Purpose: The purpose of this study is to propose an easy-to-use and scientifically developed Enterprise Governance of Information Technology (EGIT) Maturity Models (MM) development methodology which can develop stage-based MMs. The proposed methodology will enable researchers in developing countries to build and use scientific EGIT stage-based MMs that can support organizations to measure their compliance to the diverse recent EGIT respective regulations easily while adapting with their local context needs and protect their supply chains.

Design/methodology/approach: This study is following an experimental approach by using the proposed methodology to develop an EGIT stage-based MM which is deployed and tested in three firms. The participating firms, which play a great role in supply chains, provided valuable feedback at the end of the experiment.

Findings: The participating firms provided evaluation of the tested MM depicting its value in measuring EGIT compliance. The findings show a positive and significant relationship between the use of the MM developed by the proposed methodology and the participating firms’ capability to measure their EGIT maturity and increase it. Moreover, the proposed methodology enables small and medium-sized organizations to measure their EGIT maturity levels without consuming much time or resources which they cannot afford like large organizations.

Research implications and limitations: During the research there were many challenges including and not limited to lack of EGIT MM developed in or for MENA region and EGIT awareness in MENA region. COVID 19 pandemic and its impact on the three participating organizations. The emergence of new regulations in MENA region during the research. Explaining the EGIT MM to different stakeholders with different background. Collecting and analysing the maturity of the three participating organization in all the processes of the four pillars.

Originality: In developing countries like Middle East and North Africa Region (MENA) region and especially Arab countries, EGIT plays a greater role in achieving new strategic visions set by emerging developing countries which have EGIT limited resources, lack of knowledge, and higher levels of risk. Although there are many MMs for EGIT, we could not find any adopting stage-based maturity measurement technique that was developed in or for the MENA region. Hence, this paper attempts to develop an EGIT Stage-based MM development methodology for Arab countries.

Received: 30 November 2023

Accepted: 18 December 2023

Published: 19 February 2024

Alshamy, M. et al. (2021) ‘Assessing Enterprise Governance of Information Technology Maturity Models in Middle East and North Africa Region’, in Position and Communication Papers of the 16th Conference on Computer Science and Intelligence Systems. Available at: https://doi.org/10.15439/2021f39.

Andry, J.F. and Setiawan, A.K. (2019) ‘IT GOVERNANCE EVALUATION USING COBIT 5 FRAMEWORK ON THE NATIONAL LIBRARY’, Jurnal Sistem Informasi, 15(1), pp. 10–17. Available at: https://doi.org/10.21609/jsi.v15i1.790.

Antunes, P., Carreira, P. and Mira da Silva, M. (2014) ‘Towards an energy management maturity model’, Energy Policy, 73, pp. 803–814. Available at: https://doi.org/10.1016/j.enpol.2014.06.011.

Becker, J. et al (2010) ‘Maturity models in IS research,’ European Conference on Information Systems, https://aisel.aisnet.org.

Becker, J., Knackstedt, R. and Pöppelbuß, J. (2009) ‘Developing Maturity Models for IT Management’, Business & Information Systems Engineering, 1(3), pp. 213–222. Available at: https://doi.org/10.1007/s12599-009-0044-5.

Bleker, B.S. and Hortensius, D. (2014) ‘ISO 19600 : The Development of a global standard On compliance management’, Business Compliance, (2).

Crawford, L.H. and Helm, J. (2009) ‘Government and Governance: The Value of Project Management in the Public Sector’, Project Management Journal, 40(1), pp. 73–87. Available at: https://doi.org/10.1002/pmj.20107.

Hauck, J.C.R. et al. (2011) ‘Proposing an ISO/IEC 15504-2 Compliant Method for Process Capability/Maturity Models Customization’, in, pp. 44–58. Available at: https://doi.org/10.1007/978-3-642-21843-9_6.

Hevner et al. (2004) ‘Design Science in Information Systems Research’, MIS Quarterly, 28(1), p. 75. Available at: https://doi.org/10.2307/25148625.

Mühe, S. and Drechsler, A. (2017) ‘Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises’, International Journal of Systems and Society, 4(2), pp. 44–56. Available at: https://doi.org/10.4018/IJSS.2017070104.

Novia, R.B. and . W. (2019) ‘ITIL 2011: Maturity Level of Service Operation’, IJNMT (International Journal of New Media Technology), 6(1), pp. 50–54. Available at: https://doi.org/10.31937/ijnmt.v6i1.1058.

Paramita, Y. (2023) ‘Proposed compliance management design based on analysis of iso 37301:2021 compliance management system’. Available at: https://doi.org/10.5281/ZENODO.8355390

Pasquini, A. and Galiè, E. (2013) ‘COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process’, Fikusz 13.

Pletneva, N.P. (2014) ‘commentary on the international standard ISO 31000–2009 “risk management. principles and guidelines”’, Spravochnik. Inzhenernyi zhurnal, pp. 1–16. Available at: https://doi.org/10.14489/hb.supp.2014.07.pp.001-016.

Rosemann, M. and D.B.T. (2005) ‘Towards a business process management maturity model’, in. European Conference on Information Systems, pp. 521–532.

Steuperaert, D. (2019) ‘COBIT 2019: a significant update’, EDPACS, 59(1), pp. 14–18. Available at: https://doi.org/10.1080/07366981.2019.1578474.

Vaníčková, R. (2017) ‘Application of PRINCE2 Project Management Methodology’, Studia Commercialia Bratislavensia, 10(38), pp. 227–238. Available at: https://doi.org/10.1515/stcb-2017-0021.