Refereed Article A5:

Using COBIT to guide the adoption of Enterprise 2.0 technologies

07:01
2009/2010, Dec/Jan

Christian J. Blunt
Victoria University, Wellington, New Zealand
chris.blunt@axenic.co.nz

Michael J. Hine
School of Business, Carleton University, Ottawa, ON, Canada
mhine@sprott.carleton.ca

Blunt, C.J. & Hine, M.J. (2009). Using COBIT to guide the adoption of Enterprise 2.0 technologies. Bulletin of Applied Computing and Information Technology, 7(1). Retrieved March 14, 2012 from http://www.naccq.ac.nz/bacit/0701/2009Blunt_COBIT.htm

Abstract

Enterprise 2.0 (e2.0) is the use of social software technologies within the enterprise. The adoption and use of e2.0 tools within organisations has been widely documented in the practitioner literature. While the promise of e2.0 remains high, the unique nature of said technologies creates strategic, security, and training challenges for organisations considering their adoption. This paper reviews e2.0 and elaborates on e2.0 adoption challenges. It then provides guidance on how the adoption challenges can be addressed using the Control Objectives for Information and related Technology (COBIT) framework.

Keywords

COBIT, Enterprise 2.0, Web 2.0

1. Introduction

Enterprise 2.0 (e2.0) is a phrase that Professor Andrew P. McAfee coined in 2006 to describe the use of social software technologies within the enterprise (McAfee, 2006a). It refers specifically to the use of blogs, wikis and RRS feeds to enable the corporate community to communicate and collaborate in new ways. E2.0 technologies have a lot to offer organisations looking to engage their employees in knowledge sharing and collaboration among themselves (in corporate intranets) as well as with customers, partners and suppliers in both internal corporate intranets and on the public Internet. A recent McKinsey report states that as companies have become more familiar with e2.0 tools they are now starting to adopt them more broadly within their businesses (Bughin, Manyika & Miller, 2008). While the promise of e2.0 has been well documented and remains high, there are fundamental challenges and issues due to the unique nature of e2.0 tools that organisations face as they decide whether and how to adopt these technologies into their businesses. The purpose of this paper is to document those issues and then provide guidance on how they can be addressed using the Control Objectives for Information and related Technology (COBIT) framework.

COBIT was created by the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA) in 1996. It is a set of best practices to assist information technology professionals to implement appropriate IT governance and control while trying to maximize the benefits of IT use within an organisation. COBIT helps managers, users and auditors understand their IT systems and decide the level of security and control that is necessary to protect their companies’ assets through the development of an IT governance model (IT Governance Institute, 2007).

This paper is organised as follows. First, e2.0 is formally defined and its main technologies are discussed. Next an introduction of some of the main categories of issues about the adoption of e2.0 is presented. This is followed by a brief description of the COBIT framework, and a mapping of e2.0 adoption issues to the relevant control objectives of the COBIT framework.

2. Enterprise 2.0

McAfee’s updated definition of e2.0 is “the use of emergent social software platforms within companies, or between companies and their partners or customers” (McAfee, 2006b, para. 2). Social software platforms are computer-mediated environments that allow persistent and visible interactions between individuals. While there are many features that distinguish e2.0 from other technologies, the fundamental difference is that the creation of content becomes democratized i.e., more corporate employees become individually empowered to create online content then in traditional organisational internets and intranets, where the online presence of the organisation is controlled by relatively few.

The most popular e2.0 tools include blogs, wikis, social networking sites, and really simple syndication (RSS) aggregators. While other technologies are often categorized as e2.0 tools, the above represents the base set of technologies that allow users to create new content for organisations public internet and private intranet sites. In addition in a recent Mckinsey survey on e2.0 tools blogs, wikis and RSS showed the largest adoption gains from 2007 to 2008 (Bughin et al., 2008). The same study reported that of companies that have adopted e2.0 tools in their organisation, similar percentages are using them internally (to manage knowledge, foster collaboration, train, develop products or services) and externally to interface with customers (Bughin et al., 2008).

2.1 Blogs

A blog, short for ‘web log’, is a user generated website that displays posts in reverse chronological order, with the most recent entry first. It is analogous to an online diary. Most blogs enable readers to post comments on the blog entries. Like most e2.0 technologies, blogs are easy and inexpensive to use.

Of the e2.0 technologies, blogs have made the most impact in business particularly in customer relations. Blogs have been promoted to marketers as a new way to deliver their message and build enduring relationships with existing and potential customers (Singh, Veron-Jackson and Cullinane, 2008). The impact of blogs is not limited to customer interaction; they can be successfully used to communicate with any organisational stakeholder including employees, partners, customers, suppliers, and shareholders. Blogging is personal. Stakeholders feel they are communicating with a real person rather than receiving the corporate ‘line‘ (Marken, 2006). The frank nature of the content emerging from blog discussions may be a shock to some. However, these transparent discussions may help improve products and services, build trust and ultimately create strong interrelationships both within the organisation and between the organisation and its blogging audience. This message is delivered strongly in Scoble and Israel (2006)’s book on corporate blogging.

2.2 Wikis

A wiki is a collaborative website that can be edited and enhanced by anyone who has access to it. Individual pages can be added, edited and deleted by wiki users. Wikis support versioning so that it is easy for users to ‘rollback’ to a previous version of a page. Wikis are appropriate technology whenever groups need to collaborate on content. The main difference between blogs and wikis is that blogs enable users to create content individually and wikis enable groups to collaborate on content. Content on a blog accumulates over time through a conversation via comments, whilst the content on wikis is replaced or updated as users modify the articles. Perhaps the best-known wiki is the online encyclopaedia Wikipedia.

A recent case study of wiki usage by the Claremont University Consortium (CUC) found that wikis helped enhance communication and knowledge sharing between CUC members (Raman, 2006). These findings are consistent with McKelvie, Dotsika and Patrick (2007), who describe the usage of a wiki as the central method of collaborating for a competitor benchmarking firm. Wagner and Majchrzak (2007) describe the usage of wikis to support customer-centric businesses, i.e. using customer input and collaboration as the main driver of product and service improvement and innovation, and specifically examine three cases of wiki usage and derive six primary characteristics that influence customer engagement.

2.3 RSS feeds and aggregators

RSS stands for Really Simple Syndication. RSS is an XML-based format distributing updates of web-based content (RSS Specifications, 2008). This allows changes in web content to be automatically pushed to a user who receives the content using an RSS reader or aggregator. Many standard email clients have the ability to receive RSS feeds. Content viewed in the RSS reader or news aggregator is known as an RSS feed. While RSS feeds and aggregators do not allow the creation of new web-based content, they are fundamental e2.0 technologies in that they simplify the distribution of changes in blogs and wikis and thus can have a direct impact on the interconnectivity and ultimately collaboration of individual users.

E2.0 introduces blogs, wikis, and RSS feeds into the corporate environment to enable a new level of collaboration. Such collaboration cannot be obtained with current enterprise solutions such as email, document management systems and intranet portals. E2.0 technologies will not replace these established methods of communication and information sharing but will instead complement them.

2.4 S.L.A.T.E.S.

McAfee (2006a) defined six components of an e2.0 system. He introduced the acronym SLATES, which stands for Search, Links, Authoring, Tags, Extensions and Signals. Searches make it easy for users to find information using key words. Links means that the content that is linked to the most is the most relevant. Authoring enables anyone to contribute. Tags provide users with a method to categorise content. Extensions use algorithms to find and user usage patterns and make recommendations about content. Signals alert users to new content. SLATES define the collaboration aspect of e2.0. An e2.0 system enables users to create and categorise content and to search for content-based keywords. It will recommend other content to users based on their previous searches (similar to the way Amazon.com recommends books based on previous purchases) and enable them to be automatically alerted of new content using RSS.

2.5 Enterprise 2.0 Adoption Issues

E2.0 tools can fundamentally change the way organisations operate both internally and externally. The key differentiators of e2.0 tools compared to other technologies create a unique set of challenges for organisations looking to adopt them within their corporate environment. Based on the literature, this section briefly introduces categories of issues that must be addressed for organisations to be able to successfully integrate e2.0 tools into their business strategy and operations.

The decentralising of the organisation due to the democratisation of online content is a characteristic that distinguishes e2.0 from a variety of other information systems. McAfee (2006a) refers to this as a reallocation of decision rights and identifies the associated loss of control as one of the major factors organisations must consider in adopting e2.0. There is perceived risk associated with ‘opening’ an organisation up via online interactivity. Existing corporate cultures may not align with the openness that is required for successful e2.0 initiatives. In addition, there must exist sufficient trust within the organisation that employees will create content and interact among themselves and with suppliers and customers in a professional and respectful manner. Thus, strategic issues around IT alignment, organisational culture, and appropriate use policies need to be addressed.

One unique feature of e2.0 technologies is that they are emergent systems. Emergence is the appearance of global structure through local interaction (McAfee 2006c). This can create self-organizing bodies of knowledge that can be easily, reliably, and accurately searched by existing search engines. The interconnections of information emerge naturally as individually empowered users create new content. Good quality content gets further contribution by interested community members whether it’s through a wiki edit, a blog comment, or a web links. Information becomes a living entity that ebbs and flows as reflected by the interest and needs of organisational members, customers and suppliers. The benefits of emergence can only be obtained if there is participation of many; otherwise, the use of e2.0 tools may result in a system where content is controlled by few, such as in traditional corporate Intranets. An identified e2.0 adoption risk is whether wikis and blogs will contain too little information (Matuszak, 2007b). Once the strategic decision to integrate e2.0 technologies has been made, there are many issues around how to get employees to use said tools and participate in contributing content so that emergence and economies of scale can be achieved.

In a recent survey, over half of the participants identified the protection and securing of data as a primary challenge to incorporating e2.0 into their organisation (Matuszak, 2007a). In the same survey, many organisations thought that compromising financial and business information was the leading risk associated with e2.0. Additionally, a high percentage of survey participants thought that e2.0 could lead to breaches of proprietary data (Matuszak, 2007a). This result reflects a lack of knowledge and understanding of e2.0 tools and their relation to, and impacts on, business processes (Matuszak, 2007a). In addition, legal risks associated with e2.0 tools are perceived to be greater than the benefits thus creating an adoption barrier (Buhgin et al. 2008). If employees are allowed to openly create content through wikis and blogs, organisations have to be aware of potentially damaging remarks that could violate company policy, infringe on employee rights, or be considered libellous (Matuszak, 2007b). In summary, data security and integrity issues are of paramount importance for organisations looking to adopt e2.0 tools.

Because e2.0 tools enable organisational members to work in different ways than before, it is imperative that appropriate training is provided to management, potential users, and IT staff. E2.0 tools are different than other technologies in that they do not enforce a particular workflow up-front. That is, the technology does not force the user to accomplish a task in a particular manner rather it provides a toolset that can be used in a variety of different ways for a variety of different tasks. This potential ambiguity is reflected in the fact that managers and IT personnel alike lack fundamental understanding on how e2.0 tools apply to their organisations (Matuszak, 2007a). In addition it has been found that many companies feel they don’t have the skill set to implement e2.0 technologies (Bughin et al. 2008). In organisations that have found satisfaction with e2.0 tools, business units, rather than IT departments have driven the selection of the toolset (Bughin et al. 2008). The opposite is true in organisation with unsatisfactory experiences, ie. IT departments are driving the selection rather than the business units. For e2.0 to be successful, training and awareness is needed at multiple levels of abstraction; for example, organisational members needs be trained/educated on the benefits of using e2.0 tools; on how they can be used within the organisation; and finally on how to operate the technology itself. In addition the IT staff needs to be aware of the implications on existing infrastructure and be trained if the incoming e2.0 toolset has underlying technological characteristics that they are unfamiliar with.

Overall, the promise of e2.0 is great and to some extent uptake has been mildly successful. Reviewing the unique features of e2.0 technologies and recent literature on the market penetration of e2.0 has resulted in the following broad categories of adoption issues: strategic; data security and integrity; use and adoption; and IT staff and user training

The next section briefly introduces COBIT and its associated control domains. Then a framework that maps the four identified categories of adoption issues in e2.0 to the COBIT objectives is provided. The mappings are discussed and high-level guidance for organisations considering the use of e2.0 tools is provided.

3. COBIT

COBIT helps managers, users and auditors understand their IT systems and decide the level of security and control that is necessary to protect their companies’ assets through the development of an IT governance model. Given that data security and governance have been identified as two of the main barriers to adoption of e2.0 tools within organisations (Matuszak, 2007a), COBIT is an appropriate framework in which to study e2.0. COBIT version 4.1 has 34 high level processes that cover 210 control objectives (a set of high-level requirements to be considered by management for effective control of each IT process) categorized in four domains: Planning and Organisation, Acquisition and Implementation, Delivery and Support, and Monitoring and Evaluation (ITGI, 2007).

The Planning and Organisation domain involves the identification of how IT can best enable an organisation’s business objectives. As such, it involves planning and communicating strategic vision throughout the organisation as well as ensuring that an appropriate technological infrastructure is in place. The Acquisition and Implementation domain focuses on identifying, building and/or acquiring IT services. Additionally, change management activities are part of this domain. The Delivery and Support domain deals with activities related to day-to-day delivery, management and support of IT services. The Monitor and Evaluate domain ensures that all IT services are measured regularly to ensure compliance with established service level agreements.

Recent theoretical and empirical articles have emerged that focus on the use of COBIT in compliance work. Mishra and Weistroffer (2007) present a COBIT-guided framework for integrating Sarbanes-Oxley requirements into a standard software development analysis and design process. Similarly, Kuhn (2007) presents COBIT as a method for complying with Sarbanes-Oxley requirements regarding data retention and availability of electronic records management. Within an auditing setting, Tuttle and Vandervelde (2007) empirically validated the internal consistency between COBIT’s underlying constructs. Overall COBIT is a popular industry framework for maximizing the use, value, and responsibility of IT and it has recently has had relatively higher profile in the academic literature due to increased concern around controls and data security.

4. Mapping The Key Issues Of Enterprise 2.0 To The Cobit 4.1 Framework

Table 1 below provides a mapping of the four identified categories of adoption issues emerging from and detailed in our earlier analysis, to the relevant high-level control objectives of the COBIT 4.1 framework.

Table 1: COBIT Control Objectives for e2.0 Adoption

4.1 Strategy

Institutional norms that do not support openness and collaboration due to hierarchical structures or confidentiality concerns are a major worry for organisations looking to adopt e2.0 technologies (Matuszak, 2008b). Davenport (2007) argues that the absence of participative technologies in the past is not the only reason that organisations and expertise are hierarchical. He believes that the use of e2.0 software won’t make organisational hierarchy and politics disappear. He states the current barriers that prevent open knowledge exchange within organisations (power differentials, lack of trust, missing incentives, unsupportive cultures, and workloads) won't be significantly altered by e2.0 technologies. McAfee (2007) suggests that whilst these platforms won’t by themselves turn companies with strong hierarchical structures and management politics into democratic organisations with continuous employee innovation and knowledge creation, they will enable organisations that want to cultivate collaboration to achieve their goal. Interestingly, a recent survey reported that 17% of participants felt that their organisational structure is too hierarchical to successfully adopt e2.0 technologies (Bughin et al., 2008). If a culture of collaboration is to be nurtured there has to an effort by upper management to support such an initiative.

The adoption of e2.0 platforms has to be aligned with the organisations IT strategy. IT strategic planning enables an organisation to manage and direct all IT resources and in line with the business strategy and priorities (ITGI, 2007). For example, if an organisation has a business strategy to encourage its employees to share ideas and collaborate across departmental boundaries then the IT Strategic Plan should support this with the adoption of e2.0 technologies.

A main problem for organisations to overcome is that of unwanted unfavourable opinions disseminated via e2.0 technologies. Management’s ability to exercise unilateral control over dissenting or negative views about the organisation and its plans and actions may be reduced by the introduction of e2.0 technologies into the enterprise (McAfee, 2006a). While management may outwardly desire an open collaborative culture to emerge and be nurtured, they need to be cognizant of the potential for negativity to emerge. Thus they face the challenge of balancing how much control over content creation to exert on employees with the encouragement and support that is necessary to integrate new tools into the day-to-day operations of the organisation (McAfee, 2006a).

Organisation’s adopting e2.0 platforms should define acceptable use policies for the new technologies. These should provide users with clear and easy to understand guidelines of what is and isn’t acceptable content (ITGI, 2007). However, management needs to be careful when drafting the controls around usage of e2.0 technologies. Not enough control could lead to organisation-wide anarchy but too much control could stifle input from users.

Most of the commercially available e2.0 platforms are based on open source software, for example SocialText and Confluence. Whilst organisational adoption of open source software is emerging it is still a relatively recent phenomenon. Management needs to educate themselves on the implications and benefits of adopting open source technologies to ensure that they align to the businesses information systems strategic plan (Dedrick and West, 2004). COBIT (ITGI, 2007) suggests that the IT function of the organisation should regularly analyse existing and emerging technologies to ensure that the defined direction and architecture are not inhibiting the organisation from meeting the business’ needs. Organisations that offer open source software may have a fundamentally different business model than organisations seeking to adopt them. Consequently, it is imperative that organisations adopting e2.0 solutions based on open source technologies established procedures for the procurement of technologies. (ITGI, 2007).

In addition, whichever e2.0 software and hardware solution is chosen it is essential that an enterprise information model is appropriately updated (ITGI, 2007) to reflect the new types of corporate data that will be generated from within the organisation. As e2.0 tools become more prevalent in organisations and begin to play a more integral role in the generation of corporate knowledge the definition and management of service levels via service level agreements will need to be monitored and updated appropriately (ITGI, 2007).

Table 2 below provides our selected subset of COBIT control objectives that can help management overcome the strategic challenges when implementing e2.0 Technologies.

Table 2: COBIT Control Objectives for E 2.0 Strategy

4.2 Data Security and Integrity

E2.0 technologies introduce an added complexity to data ownership and classification. Patrick and Dotsika (2007) question who actually owns and manages the data stored in e2.0 platforms. In contrast to the traditional enterprise intranets where content is created by only a few people within the organisation, the content within e2.0 collaboration platforms is ‘user’ created, potentially by a vast population of users.

Identifying business data owners is important as they are responsible for data classification and defining the controls to ensure that suitable protection is provided (ITGI, 2007). As the goal of e2.0 technologies is to facilitate collaboration and information across an organisation, it may not be appropriate that all data creators are defined as data owners. However, it may be possible though to identify a suitable business owner for the information that is stored in the platform. For example, a Wiki that provides a collaborative space for a specific project may have the project manager defined as the data owner.

Dearstyne (2007) suggests that blogs and wikis are inclusive and the strength of them comes from the willingness of the contributors to impart their knowledge and insights. The sharing and accumulation of ideas can produce creativity as participants reflect, respond and make new interconnections in the depth and breadth of their own and shared understandings (Dearstyne, 2007). Dearstyne argues that this process requires information availability that heightens concerns for organisations implementing e2.0 technologies about information security and integrity (2007). It is a risk that, when you encourage users to share information and ideas, they may post sensitive or restricted information to a wide and inappropriate audience. Further, wikis are iterative. The content is fluid as it is modified by other users. It is possible that information can be changed accidentally or deliberately so that it is no longer accurate.

COBIT defines a number of controls around data security and integrity, from data classification schemes to identity management (ITGI, 2007). Organisations should implement a data classification scheme that defines the data based on criticality and sensitivity, for example Public, Confidential, Top Secret (ITGI, p.p.33-34, 2007). This will enable the organisation to define policies and technical controls (e.g. access controls, archiving and encryption) to ensure information is appropriately protected and distributed.

The COBIT framework states that organisations should define and implement procedures for effective and efficient data storage and retention that meets the business objectives, security policy and regulatory requirements (ITGI, p.142, 2007). This will enable organisations to ensure that data is managed and maintained. For example, an employee who maintained a company blog may leave the organisation. The data contained in the blog may not be required any longer so it should be archived to backup tape and removed from the blog platform.

Table 3 below provides our selected subset of COBIT control objectives that mitigate the risks of data security and integrity that organisation will face when implementing e2.0 technologies.

Table 3: COBIT Control Objectives for E 2.0 Data Security and Integrity

4.3 Use and Implementation

The use of e2.0 technologies promises the ability for organisations to transform the way their employees interact, share information and even enable them to decentralise decisions. However, this will not happen by simply the introducing e2.0 technologies onto the corporate network.

Charman-Anderson (2006) suggests that installing a wiki or blog and making it available to users will not result in widespread adoption. She states that there are two proactive approaches to facilitate adoption of e2.0 platforms. The first is through grassroots initiatives where participation will gestate and evolve organically from the bottom-up. The second involves top-down directives from management. She believes that the former is more desirable as it will result in more sustainability because the users make their own determination of the alignment of the tool with their actual needs and requirements. This creates an environment where users feel ownership of the wiki or blog and thus are more likely to contribute new information. The sustainability of the e2.0 tool usage then contributes to establishing or reinforcing a culture of openness, which Charman-Anderson says offers a high strategic benefit (2006). Other proponents of e2.0 tools have stated there is a perception of risk associated with the bottom up approach and that a strategy that incorporates both top down directives and incentives; and the energies of bottom up adoption is the best strategy for trying to establish sustainable and beneficial usage of e2.0 tools in the organisation (Mayfield, 2004).

McAfee (2006) observes that whilst the Internet contains a massive amount of information, not all users actually create content. Encouraging employees to share their ideas and knowledge openly is often difficult. People may believe that job security is achieved through retaining information. Incentives must exist for these people to take part in the organisation’s knowledge community. One potential incentive is the formal recognition that blog, wiki and forum contributors gain. Through this users may earn respect from their peers within the organisation for sharing and demonstrating their expertise. Experts on e2.0 all seem to agree that it is best to avoid the ‘if you build it they will come’ approach.

In situations where the adoption of a system may not be as great as management had hoped it is recommended that a feasibility study be conducted (ITGI, 2007). Organisations should consider running a proof of concept or small pilot of the platform to ensure that it meets the businesses requirements and that user adoption will meet management’s expectations. To this end, SocialText offers an unsupported version of its software as a free download and Confluence offer a 30 day limited trial.

Patrick and Dotsika (2007) suggest that the scalability of the e2.0 solutions is an important issue. They state that poor scalability could lead to technical issues arising such as a networks bandwidth not being sufficient. It may also introduce financial issues, such as additional licensing costs and increased storage requirements.

COBIT (2007) recommends that organisations establish performance and capacity planning reviews to ensure that systems have sufficient resources available to meet the businesses requirements and service level agreements (SLAs). For example, monitoring disk capacity to ensure that there is sufficient storage available.

The table below provides our selected subset of COBIT control objectives that can help management overcome the challenges of implementation and adoption of e2.0 Technologies.

Table 4: COBIT Control Objectives for E 2.0 Use and Implementation

4.4 Training

Given that many of the e2.0 solutions available are open source and free, training and support needs should be carefully considered when assessing the potential value of the e2.0 technologies (Raman, 2006). In addition, the current skills of the organisations IT staff are an important consideration if the technology selected is based on open source software. Research has shown the skills and experience of IT staff can have a substantial effect on the implementation of open source solutions (Dedrick and West, 2004). For example, an organisation that has already implemented UNIX and Linux based technologies within its infrastructure is generally going to find it easier to implement and maintain e2.0 platforms based on open source technologies than one that has a Microsoft Windows based infrastructure.

COBIT (2007) recommends that IT employees be given appropriate training and to ensure that systems are implemented and maintained. All IT staff affected by the systems implementation, whether in user departments or operations should receive training (ITGI 2007). If the selected e2.0 platform is open source based and the organisations IT staff are skilled in Windows infrastructure then this may require a sizable investment in both money and time for retraining.

As with any software application, usability is key to the success of the implementation. E2.0 systems need to be easy to use or they won’t be adopted. The method of content creation needs to be intuitive and not require any specialist technical skills. McAfee (2006a) states that the commercially available e2.0 technologies incorporate the SLATES components, and believes that they are following two guidelines. First, they’re making sure their offerings are easy to use. Anybody familiar with working with a keyboard, mouse and a browser has the necessary capabilities to create content. There are little or no specialized technical skills or training required. The second guideline McAfee mentions is that builders of e2.0 solutions are trying not to embed or dictate workflow within the technology (2006a). Instead, they’re building tools that allow workflow to be fluid and emerge naturally.

Charman-Anderson (2006) describes the use of key users to evangelise the benefits of using e2.0 platforms within the organisation. She believes that these key users should also be used to train and support the wider user community because they have a greater understanding of their colleagues’ workflows and procedures as compared to an external trainer.

COBIT provides a very strong framework for end user training. Organisations should indentify the users and organisations training requirements. Users may require instruction on how to the use the interface to create or search content. However, management may want users to be educated on the acceptable use policy and information security (ITGI, 2007).

Another important consideration is the method used to deliver the training (e.g. classroom, web based, mentor, help guide). Based on the identified education and training needs organisations should identify efficient delivery mechanisms, trainers and mentors. As the e2.0 platforms are designed to be familiar and easy to use a less formal training may be required. Still users should be asked to evaluate the training that they receive to ensure that it is meeting their requirements (ITGI, 2007).

Table 5 below provides our selected subset of COBIT control objectives that can help management overcome the IT staff and user training challenges when implementing e2.0 Technologies.

Table 5: COBIT Control Objectives for IT Staff and User Training

5. Conclusion

E2.0 technologies offer organisations the ability to engage their employees in knowledge sharing and collaboration among themselves and with partners, customers and suppliers via intranets, extranets and the public Internet. While the potential benefits of these technologies have been well documented, the realisation of said benefits may take time, as user’s switch from the traditional collaboration technologies of email, telephone and Instant Messaging. This paper reviewed and synthesized e2.0 adoption issues into the broad categories of: strategy; data security and integrity; use and implementation; and training.

Like many change management undertakings, the main problems faced by an organisation implementing e2.0 technologies will be related to people not technology. The corporate culture will be a huge influence on the success of e2.0 platforms. Additionally, managements’ tolerance for the openness of information and knowledge exchange will dictate the degree to which e2.0 technologies will be used and adopted. Users will need to have a clear set of guidelines on acceptable use. These cannot be too prohibitive or they could stifle acceptance of the technologies.

Organisations need to carefully plan an e2.0 platform implementation to ensure that the desired outcomes are achieved. This paper purports that the COBIT 4.1 framework can help organisations successfully implement e2.0 technologies by providing them with governance to ensure that risks are identified and overcome. Specifically, this paper identifies which of the COBIT control objectives are most relevant to implementing e2.0 technologies within organisations.

6. References

Bughin, J., Manyika, J., & Miller, A. (2008). McKinsey Global Survey Results Building the Web 2.0 Enterprise. The Mckinsey Quarterly, July, 10 pages.

Charman-Anderson, S. (2006) An adoption strategy for social software in enterprise. Retrieved May 19, 2008, from http://strange.corante.com/archives/2006/03/05/an_adoption_strategy_for_social_software_in_enterprise.php.

IT Governance Institute (2007). COBIT 4.1. Retrieved May 01, 2008, from http://www.cobitonline4.info/Pages/Public/Browse/PdfDownload.aspx.

Davenport, T. (2007). Why enterprise 2.0 won't transform organisations. Retrieved May 10, 2008, from http://discussionleader.hbsp.com/davenport/2007/03/why_enterprise_20_wont_transfo.html.

Dearstyne, B. W. (2007). Blogs, mashups, & wikis: oh, my! Information Management Journal, 41(4), 25-28,30,32-33.

Dedrick, J. and West, J. (2004). An exploratory study into open source platform adoption. Proceedings of the 37th Annual Hawaii International Conference on System Sciences, Jan. 5-8, Page(s):10 pp.

Kuhn, J. R. (2007). Electronic Records Management and Sarbanes-Oxley Compliance: A Case Study of the COBIT Approach. ICFAI Journal of Audit Practice, 4(4), 25-39.

Lai, L. S. L. & Turban, E. (2008). Groups Formation and Operations in the Web 2.0 Environment and Social Networks. Group Decision & Negotiation, 17(5), 387-402.

Marken, G.A.A. (2006). Blogosphere or Blog with Fear. Public Relations Quarterly, 51(4), 33-35.

Matuszak, G. (2007a). Enterprise 2.0 The Benefits and Challenges of Adoption. 20 pages.

Matuszak, G. (2007b). Enterprise 2.0: Fad or Future? The Business Role for Social Software Platforms. 19 pages.

Mayfield, R. (2004). Middlespace. Retrieved May 19, 2008, from http://many.corante.com/archives/2004/10/27/middlespace.php.

McAfee, A. (2007). I still agree with Tom, and yet. Retrieved May 01, 2008, from http://blog.hbs.edu/faculty/amcafee/index.php/faculty_amcafee_v3/entry/i_still_agree_with_tom_and_yet/.

McAfee, A. & Brynjolfsson, E. (2007). Beyond Enterprise 2.0: An interview with Erik Brynjolfsson and Andrew McAfee. MIT Sloan Management Review, 48(3).

McAfee, A. (2006a). Enterprise 2.0: The dawn of emergent collaboration. MIT Sloan Management Review, 47(3), 21-28.

McAfee, A. (2006b). Enterprise 2.0, version 2.0. Retrieved Dec. 3, 2008, http://blog.hbs.edu/faculty/amcafee/index.php/faculty_amcafee_v3/enterprise_20_version_20/

McAfee, A. (2006c). The Mechanisms of Online Emergence. Retrieved December 2, 2008, http://blog.hbs.edu/faculty/amcafee/index.php/faculty_amcafee_v3/the_mechanisms_of_online_emergence/

McKelvie, G., Dotsika, F., & Patrick, K. (2007). Interactive business development, capturing business knowledge and practice. A case study. The Learning Organization, 14(5), 407-422.

Mishra, S. & Weistroffer, H. R. (2007). A Framework For Integrating Sarbanes-Oxley Compliance Into The Systems Development Process. Communications of AIS, 20, 712-727.

Patrick, K. and Dotsika, F. (2007). Knowledge sharing: developing from within. The Learning Organization, 14(5), 395-06

Raman, M. (2006). Wiki Technology as a "free" collaborative tool within an organization. Information Systems Management, Fall, 59-66.

RSS Specifications (2008). What is RSS? Retrieved December 4, 2008, from http://www.rss-specifications.com/what-is-rss.htm

Scoble, R. & Israel, S. (2006). Naked Conversations How Blogs Are Changing The Way Businesses Talk With Customers. Hoboken, NJ: John Wiley and Sons.

Shin, D. H. & Kim, W. Y. (2008). Applying the technology acceptance model and flow theory to cyworld user behavior: implication of the web 2.0 user acceptance. CyberPsychology & Behavior, 11(3), 378-382.

Singh, T., Veron-Jackson, L., & Cullinane, J. (2008). Blogging: A new play in your marketing game plan. Business Horizons, 51(4), 281 - 292.

Tuttle, B. & Vandervelde, S. D. (2007). An empirical examination of CobiT as an internal control framework for information technology. International Journal of Accounting Information Systems, 8(4), 240-263.

Warr, W. A. (2008). Social software: fun and games, or business tools? Journal of Information Science, 34(4), 591-604.

Home | Issue Index | About BACIT