Principles, Domains and Processes of HIT Governance Frameworks: A Systematic Review

  • Farahnaz Sadoughi Department of Health Information Management, Iran University of Medical Sciences, Tehran, IR Iran
  • Nasrin Davaridolatabadi
  • Maryam Ahmadi
  • Mehraban Shahi


Introduction: IT governance points out how to manage IT and align the decisions related to IT with processes, resources, and responsibilities within the organization. This study was conducted aimed at a review of studies on the principles, domains, and processes of IT governance framework. Method: This is an applied study that was carried out in the qualitative method of systematic review. The study population consisted of all English articles indexed in scientific databases and electronic journals available. 36 eligible articles from among the articles reviewed entered the study and the data desired were collected through data extraction form and search strategy and analyzed using content analysis. Results: Results showed that among 36 articles, four of the articles dealt with principles, 33 articles with domains, and 24 articles with processes of IT governance frameworks. These principles are related to IT frameworks of ISO 38500, ITIL V3, TOGAF, Prince 2, COBIT, Val IT. The domains included frameworks of CMMI, ITIL, PMBOK, COBIT, ISO 27001, COSO, Val IT, P2CMM. The processes also referred to the frameworks of Val IT, P2CMM, COBIT, ISO 27001 and 27000, ITIL, PMBOK and CMMI. Conclusion: Based on this information and an overview of the principles, domains, and processes of the frameworks obtained in this study, the managers and officials of hospitals' IT units can specify an appropriate governance framework for IT Service Management, method improvement of processes, probable risks management and project management.


Bryman A, Nilsson B. Samhällsvetenskapliga metoder: Liber ekonomi; 2002.

Ross JW, Beath CM, Goodhue DL. Develop long-term competitiveness through IT assets. Sloan management review. 1996;38(1):31-42.

Broadbent M, Weill P. Management by maxim: How business and IT managers can create IT infrastructures. Sloan management review. 1997;38:77-92.

Abu-Musa AA. Evaluating the security controls of CAIS in developing countries: the case of Saudi Arabia. The International journal of digital accounting research. 2006;6(11):3.

Sadoughi F, Davaridolatabadi N, Ahmadi M, Shahi M. Theoretical Approach to Elderly Care Management Information Systems: Lesson learned from literature review. The AYER. 2015;1:375-85.

Shahi M, Sadoughi F, Ahmadi M. Information Technology Governance Domains in Hospitals: A Case Study in Iran. Global journal of health science. 2014;7(3):p200.

De Haes S, Van Grembergen W, editors. IT governance structures, processes and relational mechanisms: Achieving IT/business alignment in a major Belgian financial group. System Sciences, 2005 HICSS'05 Proceedings of the 38th Annual Hawaii International Conference on; 2005: IEEE.

Council ACG, Exchange AS. Principles of good corporate governance and best practice recommendations: Australian Stock Exchange Limited; 2003.

Abu-Musa AA. Exploring information technology governance (ITG) in developing countries: an empirical study. The International journal of digital accounting research. 2007;7(13):6.

ITGI. Erickson improves business processes: IT Governance Institute; 2008 [cited 2012 30 April]. Available from:

Weill P, Ross JW. IT governance: How top performers manage IT decision rights for superior results: Harvard Business Press; 2004.

Van Grembergen W. Strategies for information technology governance: Igi Global; 2004.

Korac-Kakabadse N, Kakabadse A. IS/IT governance: Need for an integrated model. Corporate Governance. 2001;1(4):9-11.

ITGI. Board Briefing on IT Governance: IT Governance Institute; 2005 [cited 2012 20 Juon]. Available from:

Peterson RR. Integration strategies and tactics for information technology governance. Strategies for information technology governance. 2004:37-80.

Duffy J. IT Governance and business value part 1: IT Governance–An issue of critical importance. IDC document. 2002(27291).

Patel NV. An emerging strategy for e-business IT Governance. Strategies for information technology governance. 2004:81.

Sambamurthy V, Zmud RW. Arrangements for information technology governance: a theory of multiple contingencies. Mis Quarterly. 1999:261-90.

Rau KG. Effective governance of IT: Design objectives, roles, and relationships. Information Systems Management. 2004;21(4):35-42.

ITGI. Role of IT Governance as part of Enterprise Governance: IT Governance Institute; 2007 [cited 2012 20 Juone]. Available from:

Symons C. IT governance framework. Forrester Best Practices March. 2005;29:2005.

De Haes S, Van Grembergen W, editors. Information technology governance best practices in Belgian organisations. System Sciences, 2006 HICSS'06 Proceedings of the 39th Annual Hawaii International Conference on; 2006: IEEE.

Davaridolatabadi N, Sadoughi F, Meidani Z, Shahi M. The Effect of Educational Intervention on Medical Diagnosis Recording Among Residents. Acta Informatica Medica. 2013;21(3):173.

Shahi M, Sadoughi F, Davaridolatabadi N, Ebrahimi K. HIS interoperability among health care centers: Case of Iran. Life Science Journal. 2013;10(7s).

Kuhn K, Giuse D, Lapao L, Wurst S. From Hospitals to Regional Networks, to National Infrastructures, and Beyond. Methods Inf Med. 2007;46:500-2,

Lapão LV. Survey on the status of the hospital information systems in Portugal. Methods of Information in Medicine. 2007;46(4):493-9,

Williams TG. IT investments can add business value. Healthcare financial management: journal of the Healthcare Financial Management Association. 2002;56(5):34-8.

Safdari RD, H. Eshragyan, R. Barzekar, H. Human Factors Infuencing the Adoption of Information Technology by Operational Managers Tehran University of Medical Sciences. Journal of Payavard. 2011;5(1):24-31.

Health Mo. Map of Iran's System Reform based on Islamic-Iranian pattern for development 2012 [cited 2012 25 July]. Available from:

Sunthonwutinun W, Chooprayoon V. A Benchmarking Study of Standard Frameworks for Information Technology Governance. 2008.

De Haes S, Van Grembergen W, Van Brempt H. Demonstrating the value of COBIT and Val IT IT governance practices. ISACA Journal. 2009;5:1-6.

Sheikhpour R, Modiri N. A best practice approach for integration of ITIL and ISO/IEC 27001 services for information security management. Indian Journal of Science & Technology. 2012;5(2).

Noblin AM, Cortelyou-Ward K, Ton S. Electronic Health Record Implementations: Applying the Principles of Monitoring and Controlling to Achieve Success. The health care manager. 2011;30(1):45-50.

Cortina Sp, Picard M, Valdés O, Renault A. A Challenging Process Models Development: The ITIL v3 Lifecycle Processes. 2010.


de Fátima Mattiello-Francisco M, Arias R, Massaki Hirata C, editors. A Comparative Study between PMBoK/DoD and ECSS/Management Process for Software Acquisition. DASIA 2005-Data Systems in Aerospace; 2005.

Mataracioglu T, Ozkan S. Governining Information Security in ConjunctiIon with COBIT and ISO 27001. International Journal of Network Security & Its Applications. 2011;3(4).

Knahl MH. A Conceptual Framework for the Integration of IT Infrastructure Management, IT Service Management and IT Governance. Proceedings of World Academy of Science: Engineering & Technology. 2009;52.

Yuwono B, Triputra RN, Nasri M. Information Technology Plan as an IT Governance Maturity Driver. Jurnal Sistem Informasi. 2012;5(1):50-5.

Kishore R, Swinarski ME, Jackson E, Rao HR. A Quality-Distinction Model of IT Capabilities: Conceptualization and Two-Stage Empirical Validation Using CMMi Processes. Engineering Management, IEEE Transactions on. 2012;59(3):457-69.

Nabiollahi A, Alias RA, Sahibuddin S. Involvement of Service Knowledge Management System in Integration of ITIL V3 and Enterprise Architecture. American Journal of Economics and Business Administration. 2011;3(1):165.

Yucalar F, Erdogan SZ. A Questionnaire Based Method for CMMI Level 2 Maturity Assessment. Journal of Aeronautics & Space Technologies/Havacilik ve Uzay Teknolojileri Dergisi. 2009;4(2).

Susanto H, Almunawar MN, Tuan YC. I-SolFramework View on ISO 27001. Information Security Management System: Refinement Integrated Solution’s Six Domains. Journal of Computer, Asian Transaction. 2011.

Lixandroiu R, Maican C, editors. A study on measuring the performance of systems using the IT business intelligence corporate governance standard: Cobit 4.1. Proceedings of the 12th WSEAS international conference on Mathematics and computers in biology, business and acoustics; 2011: World Scientific and Engineering Academy and Society (WSEAS).

Ramadhani DP, Kurniati AP, Maharani W. IT Governance Analysis of XYZ Hospital Based on COBIT 4.1. 2012.

Simonsson M, Hultgren E, editors. Administrative Systems and Operation Support Systems–A Comparison of IT Governance Maturity. proceedings of the CIGRÉ International Colloquium on Telecommunications and Informatics for the Power Industry, Cuernavaca, Mexico; 2005.

Goeken M, Alter S, editors. IT Governance Frameworks as Methods. ICEIS (3-2); 2008.

Tanovic A, Androulidakis I, Orucevic F, editors. Advantages of the new ITIL V3 model in the implementation of the IMS system. 11th WSEAS International Conference on Applications of Computer Engineering (ACE’12); 2012.

Wessels E, Loggerenberg J, editors. IT governance: theory and practice. Conference on Information Technology in Tertiary Education, Pretoria, South Africa; 2006: Citeseer.

Omran A, editor AGILE CMMI from SMEs perspective. Information and Communication Technologies: From Theory to Applications, 2008 ICTTA 2008 3rd International Conference on; 2008: IEEE.

Disterer G. ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal of Information Security. 2013;4(2).

Bhattacharjya J, Chang V, editors. Evolving IT governance practices for IT and business alignment—a case study in an Australian institution. Proceedings of the 4th Annual Conference on Information Science, Technology and Management; 2006.

Liao K-H, Chueh H-E. Medical Organization Information Security Management Based on ISO27001 Information Security Standard. Journal of Software (1796217X). 2012;7(4).

Radovanovic D, Radojevic T, Lucic D, Sarac M, editors. Analysis Of Methodology For IT Governance and Information Systems Audit. International Scientific Conference; 2010.

Al Omari L, Barnes PH, Pitman G, editors. Optimising COBIT 5 for IT governance: examples from the public sector. Proceedings of the ATISR 2012: 2nd International Conference on Applied and Theoretical Information Systems Research (2nd ATISR2012); 2012: Academy of Taiwan Information Systems Research.

Zakaria NA, Razak RA, Dahalin ZM. Assessment of Enterprise Architecture (EA) Implementation Using The Open Group Architecture Framework (TOGAF). 2010.

Ferreira M, Tereso A, Ribeiro P, Fernandes G, Loureiro I. Project Management Practices in Private Portuguese Organizations. Procedia Technology. 2011;9:608-17.

COSTIN D, MILITARU C. Asset Management Towards ISO/IEC 27001: 2005 Accreditation of an Information Security Management System. REVISTA DE MANAGEMENT COMPARAT INTERNATIONAL/REVIEW OF INTERNATIONAL COMPARATIVE MANAGEMENT. 2011;12(6):245-50.

Sanjuan AG, Froese T. The Application of Project Management Standards and Success Factors to the Development of a Project Management Assessment Tool. Procedia-Social and Behavioral Sciences. 2013;74:312-21.

Gheorghe M. Audit Methodology for IT Governance. Informatica Economica. 2010;14(1).

Lianying Z, Jing H, Xinxing Z. The Project Management Maturity Model and Application Based on PRINCE2. Procedia Engineering. 2012;29:3691-7.

Othman MFI, Chan T, Foo E, Nelson KJ, Timbrell GT, editors. Barriers to information technology governance adoption: a preliminary empirical investigation. Proceedings of 15th International Business Information Management Association Conference; 2011.

Ven K, Van Grembergen W, Dehaes S, Verelst J. Using COBIT 4.1 to guide the adoption and implementation of open source software. Information Systems Control Journal. 2008;3:31-5.

Krakar Z, Žgela M, Rotim ST. CobIT–Framework for IT Governance–Analysis and experience. FOI, retrieved. 2011:25-06.

Kozina M, Popović D. VAL IT Framework and ICT benefits. 2010.

Literature Review With Cases