Next Article in Journal
Evaluating the Effect of Bacterial Inoculation and Fertilization on the Soil Nutrient Status of Coal Mine Soil by Growing Soybean (Glycine max) and Shrub Lespedeza (Lespedeza bicolor)
Next Article in Special Issue
Correction: An Efficient Grid-Based K-Prototypes Algorithm for Sustainable Decision Making Using Spatial Objects. Sustainability 2018, 10, 2614
Previous Article in Journal
Engaging the Private Homeowner: Linking Climate Change and Green Stormwater Infrastructure
Previous Article in Special Issue
Consistent Registration and Discovery Scheme for Devices and Web Service Providers Based on RAML Using Embedded RD in OCF IoT Network
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 10
Issue 12
10.3390/su10124792
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Environmental Sustainability in Information Technologies Governance

by
Wilmer Rivas-Asanza
1,*,
Jennifer Celleri-Pacheco
1,
Javier Andrade-Garda
2,
Rafael García-Vázquez
2,
Virginia Mato-Abad
2,
Santiago Rodríguez-Yáñez
2 and
Sonia Suárez-Garaboa
2
1
Unidad Académica de Ingeniería Civil, Universidad Técnica de Machala, Grupos AutoMathTIC y GIDCOWEB, Machala 070222, Ecuador
2
Departmento de Computación, Facultad de Informática, Universidade da Coruña, Grupo ISLA, Elviña, 15071 A Coruña, Spain
*
Author to whom correspondence should be addressed.
Sustainability 2018, 10(12), 4792; https://doi.org/10.3390/su10124792
Submission received: 23 November 2018 / Revised: 11 December 2018 / Accepted: 12 December 2018 / Published: 15 December 2018
(This article belongs to the Collection Advanced IT based Future Sustainable Computing)
Browse Figures
Versions Notes

Abstract

:
In the present day, many risk factors affect the continuity of a business. However, this situation produces a conducive atmosphere to approach alternatives that relieve this situation for organizations. Within these alternatives, environmental sustainability (ES) and information technologies governance (IT governance or ITG) stand out. Both alternatives allow organizations to address intrinsically common issues such as strategic alignment, generation of value, mechanisms for performance improvement, risk management and resource management. This article focuses on the fusion of both alternatives, determining to what extent current ITG models consider ES issues. With this purpose, the strategy followed was firstly to identify the relevant factors of ES present in the main approaches of the domain (ISO14001, GRI G4, EMAS, SGE21 and ISO26000). As a result, we identified 27 activities and 103 sub-activities of ES. Next, as the second main objective, we determined which of those factors are present in the main current ITG approaches (COBIT5, ISO38500 and WEILL & ROSS). Finally, we concluded through a quantitative study that COBIT5 is the most sustainable (i.e., the one that incorporates more ES issues) ITG approach.

1. Introduction

In the present day, companies are facing a high risk environment [1] characterized by global recession, uncertain competitive environments, need to reduce costs, etc. This has led organizations to incorporate alternatives that help to maintain their benefits [2,3].
At this moment, two main concepts arise in the search for these alternatives. On the one hand, environmental sustainability (hereafter, ES) is considered to be one of the three dimensions of sustainability, whose most widely recognized definition belongs to Gro Harlem Brundtland: “meets the needs of the present without compromising the ability of future generations to meet their own needs” [4]. This definition applied to ES implies achieving business development results without threatening the environment and defending the interests of future generations. Thus, ES is a tool that allows organizations to: (i) generate business value, (ii) generate capacity to support, recover and prevail, and (iii) design strategies with greater economic and ecological responsibility [2,5].
On the other hand, information technologies governance (hereafter, IT governance or ITG) can be defined as “an integral part of enterprise governance that consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives and that it is the responsibility of the board of directors and executive management” [6]. Thus, ITG is a tool that allows organizations to: (i) improve their effectiveness and efficiency, (ii) have a competitive advantage, and (iii) maximize profitability [7].
There are many approaches today concerning ES, among which we can mention the following:
  • ISO14001: A standard developed by the ISO (International Organization for Standardization) whose objective is to reduce the amount of environmental impacts. It was first published in 1996 and had several versions, the last being the revision in September 2015 [8,9,10].
  • GRI G4: The fourth version of the GRI (Global Reporting Initiative) guide, which offers the appropriate tools for the preparation of sustainability reports and provides the principles and indicators to measure and demonstrate the performance of an organization with respect to economic, ecological and social issues [11,12].
  • EMAS: The European EMAS (Eco-Management and Audit Scheme) Regulation represents a voluntary approach that aims to increase corporate environmental performance [13,14]. Originally designed for the industrial sector, EMAS can be applied in all organizations following its revision of 2001 (Regulation (EC) No. 761/2001) in order to increase environmental performance [15,16,17] and even innovation [18].
  • SGE21: An auditable and certifiable standard by FORÉTICA used to establish an ethical management system. It focuses mainly on compliance with legislation and regulations, ethical management, and social responsibility policy, and provides a code of conduct and means of review by management to achieve continuous improvement [19,20].
  • ISO26000: An international standard of the ISO family, which provides guidance to organizations on the methods to implement the principles of social responsibility in the daily activities of an organization [20,21].
  • ESF: The Environmental and Social Framework (ESF) enables the World Bank and borrowers to better manage environmental and social risks of projects and to improve development outcomes. The ESF offers broad and systematic coverage of environmental and social risks [22].
  • SR10: Establishes the requirements of a social responsibility management system for organizations committed to the principles and recommendations on social responsibility and, in particular, those contained in the International Standard ISO26000 [23].
Similarly, there are many approaches today concerning ITG, among which we can mention the following:
  • COBIT5 (Control OBjectives for Information and related Technology): A reference framework for governance and IT management whose objective is to help organizations create value from IT, maintaining a balance between obtaining benefits, optimizing the level of risk and their resources [24,25,26].
  • ISO38500: Constitutes a guide or tool for ITG by establishing ITG activities, such as evaluation, management and monitoring of the use of information and communication technologies [27,28].
  • CALDER-MOIR: An ITG framework that provides a structural guide to implement ITG. In fact, it is a simple tool to help implement the ISO38500 standard [29].
  • WEILL & ROSS: Peter Weill and Jean Ross propose an ITG framework where senior management will position the company in the desired profile through the articulation of desirable strategies and behaviors [30].
  • FORRESTER: The publication of Forrester Research establishes that the implementation of good IT governance requires a framework based on three main elements: structure, process and communication [31].
  • GTI4U: This model has been proposed by a group of Spanish researchers. It is based on the ISO38500 standard and has been developed to be implemented in a university environment, being also used to evaluate the overall level of maturity of the Spanish university system [32].
  • SMEsITGF: An ITG framework oriented on small and medium-sized enterprises and focused on the analysis of human resource management issues [33].
Both trends (ES and ITG) have followed independent paths until now. However, several studies have recently emerged with the intent to integrate them. Thus, because of the synergy between both, the concept of sustainable IT governance (hereafter, sIT Governance) arises. That is to say, the two trends merge with the intention of contributing to the evaluation, management and monitoring of IT practices in organizational processes and activities from a ES viewpoint [34]. The aim is to reduce or minimize the environmental impact by seeking optimization of resources, strategic alignment, generation of value and risk management [35,36].
SIT Governance is a recent concept that is still in progress. It is true that the number of investigations in this field is increasing (to a lower degree in the topic itself and to a greater degree in related topics), however, there are still no specific models/standards to help organizations to implement sIT Governance. In this sense, the work of Bengtsson and Ågerfalk [37] is a well-known study showing relevant papers relating IT and the environment. Most deal with more energy efficient computers [38,39], server virtualization [39] and other technical aspects that focus on the components (e.g., [40,41,42]); without taking into account the ES from an integral and strategic point of view.
The two more relevant attempts today in merging ES and ITG into an integral and strategic sIT Governance synergy are the following:
  • The study carried out by Machado et al. [43] that includes a mapping between activities from COBIT (versions 5 and 4.1), as a representative of ITG, and activities from GRI G4, as a representative of ES. However, this work: (i) puts aside relevant ITG approximations (such as ISO38500, CALDER-MOIR, WEILL & ROSS and FORRESTER) as well as relevant ES approaches (such as ISO14001, EMAS, SGE21 and ISO26000) and (ii) performs a “grosso modo” mapping.
  • The study carried out by Merhout and O’Toole [44], where they review COBIT5, one of the most relevant ITG frameworks, to determine the degree to which it supports the ES dimension (especially in relation to the acquisition, use and disposition of IT assets). They concluded that COBIT5 clearly presents a sustainability deficit, although they do not quantify it.
From these studies, we conclude two main deficiencies:
  • The identification of the relevant ES factors using a single approximation to such a domain without complementing it with the other points of view of the main approaches (ISO14001, GRI G4, EMAS, SGE21 and ISO26000). This situation does not allow considering all the information that could be relevant.
  • The high-level of detail (granularity) used in the studies of ES/ITG activities. This situation does not allow specifying, for example, the detailed assignment of factors from ES to (sub) activities of ITG.
These two deficiencies are addressed in this work. The purpose is to contribute to: (i) first, identifying the specific (i.e., not general) factors of ES contained in the main ES approaches (ISO14001, GRI G4, EMAS, SGE21 and ISO26000); and (ii) second, determining to what extent these factors are already present in the main ITG approaches (COBIT, ISO38500 and WEILL & ROSS), concluding with quantitative measurements regarding the ES deficit in current ITG frameworks as a consequence. The first objective is essential since it allows considering all the information that could be relevant coming from the main current ES approaches (not only one) and with an adequate and practical level of detail (instead of a high-level of detail/granularity). The second objective, derived from the first, is equally important in order to evaluate to what extent the current ITG frameworks have an ES deficit. In fact, the study presented here will be the starting point to address the ES deficiencies detected in the ITG frameworks and/or to propose a new comprehensive sIT Governance model.
The rest of the article is organized as follows. Section 2 presents the methodology we applied to fulfill the two above-mentioned objectives, whereas Section 3 presents the results obtained for such objectives. Finally, Section 4 includes the discussion and the main conclusions according to the results obtained.

2. Materials and Methods

Figure 1 summarizes the two main activities that we considered in order to achieve the above-mentioned objectives. The first activity consists of comparing the main ES approaches in order to identify the set of relevant ES factors (first objective). This is because current ES approaches do not address the same aspects. Thus, there are ES factors that are considered by some approach but not by all of them and, on the other hand, the same ES factor may have different names in different approaches. Only when this information has been obtained from Activity 1, can the second activity be undertaken: to compare the main ITG approaches against the set of identified relevant ES factors in order to determine their degree of compliance (second objective).
We used an analytical strategy of a comparative study between models and standards [45] to address the activities shown in Figure 1. This decision was based on the absence of specialized publications regarding comparative studies of mapping activities among the models/standards related to ES and ITG. Specifically, we chose the Method of Study of Similarity between Models and Standards (MSSMS) [46] as the working method for both activities. It proposes seven phases to formalize and organize a study to find the similarities and differences between several approaches (e.g., frames, models or standards). This method has been applied in different and diverse domains: comparative analysis of maturity models in business intelligence [47], study on software outsourcing based on CMMI-ACQ [48], comparison of models and standards for implementing IT service capacity management [49] and similarity study of risk management process in software outsourcing projects [50]. Figure 2 presents the seven phases of the MSSMS method.
The deployment of these phases requires the identification of the elements that make up each approach/model/standard. We applied the deductive analytical method [51] for this and a documentary analysis as data collection technique to investigate the published documents. Below is a general description of the seven MSSMS phases:
Phase 1: Select the possible standards and models to be analyzed
The purpose of this phase is to choose the set of models and standards to be included in the study, setting up the criteria that support the selection (e.g., the contribution to the scope of study and the number of user organizations). Once the criteria are defined, the documentary analysis will let us identify the bibliographic references that validate our approach selection.
Phase 2: Define the reference model
The reference model represents the selected approach providing the broadest coverage in the field of study. Considering that the comparative analysis proposed in this work is based on the structure (elements) that make up each approach, the reference model should be the one that contributes most to the field of study through its structure. It will act as the pivot for the comparative analysis, and the correspondences with the other approaches are established around it in an iterative and individual way. This phase synthesizes the approaches selected in Phase 1 through the deductive and documentary analysis, and one is selected as the reference model for the comparative analysis.
Phase 3: Select the process(es) to be analyzed
The purpose of this phase is to determine the scope of the comparison to be carried out. Thus, the comparison of the approaches selected in Phase 1 may cover all or some of their constituent processes.
Phase 4: Set the level of detail
Once the standards/models to be considered, the reference model, and the process(es) to be analyzed have been selected, what remains to be defined is what element of the structure for each approach will be used to compare; that is to say, what is going to be mapped and to what level of the structure the mapping will reach. To select the level of detail, we applied the criteria of homogeneity and granularity. The first criterion tries to avoid mapping specific elements of an approach with general elements of another, because that would produce invalid results. The second criterion defines the level of specificity of the mapping taking into account that the highest granularity in a hierarchy would be at the top of it, and the minimum granularity would be at the bottom. The level of detail should be selected considering that granularity and homogeneity are consequently related; that is, homogeneity must be met to apply the minimum granularity.
Phase 5: Create a correspondence template
This phase defines the template to be used in the next phase. This template will be based on the process(es) to be analyzed (Phase 3) and on the level of detail established in Phase 4.
Phase 6: Identify the similarities among the models
The purpose of this phase is to identify the similarities among the selected models through the elements that they have in common. Thus, this phase performs the actual comparison among the selected approaches by mapping the considered element. We used an iterative strategy for the mapping: each model/standard is mapped individually regarding the considered element of the selected reference model. Once mapped, the result is reviewed in its entirety and the following is approached in the same way.
Phase 7: Present the results
The purpose of this phase is to present the results obtained in a structured manner.

3. Results

We present in this section the deployment of the seven MSSMS phases (Figure 2) to address the two activities proposed in Figure 1.

3.1. Activity 1: Identify the Relevant Factors of ES

3.1.1. Phase 1: Select the Possible Standards and Models to be Analyzed

The criteria for the selection of the standards and models to be incorporated into the comparative study were the following: (a) those related to ES, (b) those with a relevant proponent institution, (c) those most used by organizations, and (d) those with updated information and whose documentation is available.
The following ES approaches were selected using the above-mentioned criteria: ISO14001:2015, GRI G4:2013, EMAS:2009, SGE21:2016 and ISO26000:2012. Table 1 shows the bibliographic references that support the compliance with the criteria for each approach. It is worth mentioning that we have not selected other models because they do not meet any of the aforementioned criteria. For example, ESF [22] and SR10 [23] have not been selected because they do not meet the criterion defined in c) (i.e., they are not used by organizations despite their relative degree of dissemination).

3.1.2. Phase 2: Define the Reference Model

Once the ES approaches have been selected, one has to be defined as the reference model in this phase. The deductive and documentary analysis of the five selected approaches lets us gather the sufficient knowledge to select the reference approach. Table 2 shows a descriptive synthesis of the five ES approaches studied, whereas a detailed description for each approach is provided in the supplementary material by means of five tables (Table S1a–e). Each table shows the name of the phase, the name of the activity and its coding.
ISO14001 was selected as the reference model after the analysis carried out because it provides the greatest coverage in ES issues. This decision is supported by [58], which states that this standard is the main reference for environmental management in all types of organizations in the world.

3.1.3. Phase 3: Select the Process(es) to be Analyzed

In this case, the processes to be considered are all those relating the dimension of ES. Therefore, all the processes included in the reference model will be analyzed.

3.1.4. Phase 4: Set the Level of Detail

We established the minimum level of granularity (as long as homogeneity was maintained) to ensure that the relevant ES factors were identified with a sufficient level of detail. This was to avoid the “grosso modo” issue stated in the Introduction.
It should be noted that all the ES approaches studied in this work have the same level of detail, although they use different nomenclatures. For example, where ISO 14001 talks about sub-activities, GRI G4 talks about activities. Table 3 summarizes the relevant information until now: it shows, for each approach, the original and the unified structure based on the reference model (ISO14001). The nomenclature has been unified taking into account the level of detail provided for each approach, irrespective of the name used by each one. Thus, it can be concluded from Table 3 the minimum level of granularity that can be selected for all the approaches: sub-activity.

3.1.5. Phase 5: Create a Correspondence Template

We considered the following aspects presented before in order to define the correspondence template:
  • Selected ES approaches: ISO14001:2015, GRI G4:2013, EMAS:2009, SGE21:2016 and ISO26000:2012.
  • Reference model: ISO14001:2015.
  • Level of detail that will be used for the comparisons: sub-activity (in the unified structure).
The elements that make up the template are: the names of the phases and the activities and sub-activities codes, for the reference model, and the sub-activities that are connected with the sub-activity of the reference model (using the unified structure), for each ES approach.

3.1.6. Phase 6: Identify Similarities among the Models

Table 4 shows the correspondence template filled with the results of the mapping process, in which three different scenarios can be found:
  • First scenario: There is correspondence, without assessing its accuracy. It is enough that the sub-activity makes some reference, although slight. This scenario means that the correspondence template shown in Table 4 defines what sub-activity is the one that refers to the sub-activity of the reference model (ISO14001). This is evidenced by showing the code of the corresponding sub-activity by using the unified structure.
  • Second scenario: The sub-activity does not contribute to ES. The reason for this scenario is that GRI G4, SGE21 and ISO26000 also cover economic and social sustainability domains. In addition, there are sub-activities typical of the context of each approach. Thus, for example, GRI G4, as a guide to help organizations in preparing sustainability reports, includes sub-activities referring to this specific information. In the same way, EMAS has sub-activities related to the certification process. Such kinds of sub-activities were not considered because they are not a relevant contribution to ES.
  • Third scenario: The sub-activity contributes to ES but does not exist in the reference model (ISO14001). In this case, this sub-activity becomes a reference for the other approaches, providing a new ES factor to be considered. These sub-activities, which have no correspondence in the reference model, are included in Table 4 using the unified terminology as follows: 3.1.3, 3.2.1, 3.3.1, 2.5.1 and 5.11.1 for SGE21; G4-44 and G4-51b for GRI G4, and 4.4 and 4.5 for ISO26000.
Since the purpose of this work is to establish correspondences between ES approaches, we only considered scenarios 1 and 3. An empty cell in Table 4 denotes that there was no correspondence with the sub-activity of the reference model.
It is important to note that the relevant ES factors were identified from Table 4 by applying the deductive method. As a representative example, the sub-activity 1.1, from the activity “EMS1 Understanding the organization and its context” of the reference model (first row in Table 4), has correspondence with the sub-activity G4-1 (GRI G4), with the sub-activities 1.1.1, 1.2.1, 1.3.1, 1.4.1 and 1.5.1 (EMAS), with the sub-activity 6.1.1 (SGE21), and with the sub-activities 1.1 up to 1.3 (ISO26000). Since there is correspondence (scenario 1), although it is not exact, it means that each of these sub-activities can contribute to EMS1 activity. Therefore, the set of contributions (sub-activities) for the EMS1 reference activity is:
  • Determine the internal and external problems of the organization, legal aspects and economic environment (from ISO14001).
  • Strategic focus of the organization (mission, vision, strategies, purposes, scope) from GRI G4 and ISO26000.
  • Description of the organization (from EMAS).
  • Define a strategic plan for sustainability (from SGE21).
A similar strategy was used to identify the rest of relevant ES factors. The full description of the relevant ES factors can be found later in Section 3.2.6 (first three columns in Table 8).

3.1.7. Phase 7: Present the Results

In order to graphically organize the overlapping and most common sub-activities, the similarities between ES approaches (Table 4) are synthesized by means of a Venn diagram [59] in Figure 3. The five ES approaches are labeled in this figure as A (ISO14001), B (GRI G4), C (EMAS), D (SGE21), and E (ISO26000). With the exception of the cases mentioned in Phase 5 of Activity 1 (3.1.3, 3.2.1, 3.3.1, 2.5.1 and 5.11.1 for SGE21, and G4-44 and G4-51b for GRI G4), the sub-activities of the reference model overlap with the sub-activities of the other approaches (see Table 4). Therefore, the overlapped sub-activities are coded with the nomenclature of the reference model (i.e., A or ISO14001) in the Venn diagram.
We can determine from Figure 3 the similarities across the ES approaches through their common sub-activities:
  • The sub-activities 1.1, 9.1 and 2.2 are common to the five approaches (section A∩B∩C∩D∩E in the Venn Diagram).
  • Sub-activities proposed in four ES approaches: 2.1 and 8.1 (section A∩B∩D∩E); 7.1, 16.1 and 18.2 (section A∩B∩C∩D); 10.1 and 17.1 (section A∩C∩D∩E).
  • Sub-activities proposed in three ES approaches: 6.1, 12.1, 12.2, 13.2, 21.1 and 24.1 (section A∩C∩D); 10.2, 20.1 and 22.1 (section A∩C∩E); 9.2 (section A∩B∩C).
  • Sub-activities proposed in two ES approaches: 9.4, 10.3, 15.1, 15.2, 19.1, 20.2 to 20.4, 21.2, 22.2, 23.1 and 25.1 (section A∩C); 11.1 (section A∩E); 23.2 (section A∩D); 2.5.1, 5.11.1, 4.4 and 4.5 (section D∩E).
  • Less common sub-activities (proposed by a single ES approach): 3.1, 4.1, 5.1, 9.3, 9.5, 9.6, 10.4 to 10.6, 11.2 to 11.4, 12.3 to 12.5, 13.1, 13.3, 13.4, 14.1, 15.3, 17.2 to 17.5, 18.1, 19.2 to 19.5, 24.2, 24.3, 26.1, 26.2 and 23.3 (section only A); 3.1.3, 3.2.1 and 3.3.1 (section only D); G4-44 and G4-51b (section only B).

3.2. Activity 2: Determine the Deficiencies of the ITG Approaches in ES Feature

3.2.1. Phase 1: Select the Possible Standards and Models to be Analyzed

We used the following criteria to select the ITG standards and models for the comparative study: (a) those related to ITG, (b) those with a relevant proponent institution, (c) those most used by organizations, and (d) those with updated information and whose documentation is available. However, in this case and as opposed to Activity 1, it was necessary to incorporate an additional criterion: (e) those with a level of detail equivalent to a sub-activity level, regardless of what it is called. This was necessary to take advantage of the level of detail (sub-activity) achieved in the identification of the relevant ES factors, which acts as the reference model for Activity 2 (see Figure 1). Otherwise, it would not be guaranteed that the comparison and the subsequent quantification would be completely objective.
Using these criteria, the following approaches were selected: COBIT5:2012, ISO38500:2015, and WEILL & ROSS:2005. Table 5 shows the bibliographic references that support compliance with the criteria for each approach. It is worth mentioning that we have not selected other models for not meeting any of the aforementioned criteria. For example, the ITG Framework for SMEs (SMEsITGF) [33] and the ITG Model for Universities (MITGU) [32] have not been selected because they do not meet criteria b) and c), and the CALDER-MOIR [29,60] and FORRESTER [31,61] approaches have been excluded because they do not meet criterion e), since they are limited to the level of activity.
The relevance of the criterion e) can be illustrated by trying to compare COBIT5 using the activity instead of the sub-activity level (in the unified structure) with the relevant ES factors. Thus, going back to the example shown in Section 3.1.6, the activity “EMS1 Understanding the organization and its context” of the relevant ES factors is composed of four sub-activities. In this case, the activity “Evaluate” of the process “EDM01 Ensure Governance Framework Setting and Maintenance” from COBIT5 (Table S2a in the supplementary material) could be covered by the above-mentioned EMS1 activity. However, this would be a subjective comparison since it would be not guaranteed to have a connection with all its sub-activities. In fact, if we descend to the sub-activity level, we will see that only two of the four sub-activities of EMS1 are covered by COBIT5, as it will be explained later in Section 3.2.6.

3.2.2. Phase 2: Define the Reference Model

In this case, the reference model is the set of the relevant ES factors identified in Activity 1, which are composed of activities and sub-activities. This reference model will be compared with the three approaches selected in the previous phase. Table 6 shows a descriptive synthesis for these approaches, whereas a detailed description for each approach is provided in the supplementary material (Table S2a–c). Each table shows the name of the phase, the name of the activity and its coding.

3.2.3. Phase 3: Select the Process(es) to be Analyzed

In this case, the processes to be considered are all those relating the dimension of ES and ITG. Therefore, all the processes included in each ITG approach will be analyzed to see if they consider or not the ES factors identified in Activity 1.

3.2.4. Phase 4: Set the Level of Detail

The minimum granularity is the sub-activity level. This is because the ITG approaches will be mapped with the relevant ES factors, which are composed by activities and sub-activities. This was to avoid the “grosso modo” issue stated in the Introduction. Logically, homogeneity should be maintained between both levels of detail. When addressing the homogeneity criterion, we are faced with the same inconvenient detail in Phase 4 for Activity 1 (Section 3.1.4). In this regard, it should be noted that all the ITG approaches studied in this work have the same level of detail, although they use different nomenclatures. For example, where COBIT5 talks about activities, the relevant ES factors talk about sub-activities.
Table 7 summarizes the relevant information until now: it shows, for each approach, the original and the unified structure based on the relevant ES factors. The nomenclature has been unified taking into account the level of detail provided for each approach, irrespective of the name used by each one.

3.2.5. Phase 5: Create a Correspondence Template

We considered the following aspects presented before in order to define the correspondence template:
  • Selected ITG approaches: COBIT5, ISO38500 and WEILL & ROSS.
  • Reference model: relevant ES factors derived from Activity 1 (cf. Figure 1).
  • Level of detail that will be used for the comparisons: sub-activity (in the unified structure).
The elements that make up the template are: the relevant ES factors (using the structure Activity, Sub-activity and the Approach which contributes) and the sub-activities that are connected to an ES factor (and how this connection is) for each ITG approach. Thus, during the mapping process, there were different situations determined by two dimensions: location and content. The “location” dimension refers to whether or not the ES sub-activity is located on the ITG approach. On the other hand, the “content” dimension refers to the matching of the points of view (ES and ITG) for the considered ES factor. There are the following four possible situations based on these two dimensions:
  • Situation 0: The relevant ES factor (sub-activity) does not exist in ITG (i.e., neither of these dimensions are fulfilled).
  • Situation 1: The relevant ES factor (sub-activity) partially corresponds to ITG, but it deals with ES in one model and deals with ITG in the other (i.e., location is partially fulfilled and content is not fulfilled).
  • Situation 2: The relevant ES factor (sub-activity) is present in ITG, but it deals with ES in one model and deals with ITG in the other (i.e., location is fulfilled and content is not fulfilled).
  • Situation 3: The relevant ES factor (sub-activity) is present and with the same meaning in ITG (i.e., both location and content are fulfilled).

3.2.6. Phase 6: Identify the Similarities among the Models

Table 8 shows the correspondence template filled with the results of the mapping process. It is worth mentioning that the situation labeled as “3” in the previous phase never happened. As a representative example of ES deficiencies in ITG, we found the other three possible situations considering the activity “EMS2 Understanding the needs and expectations of interested parties” and COBIT5 (see Table 8). The situation “0” appeared when the sub-activity “Identify the interested parties that are affected”, provided by ISO14001, was considered: it does not exist in COBIT5 (i.e., empty cell). The situation “1” appeared when the sub-activity “Identify the interests of the stakeholders that are affected”, provided by ISO26000, was considered: it is partially considered in COBIT5 by its sub-activity ITG44 (in the unified structure, see Table S2a in the supplementary material). However, while it refers to ES in ISO26000, it refers to IT in COBIT5. The situation “2” appeared, for example, when the sub-activity “Identify the needs and expectations of interested parties”, provided by ISO14001, was considered: it is located in COBIT5 through its sub-activity ITG21 (in the unified structure, see Table S2a in the supplementary material). However, as in the previous example, it refers to two different aspects (ES and ITG).

3.2.7. Phase 7: Present the Results

We can determine the similarities across the ITG approaches and the relevant ES factors from Table 8 by identifying their common sub-activities:
  • Sub-activities with correspondence in the three ITG approaches considered: “Define the environmental policy of the organization within the defined scope”, and “Define representatives to establish, implement and maintain, in addition to establish the functions and responsibilities”.
  • Sub-activities with correspondence in two of the three ITG approaches considered: “Define a strategic plan for Sustainability”, “Establish procedures to deal with risks and opportunities”, “Detail the most important effects, risks and opportunities”, “Ensure that the applicable legal requirements are taken into account in the establishment and maintenance of your EMS”, “Management must ensure the availability of human, specialized, infrastructure, financial and technological resources to establish, implement, maintain and improve the EMS”, “Establish a research, development and innovation environment”, “Describe values, principles, standards and norms of the organization”, ”Define generalities of how external and internal communication will take” and, finally, “Establish, implement and maintain procedures to periodically evaluate compliance with applicable legal requirements”.
Taking into account the previous points, we can determine to what extent the relevant ES factors are present in the ITG approaches in order to obtain quantitative measurements about their sustainability deficit. This quantitative study was categorized according to the types of situations already discussed in Section 3.2.5, since each represents a different type of deficiency.
Table 9 summarizes the quantitative results. Thus, the first two columns show the number of activities and sub-activities of the relevant ES factors. The last six columns show, for each situation described in Section 3.2.5, the number of sub-activities (ES factors) that are connected to the ITG approach and the corresponding percentage.

4. Discussion

This work addressed two main objectives regarding sIT Governance: identifying the relevant ES factors derived from the main ES approaches, and determining to what extent these factors are already present in the main ITG approaches.
Regarding the first objective, we extracted the relevant ES factors, which are composed of 27 activities and 103 sub-activities (Table 4), from ISO14001, GRI G4, EMAS, SGE21, and ISO26000 (Figure 1, Activity 1). It should be noted that most of these belong to ISO14001, which was the reference model selected in Section 3.1.2.
To achieve the second objective (Figure 1, Activity 2), we developed a correspondence template considering the relevant ES factors and COBIT5, ISO38500 and WEILL & ROSS as representative of IT Governance approaches (Table 8). This template let us determine, in a quantitative manner, to what extent current ITG approaches refer to the relevant ES factors (Table 9). Analyzing this last table, we can conclude that the situation labeled as “0” (i.e., the relevant ES factor does not exist in ITG) has, by far, the highest percentages. This situation demonstrates that there is a clear ES deficit in the ITG approaches studied: 72.82% in COBIT5, 82.52% in ISO38500 and 95.15% in WEILL & ROSS. This conclusion quantitatively corroborates the studies performed by Machado et al. [43], and by Merhout and O’Toole [44], although they restricted their analysis only to COBIT. In addition, the quantitative study carried out in our work also reveals that COBIT5 is the proposal that best covers ES issues, as confirmed by the results for situations “1” and “2” in Table 9.
It should be noted that the work presented here addressed the two main deficiencies presented in the Introduction section, since:
  • The five main ES approaches (ISO14001, GRI G4, EMAS, SGE21 and ISO26000) have been considered in order to extract the relevant ES factors. It is worth mentioning at this point that, although ISO14001 is the approach providing more ES factors, none of the current studies has considered it.
  • The issue about “grosso modo” was considered by applying the criteria of homogeneity and granularity to select the level of detail.
Future work should focus on two immediate research lines. The first would address the specific deficiencies of each ITG approach to make it “more sustainable”. The second line, where we are currently working, would develop a new framework for sIT Governance, including ES in the ITG processes. Thus, we are identifying the relevant (i.e., not general) ITG factors from the main ITG approaches using the same criteria that were employed here to identify the relevant ES factors. The idea is to develop a correspondence template between the relevant ES and the relevant ITG factors with the purpose to identify the type of ES deficits of the relevant ITG factors. Once these deficiencies have been identified, we can propose a sIT Governance framework. In order to improve this proposal, it will also be important to perform case studies in different organizations. Finally, it is important to note that by using ISO14001 as the reference model we can take advantage of the synergies derived from its wide dissemination. ISO14001 certified organizations would find the new framework familiar.

Supplementary Materials

The following are available online at https://www.mdpi.com/2071-1050/10/12/4792/s1, Table S1a: Description of ISO14001, Table S1b: Description of GRI G4, Table S1c: Description of EMAS, Table S1d: Description of SGE21, Table S1e: Description of ISO26000, Table S2a: Description of COBIT5, Table S2b: Description of ISO38500, Table S2c: Description of the framework by Peter Weill and Jeanne W. Ross.

Author Contributions

This paper presents collaborative research results written by W.R.-A. and J.C.-P. (Universidad Técnica de Machala, Ecuador), and by J.A.-G., R.G.-V., V.M.-A., S.R.-Y. and S.S.-G. (Universidade da Coruña, Spain). W.R.-A., J.A.-G. and S.R.-Y. conceived and designed the research, and, with J.C.-P., R.G.-V., V.M.-A. and S.S.-G., performed the research. W.R.-A., J.A.-G., V.M.-A. and S.R.-Y. wrote the main part of the article with substantial input and reviews from the other authors, including the analysis and the interpretation of the results. All authors read and approved the final manuscript.

Funding

This research received no external funding.

Acknowledgments

We kindly thank the anonymous reviewers for their valuable comments. This work is the result of a PhD collaboration agreement between the Universidade da Coruña (Spain) and the Universidad Técnica de Machala (Ecuador).

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Fokina, O.V.; Fufacheva, L.A.; Sozinova, A.A.; Sysolyatin, A.V.; Bulychev, L.L. Information and communication technologies as a new vector of development of modern global economy. Espacios 2018, 39, 8. [Google Scholar]
  2. ISACA. Sustainability; ISACA: Rolling Meadows, IL, USA, 2012; Available online: http://www.isaca.org/Knowledge-Center/Research/Documents/Sustainability_whp_Eng_0411.pdf?regnum=460686 (accessed on 11 December 2018).
  3. Van der Leeuw, S. Closing remarks: Novel approaches to complex societal change and sustainability. Sustain. Sci. 2018. [Google Scholar] [CrossRef]
  4. United Nations, UN. Report of the World Commission on Environment and Development: Our Common Future, UN Documents: Gathering a Body of Global Agreements, compiled by the NGO Committee on Education of the Conference of NGOs from United Nations Web Sites, transmitted to the General Assembly as an Annex to Document A/42/427 Development and International Co-Operation: Environment. 1987. Available online: www.un-documents.net/wced-ocf.htm (accessed on 23 November 2018).
  5. Fernández-Guadaño, J.; Sarria-Pedroza, J. Impact of Corporate Social Responsibility on Value Creation from a Stakeholder Perspective. Sustainability 2018, 10, 2062. [Google Scholar] [CrossRef]
  6. ITGI (IT Governance Institute). Board Briefing on IT Governance, 2nd ed.; ITGI: Schaumburg, IL, USA, 2003; p. 10. ISBN 1-893209-64-4. [Google Scholar]
  7. Quezada-Sarmiento, P.A.; Chango-Canaveral, P.M.; Benavides-Cordova, V.M.; Jumbo-Flores, L.A.; Barba-Guaman, L.; Calderon-Cordova, C.A. Referent framework to government of IT using standards: COBIT 5 and ISO 38500. In Proceedings of the 2017 12th Iberian Conference on Information Systems and Technologies (CISTI), Lisbon, Portugal, 21–24 June 2017; pp. 1–6. [Google Scholar]
  8. International Organization for Standardization. ISO 14001:2015 Environmental Management Systems—Requirements with Guidance for Use; International Organization for Standardization: Geneva, Switzerland, 2015; Available online: http://imsiran.ir/?wpfb_dl=25 (accessed on 11 December 2018).
  9. Pesce, M.; Shi, C.; Critto, A.; Wang, X.; Marcomini, A. SWOT Analysis of the Application of International Standard ISO 14001 in the Chinese Context. A Case Study of Guangdong Province. Sustainability 2018, 10, 3196. [Google Scholar] [CrossRef]
  10. Fonseca, L.; Domingues, J. Exploratory Research of ISO 14001:2015 Transition among Portuguese Organizations. Sustainability 2018, 10, 781. [Google Scholar] [CrossRef]
  11. Global Reporting Initiative. G4 Sustainability Reporting Guidelines. 2015. Available online: https://www.globalreporting.org/resourcelibrary/GRIG4-Part1-Reporting-Principles-and-Standard-Disclosures.pdf (accessed on 11 December 2018).
  12. Wu, S.; Shao, C.; Chen, J. Approaches on the Screening Methods for Materiality in Sustainability Reporting. Sustainability 2018, 10, 3233. [Google Scholar] [CrossRef]
  13. Seifert, C. The Barriers for Voluntary Environmental Management Systems—The Case of EMAS in Hospitals. Sustainability 2018, 10, 1420. [Google Scholar] [CrossRef]
  14. Merli, R.; Preziosi, M.; Ippolito, C. Promoting Sustainability through EMS Application: A Survey Examining the Critical Factors about EMAS Registration in Italian Organizations. Sustainability 2016, 8, 197. [Google Scholar] [CrossRef]
  15. Daddi, T.; Iraldo, F. The effectiveness of cluster approach to improve environmental corporate performance in an industrial district of SMEs: A case study. Int. J. Sustain. Dev. World Ecol. 2016, 23, 163–173. [Google Scholar] [CrossRef]
  16. Testa, F.; Rizzi, F.; Daddi, T.; Gusmerotti, N.M.; Frey, M.; Iraldo, F. EMAS and ISO 14001: The differences in effectively improving environmental performance. J. Clean. Prod. 2014, 68, 165–173. [Google Scholar] [CrossRef]
  17. Merli, R.; Preziosi, M.; Massa, I. EMAS Regulation in Italian Clusters: Investigating the Involvement of Local Stakeholders. Sustainability 2014, 6, 4537–4557. [Google Scholar] [CrossRef]
  18. Montobbio, F.; Solito, I. Does the Eco-Management and Audit Scheme Foster Innovation in European Firms? Does EMAS Foster Innovation in European Firms? Bus. Strategy Environ. 2018, 27, 82–99. [Google Scholar] [CrossRef]
  19. Forética. SGE 21 Ethical and Socially Responsible Management System. 2017. Available online: http://www.foretica.org/sge_21_ingles.pdf (accessed on 11 December 2018).
  20. Duque Orozco, Y.V.; Cardona Acevedo, M.d.l.M.; Rendón Acevedo, J.A. Responsabilidad Social Empresarial: Teorías, índices, estándares y certificaciones. Cuadernos de Administración 2014, 29, 196. [Google Scholar] [CrossRef]
  21. AENOR. Guidance on Social Responsibility; International Organization for Standardization: Geneva, Switzerland, 2010; Available online: http://www.uobaghdad.edu.iq/uploads/pics13/qaa/iso26000.pdf (accessed on 11 December 2018).
  22. The World Bank. Environmental and Social Framework; The World Bank: Washington, DC, USA, 2018; Available online: https://www.worldbank.org/en/projects-operations/environmental-and-social-framework (accessed on 11 December 2018).
  23. Arimany-Serrat, N.; Sabata-Aliberch, A. Social responsibility as a management system. Intang. Cap. 2018, 14, 116. [Google Scholar] [CrossRef]
  24. Palalloi, I.A.; Anwar, A. Information technology Governance standards on mobile applications for fishing zone based onCobIT 5 Framework in Majene. In IOP Conference Series: Earth and Environmental Science; IOP Publishing: Bristol, UK, 2018; Volume 156, p. 012008. [Google Scholar] [CrossRef]
  25. Trianto, W. Evaluation of Patient Information System in Public Health Service Using the COBIT 5 Framework. In IOP Conference Series: Materials Science and Engineering; IOP Publishing: Bristol, UK, 2018; Volume 407, p. 012166. [Google Scholar] [CrossRef]
  26. Gunawan, W.; Kalensun, E.P.; Fajar, A.N. Sfenrianto Applying COBIT 5 in Higher Education. In IOP Conference Series: Materials Science and Engineering; IOP Publishing: Bristol, UK, 2018; Volume 420, p. 012108. [Google Scholar] [CrossRef]
  27. Espinoza-Aguirre, C.; Pillo-Guanoluisa, D. IT governance model for public institutions with a focus on higher education. In Proceedings of the 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, Spain, 13–16 June 2018; pp. 1–14. [Google Scholar]
  28. Putri, R.E.; Surendro, K. A process capability assessment model of IT governance based on ISO 38500. In Proceedings of the 2015 International Conference on Information Technology Systems and Innovation (ICITSI), Bandung, Indonesia, 16–19 November 2015; pp. 1–6. [Google Scholar]
  29. Velez Lapão, L. Organizational Challenges and Barriers to Implementing IT Governance in a Hospital. Electron. J. Inf. Syst. Eval. 2011, 14, 37–45. [Google Scholar]
  30. Weill, P.; Ross, J.W. IT Governance on One Page. SSRN Electron. J. 2004. [Google Scholar] [CrossRef]
  31. Aguilar Alonso, I.; Carrillo Verdún, J.; Tovar Caro, E. Description of the structure of the IT demand management process framework. Int. J. Inf. Manag. 2017, 37, 1461–1473. [Google Scholar] [CrossRef]
  32. Hontoria Hernández, E.; Fernández, A.; De La Fuente, M.V. Method for it governance based on enterprise modeling. Direccion y Organ. 2011, 45, 5–10. [Google Scholar]
  33. Garbarino-Alberti, H. IT Governance and Human Resources Management: A Framework for SMEs. Int. J. Hum. Cap. Inf. Technol. Prof. 2013, 4, 40–57. [Google Scholar] [CrossRef]
  34. ISACA. COBIT 5 A Business Framework for the Governance and Management of Enterprise IT; ISACA: Rolling Meadows, IL, USA, 2012; Available online: http://thegioibantin.com/wp-content/uploads/2016/07/COBIT5-Framework.pdf (accessed on 11 December 2018).
  35. Du, W.; Pan, S.L.; Zuo, M. How to Balance Sustainability and Profitability in Technology Organizations: An Ambidextrous Perspective. IEEE Trans. Eng. Manag. 2013, 60, 366–385. [Google Scholar] [CrossRef]
  36. Patón-Romero, J.; Baldassarre, M.; Piattini, M.; García Rodríguez de Guzmán, I. A Governance and Management Framework for Green IT. Sustainability 2017, 9, 1761. [Google Scholar] [CrossRef]
  37. Bengtsson, F.; Ågerfalk, P.J. Information technology as a change actant in sustainability innovation: Insights from Uppsala. J. Strateg. Inf. Syst. 2011, 20, 96–112. [Google Scholar] [CrossRef]
  38. Suryawanshi, K. Green Information and Communication Technology Techniques in Higher Technical Education Institutions for Future Sustainability. In Data Management, Analytics and Innovation; Balas, V.E., Sharma, N., Chakrabarti, A., Eds.; Springer: Singapore, 2019; Volume 839, pp. 35–43. ISBN 9789811312731. [Google Scholar]
  39. Przychodzen, W.; Gómez-Bezares, F.; Przychodzen, J. Green information technologies practices and financial performance—The empirical evidence from German publicly traded companies. J. Clean. Prod. 2018, 201, 570–579. [Google Scholar] [CrossRef]
  40. Fu, Y.; Kok, R.A.W.; Dankbaar, B.; Ligthart, P.E.M.; van Riel, A.C.R. Factors affecting sustainable process technology adoption: A systematic literature review. J. Clean. Prod. 2018, 205, 226–251. [Google Scholar] [CrossRef]
  41. Liu, Y.; Yiu, S.-C.; Ho, C.-L.; Wong, W.-Y. Recent advances in copper complexes for electrical/light energy conversion. Coord. Chem. Rev. 2018, 375, 514–557. [Google Scholar] [CrossRef]
  42. Pan, C.; Xie, M.; Hu, J. ENZYME: An Energy-Efficient Transient Computing Paradigm for Ultralow Self-Powered IoT Edge Devices. IEEE Trans. Comput. Aided Design Integr. Circuits Syst. 2018, 37, 2440–2450. [Google Scholar] [CrossRef]
  43. Machado, M.C.; Sobral, F.A.; Hourneaux Junior, F. Sustentabilidade Na Tecnologia Da Informação: Análise Dos Aspectos Considerados No Modelo Cobit. In Proceedings of the Anais do IV Simpósio Internacional de Gestão de Projetos, Inovação e Sustentabilidade (SINGEP), Sao Paulo, Brazil, 8–10 November 2015. [Google Scholar]
  44. Merhout, J.W.; O’Toole, J. Sustainable IT Governance (SITG): Is COBIT 5 An Adequate Model? AIS Electronic Library: Newark, NJ, USA, 2015. [Google Scholar]
  45. Bahrpeyma, F.; Roantree, M.; McCarren, A. Multistep-ahead Prediction: A Comparison of Analytical and Algorithmic Approaches. In Big Data Analytics and Knowledge Discovery; Ordonez, C., Bellatreche, L., Eds.; Springer International Publishing: Cham, Switaerland, 2018; Volume 11031, pp. 345–354. ISBN 978-3-319-98538-1. [Google Scholar]
  46. Calvo-Manzano Villalon, J.A.; Cuevas Agustin, G.; San Feliu Gilabert, T. Process Similarity Study: Case Study on Project Planning Practices Based on CMMI-DEV v1.2. In Proceedings of the European Software Process Improvement and Innovation Conference (EuroSPI), Dublin, Ireland, 3–5 September 2008; pp. 1113–1123. [Google Scholar]
  47. Prieto Morales, R.; Meneses Villegas, C.; Vega Zepeda, V. Comparative analysis of maturity models in business intelligence. Ingeniare Revista Chilena de Ingeniería 2015, 23, 361–371. [Google Scholar] [CrossRef]
  48. Hurtado, G.P.G.; Manrique, B.; Gonzalez-Calderon, G. Similarity Study: A Case Study on Software Outsourcing Based on CMMI-ACQ. In Proceedings of the 2011 IEEE Electronics, Robotics and Automotive Mechanics Conference, Cuernavaca, Morelos, Mexico, 15–18 November 2011; pp. 403–408. [Google Scholar]
  49. Alleini, F.-S.; Jose Antonio, C.M. Comparison of models and standards for implementing IT service capacity management. Revista Facultad de Ingeniería Universidad de Antioquia 2015, 74, 86–95. [Google Scholar]
  50. Gasca Hurtado, G.P. Similarity study of risk management process in software outsourcing projects: Using a method. Revista Ingenierías Universidad de Medellín 2010, 9, 119–130. [Google Scholar]
  51. Hayes, B.K.; Stephens, R.G.; Ngo, J.; Dunn, J.C. The Dimensionality of Reasoning: Inductive and Deductive Inference can be Explained by a Single Process. J. Exp. Psychol. Learn. Mem. Cognit. 2018. [Google Scholar] [CrossRef]
  52. European Parliament. Regulation (ec) No 1221/2009 of the European Parliament and of the Council of 25 November 2009. Available online: https://eur-lex.europa.eu/eli/reg/2009/1221/oj (accessed on 11 December 2018).
  53. GRI-Empowering Sustainable Decisions. ABOUT GRI. 2015. Available online: https://www.globalreporting.org/information/about-gri/Pages/default.aspx (accessed on 11 December 2018).
  54. Álvarez-García, J.; del RíoRama, M. Sustainability and EMAS: Impact of Motivations and Barriers on the Perceived Benefits from the Adoption of Standards. Sustainability 2016, 8, 1057. [Google Scholar] [CrossRef]
  55. Truant, E.; Corazza, L.; Scagnelli, S. Sustainability and Risk Disclosure: An Exploratory Study on Sustainability Reports. Sustainability 2017, 9, 636. [Google Scholar] [CrossRef]
  56. Jamali, D. A Stakeholder Approach to Corporate Social Responsibility: A Fresh Perspective into Theory and Practice. J. Bus. Ethics 2008, 82, 213–231. [Google Scholar] [CrossRef]
  57. Madzík, P.; Budaj, P.; Chocholáková, A. Practical Experiences with the Application of Corporate Social Responsibility Principles in a Higher Education Environment. Sustainability 2018, 10, 1736. [Google Scholar] [CrossRef]
  58. Quazi, H.A.; Khoo, Y.-K.; Tan, C.-M.; Wong, P.-S. Motivation for ISO 14000 certification: Development of a predictive model. Omega 2001, 29, 525–542. [Google Scholar] [CrossRef]
  59. Sharonov, M.A.; Sharonova, O.V.; Sharonova, V.P. Eulerian Circles (Venn Diagrams) as model for modern economy education on the basis of Russian professional standards. J. Phys. Conf. Ser. 2018, 996, 012022. [Google Scholar] [CrossRef]
  60. Calder-Moir. The IT Governance Toolkit. 2008. Available online: http://www.itgovernance.co.uk/files/download/ITGT_Sample_080715.zip (accessed on 11 December 2018).
  61. Symons, C. IT Governance Framework; Forrester Research, Inc.: Cambridge, MA, USA, 2005. [Google Scholar]
  62. ISACA. COBIT 5.0 Enabling Processes; ISACA: Rolling Meadows, IL, USA, 2012; Available online: http://thegioibantin.com/wp-content/uploads/2016/07/COBIT5-EnablingProcess.pdf (accessed on 11 December 2018).
  63. ISO/IEC. International Standard for Corporate Governance of IT (IT Governance)—ISO/IEC 38500:2015; ISO: Geneva, Switzerland, 2015. [Google Scholar]
  64. Weill, P.D.; Ross, J.W. IT Governance: How Top Performers Manage IT Decision Rights for Superior Results; Harvard Business Press: Brighton, MA, USA, 2004; ISBN 978-1-59139-253-8. [Google Scholar]
  65. Darmawan, D.Z. IT governance evaluation on educational institutions based on COBIT 5.0 framework. In Proceedings of the 2017 4th International Conference on New Media Studies (CONMEDIA), Yogyakarta, Indonesia, 8–10 November 2017; pp. 50–55. [Google Scholar]
  66. Otarkhani, A.; Shokouhyar, S.; Pour, S.S. Analyzing the Impact of Governance of Enterprise IT on Hospital Performance: Tehran’s (Iran) Hospitals—A Case Study. Int. J. Healthc. Inf. Syst. Inform. 2017, 12, 1–20. [Google Scholar] [CrossRef]
Sustainability 10 04792 g001 550
Figure 1. General description of the main activities and their results. ES: Environmental Sustainability; ITG: Information Technologies Governance
Figure 1. General description of the main activities and their results. ES: Environmental Sustainability; ITG: Information Technologies Governance
Sustainability 10 04792 g001
Sustainability 10 04792 g002 550
Figure 2. Phases of the Method of Study of Similarity between Models and Standards (MSSMS) method.
Figure 2. Phases of the Method of Study of Similarity between Models and Standards (MSSMS) method.
Sustainability 10 04792 g002
Sustainability 10 04792 g003 550
Figure 3. Venn diagram with the similarities between the ES approaches.
Figure 3. Venn diagram with the similarities between the ES approaches.
Sustainability 10 04792 g003
Table
Table 1. Bibliographic references supporting compliance with the criteria for the selection of ES standards and models. Criteria: (a) related to ES, (b) relevant proponent institution, (c) most used by organizations, and (d) updated information and whose documentation is available.
Table 1. Bibliographic references supporting compliance with the criteria for the selection of ES standards and models. Criteria: (a) related to ES, (b) relevant proponent institution, (c) most used by organizations, and (d) updated information and whose documentation is available.
CriterionISO 14001GRI G4EMASSGE21ISO26000
(a)[8][11][52][19][21]
(b)[8][53][52][19][21]
(c)[54][55][54][56][57]
(d)[8][11][52][19][21]
Table
Table 2. Descriptive synthesis of the selected ES approaches.
Table 2. Descriptive synthesis of the selected ES approaches.
Model/StandardTableStructure
ISO14001S1aThis standard is composed of six phases. Each phase is composed of several activities, which decompose in sub-activities. In total, there are 26 activities and 68 sub-activities.
GRI G4S1bThis guide proposes two types of contents that must be included in a Sustainability Report: (i) General Basic Contents and (ii) Specific Basic Contents, whose information was excluded for not contributing to ES [53].
The General Basic Contents are composed of 59 activities, which are grouped in phases: Prepare, Connect, Supervise and Inform.
EMASS1cThis regulation is composed of five phases. Each phase is composed of several activities, which decompose in sub-activities. In total, there are 22 activities and 49 sub-activities.
SGE21S1dThis standard is composed of nine phases. Each phase is composed of several activities, which decompose in sub-activities. In total, there are 37 activities and 47 sub-activities.
ISO26000S1eThis standard is composed of seven phases and each phase is composed of several activities: 36 in total.
Table
Table 3. Structure and level of detail of each ES approach.
Table 3. Structure and level of detail of each ES approach.
ES ApproachOriginal StructureUnified Structure
ISO14001Phase/activity/sub-activityPhase/activity/sub-activity
GRI G4Phase/content/activityPhase/activity/sub-activity
EMASPhase/activity/sub-activityPhase/activity/sub-activity
SGE21Phase/activity/sub-activityPhase/activity/sub-activity
ISO26000Phase/activityActivity/sub-activity
Table
Table 4. Template filled with the results of the mapping process between the reference model and the other ES approaches.
Table 4. Template filled with the results of the mapping process between the reference model and the other ES approaches.
ISO14001 (Reference Model Selected in Section 3.1.2)GRI G4EMASSGE21ISO26000
PhaseActivitySub-activitySub-activity (Unified Structure)
CONTEXT OF THE ORGANIZATIONEMS1 Understanding the organization and its context1.1G4-11.1.1; 1.2.1; 1.3.1; 1.4.1; 1.5.16.1.11.1 to 1.3
EMS2 Understanding the needs and expectations of interested parties2.1G4-24; G4-25 3.1.12.1
2.2G4-26; G4-272.3.2.13.1.22.2
3.1.3; 3.2.1; 3.3.1
EMS3 Determination of the scope of the Environmental Management System (hereafter, EMS)3.1
EMS4 EMS4.1
LEADERSHIPEMS5 Leadership and commitment5.1
EMS6 Environmental policy6.1 2.1.14.1.1
EMS7 Roles, responsibilities and authorities7.1G4-34 to G4-43;
G4-45 to G4-G450;
G4-52 to G4-55;
G4-51a		2.3.1.1; 2.3.1.2; 2.3.1.34.5.1
PLANNINGEMS8 Actions to deal with risks and opportunities8.1G4-2 5.6.1 to 5.6.33.4
EMS9 Significant environmental aspects9.1G4-192.2.1.15.3.13.1; 3.2
9.2G4-202.2.1.2
9.3
9.4 2.2.1.3
9.5
9.6
EMS10 Legal requirements10.1 2.2.2.12.2.12.3
10.2 2.2.2.2 2.4; 3.3
10.3 2.2.2.3
10.4
10.5
10.6
EMS11 Action planning11.1 3.6
11.2
11.3
11.4
EMS12 Objectives, environmental goals and programs12.1 2.2.3.1; 2.2.3.35.1.1
12.2 2.2.3.25.1.2
12.3
12.4
12.5
EMS13 Planning of actions to achieve environmental objectives and goals13.1
13.2 2.2.4.15.9.1
13.3
13.4
IMPLEMENTATION AND OPERATIONEMS14 Resources14.1
2.5.1; 5.11.14.4; 4.5
EMS15 Competence15.1 2.3.3.1
15.2 2.3.3.2
15.3
EMS16 Awareness16.1G4-56 to G4-582.3.3.34.4.1; 4.4.2
EMS17 Communication17.1 2.3.4.15.7.1; 9.3.13.7; 4.6
17.2
17.3
17.4
17.5
EMS18 Documented information18.1
18.2G4-28 to G4-332.3.5.1; 2.3.6.1 7.1
EMS19 Planning and operational control19.1 2.3.7.1
19.2
19.3
19.4
19.5
EMS20 Preparation and response in case of emergency.20.1 2.3.8.1 3.5
20.2 2.3.8.2
20.3 2.3.8.3
20.4 2.3.8.4
VERIFICATIONEMS21 Monitoring, measurement, analysis and evaluation21.1 2.4.1.15.8.1
21.2 2.4.1.2
EMS22 Assessment of legal compliance22.1 2.4.2.1 2.4; 2.5
22.2 2.4.2.2
EMS23 Internal audit23.1 2.4.5.1
23.2 9.2.1
23.3
EMS24 Review by management24.1 2.5.19.4.1
24.2
24.3
CONTINUOUS IMPROVEMENT EMS25 Improvement of non-compliance, corrective action.25.1 2.4.3.1
EMS26 Continuous improvement26.1
26.2
G4-44; G4-51b
Table
Table 5. Bibliographic references supporting the compliance with the criteria for the selection of ITG standards and models. Criteria: (a) related to ITG, (b) relevant proponent institution, (c) most used by organizations, (d) updated information and whose documentation is available, and (e) level of detail equivalent to a sub-activity level.
Table 5. Bibliographic references supporting the compliance with the criteria for the selection of ITG standards and models. Criteria: (a) related to ITG, (b) relevant proponent institution, (c) most used by organizations, (d) updated information and whose documentation is available, and (e) level of detail equivalent to a sub-activity level.
CriterionCOBIT5ISO38500WEILL & ROSS
(a)[62][63][64]
(b)[62][63][64]
(c)[65][66][30]
(d)[62][63][64]
(e)[62] [63][64]
Table
Table 6. Descriptive synthesis of the ITG approaches.
Table 6. Descriptive synthesis of the ITG approaches.
Model/StandardTableStructure
COBIT5S2aThis standard is composed of 37 processes, five of which are related to governance. Each process is composed of governance practices, which decompose in activities. In total, there are 79 governance activities.
ISO38500S2bThis standard is composed of six principles. Each principle is composed of three tasks, which decompose in activities. In total, there are 58 activities.
WEILL & ROSSS2cThis standard is composed by six components. Each component is composed of activities. In total, there are 25 activities.
Table
Table 7. Structure and level of detail of each ITG approach.
Table 7. Structure and level of detail of each ITG approach.
ITG ApproachOriginal StructureUnified Structure
COBIT5Process/government practice/activityPhase/activity/sub-activity
ISO38500Principle/task/activityPhase/activity/sub-activity
WEILL & ROSSComponent/activityActivity/sub-activity
Table
Table 8. Correspondence template: ITG approaches vs. ES factors.
Table 8. Correspondence template: ITG approaches vs. ES factors.
RELEVANT ES FACTORS (Identified in Activity 1, Section 3.1)COBIT5ISO38500WEILL & ROSS
ActivityApproachSub-activity
EMS1 Understanding the organization and its contextISO14001Determine the internal and external problems of the organization, legal aspects and economic environmentITG12 0 0
GRI G4
ISO26000		Strategic focus of the organization (mission, vision, strategies, purposes and scope) 0ITG1; ITG82 0
EMASDescription of the organizationITG12 0 0
SGE21Define a strategic plan for Sustainability 0ITG1; ITG823.31
EMS2 Understanding the needs and expectations of interested partiesISO14001Identify the interested parties that are affected 0 0 0
ISO14001Identify the needs and expectations of interested partiesITG212 0 0
GRI G4Establish and evaluate the participation of interested partiesITG15; ITG42 0 0
SGE21Establish forms of communication with interested partiesITG72; ITG73;
ITG78; ITG79		2 0 0
ISO26000Identify the interests of the stakeholders that are affectedITG441 0 0
EMS3 Determination of the scope of the EMSISO14001Define and document the scope of your EMS 0 0 0
EMS4 Environmental management systemISO14001Establish, document, implement, maintain and continually improve an EMS and determine how to meet the requirements of the EMS 0 0 0
EMS5 Leadership and commitmentISO14001Assume the obligation to be accountable for the efficiency of the EMS and report the performance of EMS for review and recommendation of improvements 0 0 0
EMS6 Environmental policyISO14001Define the environmental policy of the organization within the defined scope. This environmental policy must include: a commitment to continuous improvement and prevention of pollution, document, implement and maintain this environmental policy and communicate to all people who work for the organizationITG91ITG813.11
SGE21Include in environmental policy: the requirements of the legislation signed by the principal of the organizationITG91 0 0
EMS7 Roles, responsibilities and authorities in the organizationISO14001
EMAS		Define representatives to establish, implement and maintain, in addition to establish the functions and responsibilitiesITG11; ITG7;
ITG9; ITG10		2ITG1; ITG2;
ITG4 to ITG7;
ITG43		14.11
ISO14001Define, document and communicate the authoritiesITG161 0 0
EMS8 Overview of actions to address risks and opportunitiesISO14001Establish a framework to evaluate risks, threats and opportunitiesITG41 to ITG561 0 0
ISO14001Establish procedures to deal with risks and opportunitiesITG41 to ITG561ITG531 0
GRI G4Detail the most important effects, risks and opportunitiesITG41 to ITG561ITG27; ITG18; ITG381 0
SGE21Evaluate, prevent and manage a plan for the environmental risks associated with its activityITG41 to ITG561 0 0
EMS9 Significant environmental aspectsISO14001Identify significant environmental aspects of activities, products and services that can control or influence within the scope of the EMS 0 0 0
ISO14001Determine the significant environmental aspects of the organization that may have large impacts on the environment 0 0 0
ISO14001Establish criteria to determine the importance of environmental aspects 0 0 0
ISO14001Document and keep updated the list of significant environmental aspects within the organization 0 0 0
ISO14001Consider the implications of the organization on its own environmental performance 0 0 0
ISO14001Identify and collect quantitative and / or qualitative data on the characteristics of their activities, products or services 0 0 0
ISO26000Identify significant environmental aspects that are prohibited by law 0 0 0
GRI G4Identify significant environmental aspects that may affect the exterior 0 0 0
EMS10 Legal requirementsISO14001Identify and have access to the applicable legal requirements and other requirements subscribed to the organization related to the environment 0 0 0
ISO14001Determine how these requirements apply to environmental aspects 0 0 0
ISO14001Ensure that the applicable legal requirements are taken into account in the establishment and maintenance of your EMSITG18; ITG201ITG491 0
ISO14001Communicate to all people who work in the organization or to those who act on their behalf 0 0 0
ISO14001Establish procedures to anticipate and prepare for new or modified requirements 0 0 0
ISO14001Prepare an updated record of applicable legal requirements 0 0 0
EMS11 Action planningISO14001Establish implement or maintain to deal with non-conformities and take preventive actions 0 0 0
ISO14001Identify non-conformities and take preventive measures to mitigate their impact 0 0 0
ISO14001Investigate and determine in order to take actions to prevent environmental impactsITG441 0 0
ISO14001Evaluate the need for actions to prevent non-conformities. 0 0 0
EMS12 Objectives, environmental goals and programsISO14001Establish implement and maintain documented environmental goals and targets at different levels 0 0 0
ISO14001Establish rules to measure compliance with the objectives and goals of the EMS 0 0 0
ISO14001Documentation and communication of environmental objectives and goals 0 0 0
ISO14001Raise objectives coherent with the environmental policy, including the commitment with the prevention of pollution, compliance with legal requirements and continuous improvement 0 0 0
ISO14001Take into account the functions, responsibilities, process, resources, deadlines, priorities and actions necessary to achieve the objectives and goals 0 0 0
EMS13 Planning of actions to achieve environmental objectives and goalsISO14001Design plans to monitor the progress of objectives and goals 0 02.41
ISO14001Establish, implement and maintain one or several programs to achieve objectives and goals 0 0 0
ISO14001Assignment of responsibilities to achieve the objectives and goals in the relevant functions and levels of the organization 0 0 0
ISO14001Establish means and deadlines to achieve the objectives set in the program 0 0 0
EMS14 ResourcesISO14001Management must ensure the availability of human, specialized, infrastructure, financial and technological resources to establish, implement, maintain and improve the EMSITG25; ITG28;
ITG27; ITG34		1ITG291 0
ISO14001The assignation of resources must be reviewed by the management to guarantee its availabilityITG58; ITG672 0 0
SGE21Define responsible purchasing criteria 0 0 0
SGE21Establish a research, development and innovation environmentITG23; ITG31;ITG352ITG251 0
EMS15 CompetenceISO14001Ensure that personnel working in or on behalf of the organization are competent based on their training, education and appropriate experience 0ITG6; ITG71 0
ISO14001Identify the training needs of the staff working within or on behalf of the organization 0 0 0
ISO14001Provide training or undertake other training actions for staff and keep track 0 0 0
EMS16 awarenessISO14001People who work in the organization or on behalf of it must comply with the environmental policy 0ITG432 0
ISO14001The significant environmental aspects and impacts relating them to their jobs 0ITG441 0
ISO14001The environmental benefits provided by your personal best performance 0 0 0
ISO14001The functions and responsibilities that it has in the EMS 0 0 0
ISO14001The potential consequences of deviating from environmental procedures 0 0 0
GRI G4Describe values, principles, standards and norms of the organization. Establish internal and external mechanisms to report unethical or illicit behavior and matters related to the integrity of the organization.ITG13; ITG141ITG44; ITG451 0
EMS17 CommunicationISO14001Define generalities of how external and internal communication will take ITG72; ITG731 04.31
ISO14001Establish procedures for internal communication between the levels and functions of the organizationITG72; ITG731 0 0
ISO14001Document communication decision with its external stakeholdersITG72; ITG731 0 0
ISO14001Set one or several methods to perform external communicationITG72; ITG731 0 0
ISO14001Establish procedures to receive, document and respond to relevant communications from interested parties 0 0 0
ISO26000Establish the type of information subject to communication with interested partiesITG78; ITG791 0 0
EMS18 Documented informationISO14001The documentation of the EMS must be made taking into account: policy, objectives, goals, scopeITG70; ITG75;
ITG76; ITG77		1 0 0
ISO14001
ISO14001
ISO14001
ISO14001
ISO14001
ISO14001
ISO14001
ISO14001
ISO14001		The documentation must include the required records of this international standard
Creation and update: Approve the documents regarding their adaptation before their issuance
Review and update documents when necessary and approve them again
Control of documented information
Ensure the identification of changes and the current revision status of documents
Ensure that versions of applicable documents are available at points of use
Ensure readability and easy identification of documents
Ensure the identification of external documents necessary for the EMS
Prevent unintentional use of obsolete documents or apply proper identification in case of keeping them for some reason		 0 0 0
GRI G4, ISO26000Obtain verification by the interested parties of the information given. Use a rigorous and responsible verification process, in which the data and information come from a reliable source that allows the verification of their accuracyITG791 0 0
EMS19 Operational planning and controlISO14001Identify and plan operations associated with significant environmental aspects 0 0 0
ISO14001Establish, implement and maintain documented procedures to control situations that deviate from the environmental policy, objectives and goals 0 0 0
ISO14001Establish operational criteria in work procedures 0 0 0
ISO14001Establish documented procedures for goods and services used by the organization 0 0 0
ISO14001Communicate procedures and requirements to suppliers and contractors 0 0 0
EMS20 Preparation and response in case of emergencyISO14001Establish, implement and maintain one or several procedures to identify potential situations of potential accidents and emergencies, as well as document how to respond to them 0 0 0
ISO14001Establish procedures to respond to emergency situations and prevent or mitigate environmental impacts 0 0 0
ISO14001Periodically review and modify, when necessary, their emergency preparedness and response procedures, particularly after accidents occur 0 0 0
ISO14001Periodic testing of established procedures, when feasible 0 0 0
EMS21 Monitoring, measurement, analysis and evaluationISO14001Establish, implement, document and maintain one or several procedures to track and regularly measure the fundamental characteristics of its operations that can achieve significant impacts on the environment 0 0 0
ISO14001Ensure that monitoring and measuring equipment are used and maintained calibrated or verified and records kept 0 0 0
EMS22 Legal fulfillment evaluationISO14001Establish, implement and maintain procedures to periodically evaluate compliance with applicable legal requirementsITG182ITG491 0
ISO14001Keep records of the results of periodic evaluations 0 0 0
EMS23 Internal AuditISO14001Establish policies to ensure that audits are conducted at planned intervals 0ITG461 0
ISO14001Establish, implement and maintain audit programs 0ITG461 0
ISO14001Establish procedures that deal with the determination of audit criteria, frequency and methods 0ITG461 0
EMS24 Review by the main principalsISO14001Establish procedures for senior management to review the EMS at planned intervals 0 0 0
ISO14001Establish policies to keep records of revisions by management 0 0 0
ISO14001Establish that the results of the reviews include the decisions and actions taken related to possible changes in the environmental policy 0ITG411 0
EMS25 Improvement of non-conformity, corrective action.ISO14001Establish, implement and maintain procedures to deal with real and potential conformities and take corrective actions 0 0 0
ISO14001Take appropriate actions in relation to the magnitude of the problems and environmental impacts found 0 0 0
ISO14001Ensure that any necessary changes are incorporate into the documentation of the environmental management system 0 0 0
ISO14001Evaluate the need to take action to eliminate the causes of non-compliance 0 0 0
ISO14001Implement any necessary corrective action 0 0 0
ISO14001Review the effectiveness of the corrective measures adopted 0 0 0
ISO14001Identify and correct the non-conformities 0 0 0
ISO14001Investigate the non-conformities (determining causes and taking actions) 0 0 0
ISO14001Evaluation of the need for actions to prevent non-conformities 0 0 0
ISO14001Record of the results of the preventive and corrective actions taken 0 0 0
ISO14001Review of the effectiveness of the preventive and corrective actions taken 0 0 0
ISO14001Ensure that any necessary changes are incorporate into the EMS documentation 0 0 0
EMS26 Continuous improvementISO14001Evaluate the environmental management system 0 0 0
ISO14001The organization must continuously improve the EMS 0 0 0
EMS27 Supervise the governanceGRI G4Supervise the governance 0 0 0
Table
Table 9. Synthesis of the quantitative study derived from Table 8.
Table 9. Synthesis of the quantitative study derived from Table 8.
Relevant ES FactorsITG ApproachSituations
“0”“1”“2”
ActivitiesSub-ActivitiesNumber Of Sub-Activities%Number of Sub-Activities%Number of Sub-Activities%
27103COBIT57572.821918.4598.74
ISO385008582.521514.5632.91
WEILL & ROSS9895.1554.8500.00

Share and Cite

MDPI and ACS Style

Rivas-Asanza, W.; Celleri-Pacheco, J.; Andrade-Garda, J.; García-Vázquez, R.; Mato-Abad, V.; Rodríguez-Yáñez, S.; Suárez-Garaboa, S. Environmental Sustainability in Information Technologies Governance. Sustainability 2018, 10, 4792. https://doi.org/10.3390/su10124792

AMA Style

Rivas-Asanza W, Celleri-Pacheco J, Andrade-Garda J, García-Vázquez R, Mato-Abad V, Rodríguez-Yáñez S, Suárez-Garaboa S. Environmental Sustainability in Information Technologies Governance. Sustainability. 2018; 10(12):4792. https://doi.org/10.3390/su10124792

Chicago/Turabian Style

Rivas-Asanza, Wilmer, Jennifer Celleri-Pacheco, Javier Andrade-Garda, Rafael García-Vázquez, Virginia Mato-Abad, Santiago Rodríguez-Yáñez, and Sonia Suárez-Garaboa. 2018. "Environmental Sustainability in Information Technologies Governance" Sustainability 10, no. 12: 4792. https://doi.org/10.3390/su10124792

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop