentiality, Integrity and Availability. The safeguarding of confidentiality is to ensure that the information is in reach of only authorized persons, integrity is to protect the accurateness and entirety of information and processing methods and availability is to ensure that only authorized users can access the information and connected assets whenever required. The new ISO27002:2013 has been released with updates in its Scope, Terms and definitions, Information Security policies, Access management, Access controls, Cryptography, Operations security, Communication security etc. ISO 17799 is an information security code of practice which covers a wide range of security issues. Broadly (very) the objectives of these are as follows: Evaluation of Risk and its management, System Policy, Information Security management, Management of Assets, Security of Human Resources, Environmental and Physical Security, Management of Operations and Communications, Access Controls, Acquisition, Maintenance and Development of Information Systems, Information Security Incident Management, Management of Business Continuity, Fulfillment22. Critical Analysis in Pakistan Scenario (Banking Industry Aspects): In this paper, critical analyses are performed regarding key features or tools adopted by the management associated with information technology governance in the banking industry of Pakistan. Since the IT is rarely at the front end of any bank, similarly it plays significant role at backhand by playing the role of enabler. This is being performed by IT with providing the advantage of confidentially, integrity and availability to the Data and other IT infrastructure. By critically evaluating the major part of banking industry of Pakistan, is has been noticed that most of the banks have strategically aligned their IT department with their core business. The reason behind this fact might be to compete with the other banks, increasing usage of technology and huge amount is being invested over IT. Almost every bank has established a strategic committee to manage and control the IT related issues, which is a good sign, but forming a separate IT steering committee can improve and align the IT strategically more than the current scenario. Another factor being noticed was that banks’ IT strategic plan doesn’t get updated within as early as it must be in few banks. It is pleasant to know that all the banks understand the importance of IT and its contribution to innovation, efficiency and effectiveness. Similarly, it’s encouraging that the frameworks for IT governance are being adopted by the Industry, which shows the importance given to IT and somewhat the assurance of governing it properly, while around 50% of the Industry is using more than 1 framework at a time which is further encouraging since every framework is designed with different features. But the suggestion is to increase the usage of more than 1 framework in same bank to avoid any complexity associated with IT governance sector. Only few banks has a formal and clearly defined roles and responsibilities for IT risk function which is an issue need to be addressed, because it might create the uncertainty and confusions in the minds of employees, as well as the Audit function becomes complex if found any policy being violated. In this situation, to declare any employee as responsible for that violation becomes harder as well. Performance measurement feature is also below than it must be, it might be because of lesser or improper usage of methodologies used to analyze the performance. Therefore increase in its usage is recommended. The percentage of IT projects being completed timely and within the budget is also quite low, this might be due to inappropriate measurement of performance and doing the calculation by considering its findings. Forming the Service Level Agreements (SLA’s) between IT and the business can also be effective to improve the performance and alignment between IT and core business/other departments. This feature is not adopted as much as yet in the banking industry of Pakistan. It has been noticed that Cultural Barrier is affecting the performance of IT in the government sector banks. It is mainly because of political influence in the process of recruitment, appointment and other matters. It puts additional burden over the IT budget. The usage of conventional and well known methods to measure the performance of IT department addresses the complaint of management and other departments against IT that it underperforms. Methodology The methodology of this research was a questionnaire based survey of the banking industry of Pakistan. The questionnaire contained 240 questions while every question addressing different aspects regarding IT governance. These questions were designed after studying the different IT governance frameworks commonly introduced specially addressing the field of banking. The questionnaire was divided into 5 segments that are elements of IT governance in order to govern any organization. These Research Journal of Recent Sciences _____________________________________________________________ ISSN 2277-2502Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci International Science Congress Association 12 segments comprised of strategic alignment, value delivery, IT risk management, performance measurement and performance management. Results and Discussion Findings: Strategic Alignment: Strategic Alignment is the basic section that demonstrates that how effectively the organization is governing the Information Technology. The objective of strategic alignment of IT is to evaluate that how effectively IT is aligned with other sections of the business of respective organization23. To assess the strategic alignment of banking industry of Pakistan, 12 questions were asked from each person representing their respective banks. Each question covers different aspect of strategic alignment of the bank. Later on, the received answers/feedbacks of all the 20 responding authorities/banks were evaluated or examined as whole and calculated it in percentage of the Industry being strategically aligned. Figure-1 Industry based Strategic Alignment The figure-1 shows that the 84.17 is the percentage of entire banking industry of Pakistan which is aligned strategically as per requirement or acceptable level. The level of strategic alignment is below the standards is up to 12.08 percent, while 3.75 percent questions were not being replied or not applicable to relevant banks, therefore it remained un-calculated. Figure-2 Strategic Alignment Aspects Figure-2 illustrates the total questions covering different aspects being replied up to the mark or satisfactory in context of strategic alignment from the entire industry of banking in Pakistan. Overall questions asked were 240 from the 20 banks, among which the 202 answers from the feedback persons were found to be satisfactory, means these questions explain that their banks are strategically aligned as per requirement. 29 is the number of questions replied as unsatisfactory, while the un-replied or questions not applicable were 9 out of 240. Value Delivery: The investments over the department of IT is increasing rapidly, similarly the questions are being raised that does it justify since I.T hardly ever contribute directly to the core business of the industry of banking. Therefore it has become essential to deliver the value of the money invested over the I.T which is a part of I.T governance as well24. In this context, 3 key questions to were asked from 20 recipients, therefore number of questions asked from the entire banking Industry of Pakistan were 60. Each questions addresses different aspect of the Value Delivery being up to the mark or below the mark. Figure-3 Industry based Value Delivery Figure 3 shows the percentage of entire banking Industry that is delivering the value of I.T as per satisfaction and also shows the unsatisfactory ratio of it. Figure-4 Value Delivery Aspects In figure-4, it is elaborated that the number of total question 84.1712.083.75 Upto Mark Below Mark No Reply/ Not Applicable 20229 Satisfactory Answers Unsatisfactory Answers No Reply/ Not Applicable 86.6713.33 Upto Mark Below Mark 52 Satisfactory Answers Unsatisfactory Answers Research Journal of Recent Sciences _____________________________________________________________ ISSN 2277-2502Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci International Science Congress Association 13 asked from the 20 banks of entire banking industry of Pakistan were 60, among which 52 answers were satisfactory. It means that 52 answers shows that the I.T is delivering the value and justifying the investment made over it by the bank. Therefore 8 feedbacks showing the level of un-satisfaction means these received 8 answers were below the mark and doesn’t deliver the value. Information Technology Risk Management: Risk is one of the most vital factor need to be monitored, controlled and prompted as it emerge. The post emergence operations like mitigating, transferring it and reducing its impact over the business is essential as well. Therefore, in order to govern the I.T effectively, the most important thing is to manage the risks associated with it25. The questionnaire contained 50 questions in this section which were delivered to every recipient representing different banks. Every question covers a different aspect regarding the management of I.T risk within that bank. Figure-5 Industry based IT Risk Management In figure-5, it is shown that 77.20 is the percentage of feedbacks from entire banking industry of Pakistan that lie within the acceptable or required level, which ensures that the I.T is being governed properly as far as the aspects of risk management are concerned. Similarly, 13.10 percent answers were not satisfactory from the entire industry in same aspect, while 9.70 percent questions remained as un-replied or not applicable with relevant banks. Figure-6 IT Risk Management Aspects Figure 6 is the demonstration of number of questions addressing different aspects that were satisfactory or up to the mark. Total aspect wise asked questions were 100 from the entire banking industry, among which 772 answers were as per desired to achieve the governance of I.T in the context of its appropriateness, while 131 were unsatisfactory and 97 did not reply or at present it was not applicable. Performance Measurement: Performance measurement guides the organization and its management about the current status of its resources being used. Measurement enables management to decide for future that where is need to improve and where we are going up to the mark, which becomes a vital factor for organization to develop better I.T governance mechanism26. A questionnaire comprising 11 questions in the section of performance measurement was distributed to the 20 recipients in order to take their precious feedback, which represents verdict and status of their organization. Here are the statistics of entire industry received from the feedbacks received from them. Figure-7 Industry based Performance Measurement Figure-9 clarifies that the percentage of entire banking industry of Pakistan measuring the performance of their IT was 70.91. Whereas 25.45 is the percentage of questions targeting different aspects were replied with the answers below the mark, means this section of entire industry is measuring their I.T not in a proper manner, whereas 3.64 percent questions were not replied due to lake of knowledge or were not applicable to specific bank. Figure-8 Performance Measurement Aspects  \n \r  \r  \n  \n\n            \n  \n\n 70.9125.453.64 Upto Mark Below Mark No Reply/ Not Applicable 15656 Satisfactory Answers Unsatisfactory Answers No Reply/ Not Applicable Research Journal of Recent Sciences _____________________________________________________________ ISSN 2277-2502Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci International Science Congress Association 14 220 questions for different aspects were asked by the feedback giving persons, above figure shows that 156 were the different aspects based questions graded as satisfactory as far as the performance measurement of I.T is concerned for I.T governance, while 56 questions aspects wise couldn’t meet the standards of I.T governance in this field. 8 is the number of questions which remained un-replied in this section. Performance Management: Performance management is another vital part of I.T governance in any organization. The objective is to actively and proactively controlling and managing a company to make sure that it achieves levels of performance which are pre-determined. In contrast, administration that takes steps only after the problem of performance has occurred that significantly affect the organization and the business is busy in crisis controlling and harm control, not performance management. Keeping in mind the importance of performance management, 12 questions covering different aspects in the context of performance management were asked from each recipient and their feedbacks facilitated us to demonstrate effectively and attain knowledge to enrich our research in the field of I.T governance. Figure-9 Industry based Performance Management Above displayed graph shows a sign of that 71.67 percent of entire banking industry is managing the performance as per the standards or requirements of called good I.T governance rules. 24.58 percent of Industry is below the mark from the rules and 3.75 percent questions remained as un-replied due to certain reasons. 240 questions addressing different aspects were asked from 20 recipients of different banks in context of performance management. 172 questions pertaining different aspect were answered as fulfilling the standards and were satisfactory. It also elaborates that 59 questions of same aspects were replied as unsatisfactory status in the industry while 9 questions out of 240 were declared as un-replied. Figure-10 Performance Management Aspects Conclusion In this paper, the key features or tools adopted by the management related to information technology governance in the banking industry of Pakistan are addressed. Since it is known that IT is rarely at the front end of any bank, similarly we have to admit that IT plays significant role at backhand by playing the role of enabler. This is being performed by IT with the assurance of providing the advantage of confidentially, integrity and availability to the Data and other IT infrastructure. By evaluating the major part of banking industry of Pakistan, it has been noticed that most of the banks have strategically aligned their IT department with their core business. Bank has established a strategic committee but forming a separate IT steering committee can improve and align the IT strategically more than the current scenario. Another factor being noticed was that banks’ IT strategic plan doesn’t get updated within as early as it must be in few banks while IT must be featured on the board’s agenda of the banks more often that it is currently. Employing the IT governance frameworks is good sign but usage of more than 1 framework simultaneously in every bank must be promoted to eliminate the maximum flaws in IT and its infrastructure. Organizing the employees training program for their awareness will also certainly help technical persons to align with the new coming technologies in the field of IT specially associated with the banking. Our research can become a useful guideline for banks to strengthen the governance of IT and meet the challenges in the banking industry in the perspective of technology. Governing appropriately and as per desire will definitely ensure the growth and stability in the core business of the banks and will enable the banks to attract the new customers by introducing innovative and friendly services for the clients. 71.6724.583.75 Upto Mark Below Mark No Reply/ Not Applicable 17259 Satisfactory Answers Unsatisfactory Answers No Reply/ Not Applicable Research Journal of Recent Sciences _____________________________________________________________ ISSN 2277-2502Vol. 4(3), 9-15, March (2015) Res.J.Recent Sci International Science Congress Association 15 References 1.Randy V. Bradley and Renée M.E. Pratt, Exploring the Relationships Among Corporate Entrepreneurship, IT Governance, and Risk Management, Proceedings of the 44th Hawaii International Conference on System Sciences, IEEE, (2011) 2.Zhuang Chen, Qiulin Song, Chonglai Zhu and Shibang Cai, Study of Evaluating Method of Enterprise Information Technology Operation and Maintenance Capacity, IEEE, (2011)3.Aa Narmeen Bawany, Rabia Ahmed and Qanita Zakir, Common Biometric Authentication Techniques: Comparative Analysis, Usability and Possible Issues Evaluation, Research Journal of Computer and Information Technology Science, 1(4), 5-14 (2013)4.Lakshmi P.S., Pasha Sajid and Ramana M.V, Security and Energy efficiency in Ad Hoc Networks, Research Journal of Computer and Information Technology Sciences,1(1), 14-17 (2013)5.Social Networking : Its Uses and Abuses, Research Journal of Computer and Information Technology Sciences, ISCA, 1(1), 14-17 (2013)6.Mafaza Sajid and Sarah Mansoor, Usability Testing of Wiki’s, Research Journal of Computer and Information Technology Science ISCA, , 1(5), 1-7 (2013)7.Patil Swati P.1, Pawar B.V.2 and Patil Ajay S., Search Engine Optimization: A Study, Research Journal of Computer and Information Technology Sciences, 1(1), 10-13 (2013)8.Sureerat Saetang and Abrar Haider, IT Governance Implementation in Corporate Environments: A Case Study of an International Hospital in Thailand, Proceedings of PICMET '13: Technology Management for Emerging Technologies., IEEE, (2013)9.Radojevic T. and Radovanovic D., The impact of electronic banking on offer of financial services, IEEE,(2010)10.Yongchen LI and YANG Wen, Risk-oriented Internal Audit In The ERM Framework, 3rd International Conference on Information Management, Innovation Management and Industrial Engineering, IEEE, DOI 10.1109/ICIII.2010.419, (2010)11.Humam AlAgha, Examining the Relationship between IT Governance Domains, Maturity, Mechanisms, and Performance: An Empirical Study toward a Conceptual Framework, 10th International Conference on Information Technology: New Generations, IEEE, DOI 10.1109/ITNG.2013.12, (2013)12.Dalibor Radovanovi, Marko Šarac, Saša Adamovi and Dubravka Lu, Necessity of IT Service Management and IT Governance, IEEE, (2011)13.Lesego M. Chauke, André J Buys, Strategic Utilization of Information Technology within Retail Banking, PICMET 2008 Proceedings, 27-31 July, Cape Town, South Africa (c) 2008 PICMET, IEEE, (2008)14.Zhang Binbin and Mingxing Li and Tongjian Zhang, System Analysis of IT-construction, Organizational Learning and Commercial Bank Operational Risk Control. IEEE, (2011)15.Arun Nagarle Shivashankarappa and Ramalingam Dharmalingam, Implementing it Governance Using Cobit: A Case Study Focusing on Critical Success Factors, World Congress on Internet Security (WorldCIS-2012), IEEE, (2012)16.COBIT, http://searchsecurity. techtarget.com/ definition/ COBIT, [Access: 29-11-2013], (2013)17.Victor Alves, Jorge Ribeiro and Pedro Castro, Information Technology Governance – A Case Study of the Applicability of ITIL and COBIT in a Portuguese Private School, IEEE, (2012)18.ITIL (Information Technology Infrastructure Library), (2008) http://searchdatacenter.techtarget.com/ definition/ ITIL [Access: 16-10-2013], (2013)19.Rúben Filipe de Sousa Pereira and Miguel Mira da Silva, A Maturity Model for Implementing ITIL v3, IEEE 6th World Congress on Services, IEEE, DOI 10.1109/SERVICES.2010.80, (2010)20.Xiu-hua SU and Xi ZHAO, Analysis on Effects of Risk Management Level on Internal Control, IEEE, (2011) 21.Travis D. Breaux, David G. Gordon, Nick Papanikolaou and Siani Pearson, Mapping Legal Requirements to IT Controls, IEEE,(2013)22.What is ISO 17799? http://17799.denialinfo.com/ whatisiso17799.htm [Access: 16-10-2013], (2013)23.Haleh Bagher Esmaili, Hassan Gardesh and Dr. Shahram Shadrokh Sikari, Strategic Alignment: ITIL Perspective, 2nd International Conference on Computer Technology and Development (ICCTD 2010), IEEE, (2010) 24.Value of IT: Beyond the Theoretical, ISACA JOURNAL, ISACA, VOLUME 2, (2009) 25.Tati Ernawati, Suhardi and Doddi R.Nugroho, IT Risk Management Framework Based on ISO 31000:2009, International Conference on System Engineering and Technology, IEEE, (2012)26.Carlos Raniery P. dos Santos, Winnie Cheng and David Loewenstern, Performance Management and Quantitative Modeling of IT Service Processes Using Mashup Patterns, IEEE, (2012)