Principles of Islam for Information Technology
Governance
Abstract— Islam and IT seems separate at the first glance. In
essence, they share common points. In this paper, Islam is
regarded as an umbrella discipline to enlarge the scope of and
improve IT governance. In doing so, the study highlights
similarities and differences between Islam and COBIT in terms
of format and content. By highlighting the similarities of Islam
with COBIT it is impressed that they are good practices and
should be maintained in further versions of COBIT. If a
deficiency in COBIT is pointed out, it can be regarded as a
possible amendment in further versions. This study would
hopefully provide valuable insights firstly to people related to
COBIT. And, for Muslim this study would suggest a novel
interpretation of the Qur'an and Hadith by connecting their
mostly known meanings to IT related context.
Keywords- COBIT, IT governance, Islam, Qur’an, Hadith
I. INTRODUCTION
Focusing only on specific rules or principles sometimes
leads to minimalism, which is the idea: if it’s not specifically
forbidden, it is allowed [2]. This calls for a complete set of
rules and principles. However, man-made standards can
change with time, in response to the environment. Therefore,
it is needed a discipline or road-map which is independent on
time and environment.
The religion of Islam is perfect and complete [Qur'an 5:3,
30:30] and independent on time and location. Islam also
includes all the necessary facts, details, and issues that need
to be dealt with regarding to the human life [Qur'an 16:89],
from what to eat [Qur'an 16:115] to how to govern people
[Qur'an 38:26]. Based on this, Muslims have regarded the
Qur'an as light for all areas in their lives and utilize its rules
and disciplines for advancement and improvement.
In the era of information technology, Islamic scholars
have not kept pace with the IT advancements. For this
reason, Islam and IT seems separate at the first glance. In
essence, they share common points. Here, it is reminded the
fact that Islam is comprehensive and complete so that
Islamic sources can support IT fields with a set of beliefs,
ideas, and rules that are to use in IT practices.
In this paper, Islam will be regarded as an umbrella
discipline to enlarge the scope of IT governance. In
particular, this study highlights similarities and differences
between Islam and COBIT (framework version 4.1) in terms
of format and content. Thus, by highlighting the similarities
between Islam and COBIT it is impressed that they are good
practices and should be maintained in further versions of
COBIT. On the other hand, if a deficiency in COBIT is
© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works
pointed out, it can be regarded as a possible amendment in
further versions.
The reason to select IT governance among the other IT
practices in this spectrum is that IT governance is adopted to
manage business activities in general, unlike ITIL and ISO
17799 that are technical frameworks [7]. Particularly, we
will use COBIT as baseline in IT governance for it is an
increasingly internationally accepted set of guidance
materials for effective IT governance throughout an
enterprise. Also, it is not process but control based as in
Islam.
This study would hopefully provide valuable insights
firstly to people related to COBIT. Secondly, for Muslim this
study would provide a novel interpretation of the Qur'an and
Hadith by connecting their mostly known meanings to IT
related context. For non-Muslim practitioners, who are
managing Islamic organizations or managing Muslim
workforce this study would be informative and supportive in
making decisions.
In this paper, firstly the religion of Islam is introduced.
The next part is dedicated to investigation of IT governance
in Islam. In doing so, concepts of people, process and
technology in Islam are discussed. Then, a list of particular
amendments for COBIT based on the Islamic principles is
suggested.
II. RELATED WORKS
A search with the key words of 'Qur'an', ‘Qur'an’ and
Hadith on the well-known e-libraries has manifested that
there is, at the time being, no same or similar research
conducted. For this generalization, studies approaching the
Qur'an and Hadith linguistically are excepted for they focus
on the structure of writing, not in the meaning. However, at
least there are some studies targeting the IT related readers
that use Islamic sources as the main references such [1] and
[2]. For instance, paper [1] in its case, elaborates the
internationally accepted ethic principles of OECD
(Organization of Economic Co-operation and Development)
with Islamic ethics.
III. ISLAM
In this section, the foremost features of the religion of
Islam and the two main Islamic sources, the Qur'an and
Hadith, which Islamic knowledge is deep-rooted from are
introduced.
A. Features of Islam
Some of the features of Islam are stated as below. Islam:
  Converts society to the best through ethics by
guiding with justice, fairness, honest, truth, goodness
[2].
 “Is comprehensive, which organize the relation
between: mankind and Allah, mankind them self,
mankind and other creates of Allah, and mankind
and environment” [2]. It includes what mankind
makes, let us technology.
 Associates principles with implementation through
set of worshiping, ethics and dealing acts [2]. This
characteristic of Islam may contribute systems that
have issues in practice.
 Is whole life guidance starting from day of birth and
continue through all the life [2].
 Is international. Islam is the religion for all humans
over the world; regardless of their location, time,
race, nation, religion, and skin color [Qur’an 34:28].
 Is based on the natural instinct of humankind: In
Qur'an 30:30, it is said: “Therefore, you shall devote
yourself to the religion of strict monotheism (natural
instinct). Such is the natural instinct placed into the
people by Allah. Such creation of Allah will never
change. This is the perfect religion, but most people
do not know.”
 Is time independent: Islamic principles are stable and
standard across time.
B. Islam Sources
There are two main religious texts of Islam: the Qur'an
and the Hadith. The Qur'an is the foremost and the main
criterion reference for judging all the other sources.
Formally, Hadith is mainly defined by Muslim scholars as all
what prophet Mohammed says, acts, or agreed on. Although
the Qur'an delivers the main principles of Islam, the Hadith
helps to understand the Qur’an in practice. Qur'an 33:21
says: “The messenger of Allah has set up a good example for
those among you, who seek Allah and the Last Day, and
constantly think about Allah”.
The Qur’an and Hadith provide people all over the world
with rules (such as in the verse 4:2), standards (such as in the
verse 4:11), formula-like cause and result relation defined by
the Creator (f(x)=y in form of “if, then, else”, “if you do this,
this will happen” such as in the verse 14:7), recommendation
and example of best practices [Qur'an 24:34, 12:3, 33:21]
and guidance for the best way [Qur'an 17:9, 2:2] in
,relatively, complex world. In doing so, the Qur'an delivers
its content in the five main areas as following:
1. Origins and fundamentals of all sciences (which
is the focus in this paper)
2. Information about the creation of the universe
3. Principles of happiness in the world
4. Principles of eternal happiness in the hereafter
5. Essentials of striving in the cause of Allah
In the language of COBIT, the information in Qur'an has
the following information criteria. Addition to COBIT
information criteria, the Qur'an is also proven and backed up:
 Effectiveness: The verse 39:23 declares that Allah
has sent down the best statement, a consistent Book
© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works
wherein is reiteration. The verse 2:2 says :"This
Book, there is no doubt in it, is a guide to those who
guard"
 Efficiency: In the verse 6:38, Allah says: "We did not
neglect/waste in The Book from a thing (the Qur’an,
the Supreme Preserved Tablet, which is the source of
all books, and the Book of Creation: We have
created everything just in its place and for a purpose,
so that the universe is maintained in perfect balance
and order) "
 Confidentiality: In the verse 56:79 Allah states that:
"Which (that Book with Allah) none can touch but
the purified."
 Integrity: The verse 18:1 says: “Praise be to Allah,
Who hath sent to His Servant the Book, and hath
allowed therein no Crookedness.”
 Availability: "We have, without doubt, sent down
the Message; and We will assuredly guard it [15:9]"
till the day of reckoning. And, it is only the one
Book that is fully memorized by people.
 Compliance: The Qur’an principles rest ultimately
on Allah, whose knowledge and authority are
absolute.
 Reliability: In the verse 2:23 it is said that: “If ye are
in doubt as to what We have revealed from time to
time to Our servant, then produce a Sura like
thereunto; and call your witnesses or helpers (If there
are any) besides Allah, if your (doubts) are true.”
 Proven: In the verse 2:111 Allah says:” They say,
"None will enter Paradise except one who is a Jew or
a Christian." That is [merely] their wishful thinking,
Say, "Produce your proof, if you should be truthful."
 Backed up: There is only one the book that is totally
backed up in minds of people.”
Islamic sources are not limited only to the Qur'an and
Hadith. Written form of sources by Islam scholars extend
and tailor the Qur'an and Hadith to context of their time and
locations. Thus, the main principles remains stable, and
implementation of them are tailored and shaped according to
time and location. Surely, one who wants to conduct a study
can use these sources in their researches.
IV. IT GOVERNANCE IN ISLAM
An IT related discipline such as IT governance can, in
basic, be defined as constitution of the three components:
people, process and technology [8]. Hereby, investigation of
IT governance in Islam is divided up into these three
subjects.
A. People:
In COBIT, the concept of people who implement
processes using technology is regarded as a type of resource
same as application, information and infrastructure.
However, people have a complex, complicated,
unpredictable characteristics and dynamic relationship
happening between them and their environments in their
roles such as manager, shareholder or stakeholder. For this
reason, in human-made structures like organizations, in
which determining the right combination of mechanisms is a
complex endeavor [7], are not simple to manage control as
human transfers his complexity to what he builds. Moreover,
human, as an asset, has the highest value in an organization
and holds a considerable piece of risk, thus must be
controlled carefully. On the other hand, people may
potentially resist to or not obey, at least particularly,
implementing even ideally perfect disciplines. Hence, the
concept of human (people) should be considered in a wider
and deeper scope in IT context, unlike in COBIT, in which it
is underestimated.
According to the Qur'an, Allah has honored human-
beings over the other creatures by giving them certain
knowledge [Qur'an 17:70]. Allah Almighty said, (2:30-33):
“When the Angels questioned Adam’s suitability for
representation, Allah cited Adam’s knowledge to convince
them.” Why Allah says in the verses 2:30-33 as term of
knowledge is because knowledge demands action taking and
must have a direction (purpose). What makes humankind
more honorable over the rest of the creatures is its decision
making mechanism. While angels obey their Creator all the
time, as they are programmed to do so, humans have
selections: behaving bad or good, being just or cruel. They
have ability of finding the right way in their actions by their
knowledge that is inherited from the limitless knowledge of
Allah. Same as the inheritance mechanism of the abilities
from Allah, partially, to mankind [Qur'an 32:9], man also
transfers these abilities from him to what he makes:
framework (such as COBIT), procedure, organization and
technology. Therefore, simply saying, from end to end
technology and process are connected to Allah, the Creator,
by the bridge of human so that technology and process
should comply with Allah’s authority.
Man’s basic qualification (unique to its kind) is to
possess the abilities of distinguishing:
1. Good and bad,
2. Beneficial and unbeneficial,
3. Justice and tyranny,
4. Right and wrong
In a step further, these abilities become the sources of
certain disciplines as listed in Table I:
TABLE I. HUMAN’S DISTINGUISHED ABILITIES AND CORRESPONDING
DISCIPLINES
Ability of distinguishing Sources of
Good and bad Moral norms and ethics
Beneficial and unbeneficial Economics
Justice and tyranny Science of law
Right and wrong Science of mathematics, physics,
chemistry, etc.
For a thing to be adequate, it has to bear these four
aspects. For instance, five is bigger than four; it is right.
However, in case of that these five units of money are earned
by stealing, a halal four is preferred in Islam. This mindset
can be applied to all human activities and human-made
artifacts such as technology and processes. Thus, technology
© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works
should comply with Islamic principles: being good,
beneficial, justice and right.
B. Process:
The concept of process here is used to cover all around
and in it: procedure, policy, methodology, methods,
relationship mechanism, distributing role and responsibilities
and such. The religion of Islam does not give certain orders
of activities nor mentions how to do them for the way of
processing may vary time to time. Instead, Islam defines and
establishes general rules and provides best practices. In this
manner it resembles to COBIT.
Another common characteristic shared by Islam and
COBIT is being the main and basic reference for guidance
and resolving conflicts. For instance, defining roles and
responsibilities in COBIT and making them known by all
correspondences avoids possible conflicts. In a Qur'an verse,
2:213, it is said: “Mankind was one single nation, and Allah
sent Messengers with glad tidings and warnings; and with
them He sent the Book in truth, to judge between people in
matters wherein they differed.” Likewise, the verse 4:59
says: “If ye differ in anything among yourselves, refer it to
Allah and His Apostle, if ye believe in Allah and the Last
Day: That is the best and most suitable for final
determination.”
It is obvious that merely the written form of rules,
policies, and processes are not the final destination, without
the implementation they do not possess any value.
Considering that, Allah has sent messengers as model, to
show people how to practice what He says in Qur’an. In the
Qur'an, 16:44, it is said: “With clear proofs and writings; and
We have revealed unto thee the Remembrance that thou
mayst explain to mankind that which hath been revealed for
them, and that haply they may reflect.” And, in order to
underline the importance of implementation, the Qur’an
states, in 46:19: “And to all are ranked according to their
deeds.” and in 13:11: “Surely Allah does not change the
condition of a people until they change their own condition.”
C. Technology:
Allah delivered scientific information (one of the five
main types of contents in the Qur’an) to humans via the
Qur’an and gives ability of distinguishing what is right and
wrong to people. This source of information and this ability
of man form the base of sciences such as mathematics,
physics, chemistry, etc. A clear example of the Qur'an based
scientific knowledge can be found in the verse 57:25, in
Surat Al-Ĥadīd (The Iron) that says :”..We sent down iron,
wherein is great military might and benefits for the people,
and so that Allah may make evident those who support Him
and His messengers unseen. Indeed, Allah is Powerful and
Exalted in Might."
Recent studies on the source of iron has manifested the
fact that iron does not come into existence in Earth in the
beginning, it comes from out of the Earth instead. This is
why in the above verse it is said: "We sent down iron" from
space to the Earth. Some biology studies have shown the
crucial importance of iron for human body. When looked
from chemistry point of view, Surat al-Hadid is the 57th
surat in the Qur’an. The numerical value of the word “al-
Hadid” in Arabic is 57. The numerical value of “hadid” on
its own is 26. As can be seen from the periodic table to the
side, 26 is the number of the iron atom.
From another point of view, by naming a Surat with the
name of an element Allah implies the importance of science.
Apart from this example on science, many more can be
found in the Qur'an such as Surat Ash-Shams (The Sun).
Additionally, in some other verses, humans are encouraged
to use their mind and wisdom to investigate scientific facts
and the nature of things embedded into them by Allah.
For Islam both technology and ability of having
information is crucial. Allah says (58:11); “Are those who
know equal to those who know not? But only they who are
endowed with understanding keep this in mind.” Considering
this, Islam has manifested the importance of information
technology.
Information technology (a particular type of technology)
such as tool, application, system, software is an ability that is
used in an extensive, integrated and optimized manner to
automate processes and provide tools to improve quality and
effectiveness [7]. In doing so, information technology must
be ethical, beneficial, delivers right outcomes and complies
with rules. In the scope of COBIT, technology must be
reliable, right (summing 2 and 3 correctly) and complies with
rules of authority. What is addition in Islam is that
technology stealing, causing harmful results or providing
immoral contents is prohibited. At this point, humans have
been informed, in the verse 4:85, that “Whoever supports
and helps a good cause, will have a reward for it: And
whoever supports and helps an evil cause, shares in its
burden: And Allah has power over all things.”
Reference [6] mentions that the key to success with
technology is not the technology per se but the ability to
manage it well. Again here, as mentioned before, human
who utilizes technology in order to implement work-flows
take an important place and should be considered properly.
III. ISLAM AND COBIT
In this section some specific examples of shared subjects
between Islam and COBIT are delivered. Here, by
highlighting the similarities of Islam with COBIT it is
impressed that they are good practices and should be
maintained in further versions of COBIT. On the other hand,
if a deficiency in COBIT is pointed out, it can be regarded as
a possible amendment in further versions.
A. ID
Allah creates and assigns a unique ID for each creature
that He has created. The purpose of assigning an ID is
similar with COBIT control objective DS5.3. Instances for
such an ID can be iris, patterns in a palm or in face. These
features are unexceptionally unique in each human from the
first to last one. Unlike social numbers, designed by humans
in order to represent an entity, these kinds of features have
three dimensions in appearance, in terms of shape. Apart
from this, a SN contains numbers, which does not mean
© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works
anything in itself. On the other hand, a pattern in iris
represents its owner's characteristics same as in the palm.
One more additional ability of Allah applied to ID's is
that while human-made ID's can be same, unknowingly, in
different points of time, the ones that Allah creates are
unique across all over the time and locations. In this concern,
the ability of man is limited to know relatively near past and
predictable piece of future and a defined border of a location
such as country. Outside of a time or country the issues arise;
this is why, let us say, a SN is not valid in another county.
However, it is possible for Allah to manage this in terms of
both time and location by recording all information about the
creatures, including man, in a book before the creation
started. It is stated in the Qur’an verse 35:11: “Allah has
created you from dust, then from a drop of semen and then
divided you into pairs; no female conceives or gives birth
without His knowledge; and no one’s life is prolonged or
shortened, but it is recorded in a Book. That surely is easy
for Allah." This Book can be regarded as a database storing
all the relevant information of what will be created from the
first to the last one. Hence, it is easy, as mentioned in the
above verse, for Allah to identify each human uniquely
regardless of the time of creation of the entity.
The time dimension in this Book's records covers the
time of bringing humans to life on the Day of Resurrection.
Similarly, as stated in COBIT control objective DS13.3, in
order a system to be reconstructed a log mechanism is
recommended: “Ensure that sufficient chronological
information is being stored in operations logs to enable the
reconstruction, review and examination of the time
sequences of operations and the other activities surrounding
or supporting operations".
B. Logging
In COBIT logging for some circumstances is obligated.
In DS8.2 it is stated as: “Establish a function and system to
allow logging and tracking of calls, incidents, service
requests and information needs." and in DS9.2:"Establish
configuration procedures to support management and
logging of all changes to the configuration repository" and of
error logs. Similarly in DS12.3 it is obligated to log physical
accesses to premises, buildings and areas. Another example
is in AI6 which says “changes (including those to
procedures, processes, systems and service parameters) are
logged”. Definitely, the purpose of recording (logging) of
each aspect of the events is to establish a full and clear
disclosure in order to prevent potential misunderstanding and
conflicts.
Angles that are entrusted with the task of logging by
Allah also log humans' events. There are two in numbers in
each individual: one for recoding bad deeds, the other one
for good deeds. This fact has been delivered via the Qur'an
verse 50:18 that says that “He utters not a word but (it is
noted down by) a guardian (angel of his who) stands ready
by his side (to record his words)”. Not only the word but also
every activity is recorded by these angles. It is known by the
verse 10:61: “In whatever activity you may be engaged, and
whichever part of the Qur'an you recite, and whatever deed
you do, We are witness to it when you are engaged in it. Not
the smallest particle on the earth or in heaven is hidden from
your Lord...” Allah also knows everything that is in our
hearts, whether we conceal or reveal it [Qur'an 3:29].
These logs will be used for a further reference in the Day
of Judgment in order to judge for award or punishment.
While those who do righteous deeds will be awarded, one
who does wrong will be punished accordingly [Qur'an 18:87-
88]. In this way, Allah makes mankind informed and aware
that by doing bad deeds, such as hacking, one will be losing
double; one with punishment, one with not being awarded.
Thus, this fact prevents people from harmful events and
reinforces acting right in a proactive way.
On the other hand, log records in COBIT are used only
for the reference in case of unusual and/or abnormal
activities, not for an award for righteous deeds. Example can
be found in control objective DS5.5 which dictates that “a
logging and monitoring function is for the early prevention
and/or detection and subsequent timely reporting of unusual
and/or abnormal activities that may need to be addressed”. It
is the similar case in DS10 Management guideline.
As humankind, we all inherit our abilities from Allah. He
has endless power we have limited yet similar. He saw His
creatures and watch them in every single time [Qur'an 89:14,
57:4, 3:5], we also should watch what we form, and record
every transaction for a future reference. In COBIT, recording
(logging) is for a bad case reference; however in Islamic
beliefs it is for both good and bad bids, for punishment or
awarding. Again, something absent in the COBIT principles
is that people are to be mindful that ‘Allah is the Knower’ of
what they do and intend [1].
C. SLA
SLA is a service level agreement that is a kind of contract
between a service provider and a customer in that the level of
service is formally defined. It is a sort of promise that
guarantees a service to provide with a certain level of quality
by the provider to the customer. At this point, the religion of
Islam and COBIT (in DS 2.4) require fulfilling agreements
and contracts. Islam also informs that for every agreement
will be certainly questioned about on the Day of Reckoning
[Qur'an 17:34].
SLA agreements are to be formally documented. The
Qur’an also, in the verses 282 and 283of Surah al-Baqarah,
makes an explicit and detailed requirement of written form
of agreements: “O you who believe! When you contract a
debt for a fixed period, write it down. Let a scribe write it
down in justice between you...You should not become weary
to write your contract down, whether large or small, for its
fixed term, that is more just with Allah, more solid as
evidence, and more convenient to prevent doubts among
yourselves...Take witnesses whenever you enter into a
commercial contract...And do not conceal any evidence for
whoever hides it, surely his heart is sinful, and Allah is
Knower of what you do.”
From another point of view, a service level agreement is
a negotiated agreement between two parties that call for a
consensus. As stated in [1], Islam seeks consensus of parties.
© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works
The same study puts forward that Islam covers the three
essential principles in corporate governance defined by the
OECD (Organization of Economic Co-operation and
Development). While, two of the three of these principles,
namely transparency (in COBIT DS2.2), accountability (in
COBIT PI1.1 and DS4) are included, adequate disclosure is
not contained in COBIT.
D. RACI Chart
When it comes to distributing roles and responsibilities in
processes, clear and unambiguous definitions of the roles and
responsibilities from top to down is crucial and prerequisites
for an effective IT governance [7]. RACI charts in COBIT
framework are useful in this manner. Islam also paves the
way with a clear definition of roles and responsibilities.
While the more can be found, an example is this Hadith cited
in Sahih Bukhari that says: "Every one of you is a guardian
and is responsible for his charges. The ruler who has
authority over people, is a guardian and is responsible for
them, a man is a guardian of his family and is responsible for
them; a woman is a guardian of her husband's house and
children and is responsible for them; a slave is a guardian of
his master's property and is responsible for it; so all of you
are guardians and are responsible for your charges."
While IT governance is the responsibility of executives
and board members, the actual governance activities must go
through many levels of the enterprise [5]. For those who
assign responsibilities to roles and specific persons should
additionally consider the following:
 Islam forbids assignment of work that will exceed
the individual’s capacity. The Qur’an states, in
2:233: “No soul shall have a burden laid on it greater
than it can bear.”
 Map responsibilities with the best fit individuals. A
Hadith indicates that “Every Muslim is shepherd
(leader) and he is responsible for that which he
shepherds”. The Qur'an, in 28:26, says: “One of the
two ladies said, `My dear father! Take him into your
service. You cannot do better than employ a man
who is strong and trustworthy.' In the translation of
the Qur'an verse 4:58 by Shabbir Ahmed in Allah
also commands us to entrust our offices to those who
are capable, competent and sincere.
And, for those who are responsible, accountable, and
consulted in their duties should consider the following verses
and hadith:
 Obey Allah, and those charged with authority among
themselves [Qur'an 4:59].
 The Prophet in a Hadith said “Allah love those who
accomplish their job in its best (perfect) manner”.
(This highlights the importance of performing
responsibilities in a perfect manner.)
 “Consult them on affairs [of moment]. Then, when
you have taken a decision, put your trust in Allah”
[Qur'an 3:159].
 In Islam accountability is not only to authority but
also to Allah.
  The accountability in roles and responsibilities is not
limited to business only but also Islam makes people
accountable to Allah, the Ultimate Authority.
 Islam requires accountability of not only written
records also oral promises [1].
E. Continuity
Allah calls for mastery in what we do. Thus, it is an
obligation for Muslims to seek knowledge diligently and
obtain excellence in their jobs. Muslims are urged to seek
knowledge from the cradle to grave [3]. Prophet says” seek
knowledge from birth to death”. In another Hadith, Prophet
says: "A ruler who, having control over the affairs of the
Muslims, does not strive diligently for their betterment and
does not serve them sincerely, will not enter Jannah with
them.'' (Riyadus Saleheen, 654). This great concept creates a
state of knowledge continuity. On the other hand, COBIT
does not give a space for continuous improvement that
remains as a possible amendment in further versions.
F. Privacy and Ethics
One of the best controls over society is ethics. People,
who engage with IT, should also consider ethics. It is
believed that security of information can be established
through not only by technology measures, but also with
people's behavior. When it comes to ethical rules, including
ones in business, the Qur’an and Hadith use a set of ethical
terms to describe the concept of goodness such as truth,
goodness, righteousness, equity, equilibrium and justice,
truth and right, known and approved honesty, sincerity, piety
[2], transparency, protection of minorities, and a wider
accountability, protection of confidentiality.
Specific examples include the Qur’an verse 3:110 in
which Allah describes people of the best nation as: “You are
the best of peoples, evolved for mankind, enjoining what is
right, forbidding what is wrong, and believing in Allah”.
Also, the Qur’an requires the honest fulfillment of all
contracts (5:1) irrespective of whether these are written or
oral, explicit or implicit; it prohibits the betrayal of trusts
(8:27); it describes as sinful to derive any income by
cheating, dishonesty or fraud (4:29 [2]. Prophet Mohammed
said “I was sent to complement the best of ethics”. Qur’an
says: “Help you one another in virtue, righteousness and
piety; but do not help one another in sin and transgression”
[Qur’an 5:2]. Prophet in his Hadith said “those who cheat us
are not part of us”.
Muslims, including professionals in IT, have to notice
that Allah will reward them for goodness and punish them
for badness [Qur’an 99:7-8]. And they have to avoided bad
deeds whose final and exact results will be given in the
Judgment Day. On the other side, Islam not only points out
these objectionable behavior but also promotes the desired
behavior through encouragement of an enabling environment
for this purpose by means of effective educational, political,
social, legal and economic reforms and the building of
proper institutions [1]. Therefore, one of the best operating
controls over the people can be established.
© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works
Hence, an IT governance framework should ensure the
above requirements met by applying proper control
objectives when possible.
V. SUGGESTIONS FOR COBIT
The suggestions based on Islamic principles made
throughout this paper for COBIT are outlined in the Table II.
The table lists only ones that are additions to the current
version of COBIT (version 4.1).
TABLE II. SUGGESTIONS FOR COBIT
Subject Suggestion
People The concept of people should be considered in a wider and
deeper scope not only as an resource.
Technology Technology should comply with Allah’s authority: being
good, beneficial, justice and right. This puts forward the
requirement of being ethical for technology.
Process Process should comply with Allah’s authority: being good,
beneficial, justice and right.
ID Assigned ID’s should be unique across time and location
as much as possible.
Logging Logs should be used for a further reference in order to
judge not only for punishment but also for award
SLA SLA agreements must be checked against defined
fulfillments.
SLA agreements should be writen whether large or small.
Agreements should be relied on consensus.
Adequate disclosure of agreements should be provided to
parties.
RACI Accountability in roles and responsibilities should be not
Chart limited to business only it should also makes people
accountable to Allah, the Ultimate Authority.
The mentioned considerations should be taken into account
by those who assign responsibilities to roles and specific
persons and by those who are responsible, accountable,
and consulted in their duties.
Continuity Continuous improvement should be included.
Privacy and Privacy and ethics concerns should be covered
Ethics Ethic principles should be facilitated as a control over risks
VI. CONCLUSION
“Control over the process of” governing IT “that satisfies
the business requirement for IT of” enlarging and improving
the scope of IT governance “by focusing on” similarities and
differences between Islam and COBIT “is achieved by”
recommending Islamic principles to be embedded in and
applied to IT governing processes “and is measured by”
tangible and intangible improvements and amendments in
practice.
REFERENCES
[1] C. Slahudin, “OECD Principles and the Islamic Perspective on
Corporate Governance”, Review of Islamic Economics, vol. 12, no. 1,
2008, pp. 29–39
[2] S. A. Hameed, “Software Engineering Ethical Principles Based on
Islamic Values”, Journal of Software, vol. 4, no. 6, August 2009, pp.
563-570
[3] J. Hashim, “The Quran-Based Human Resource Management and its
Effects on Organisational Justice, Job Satisfaction and Turnover
Intention”, The Journal of International Management Studies, vol 3,
no 148 2, August 2008
[4] S. Saad, N. Salim, H. Zainal and S. A. M. Noah, “A Framework for
Islamic Knowledge via Ontology Representation”, Proc. International
Conference on Information Retrieval & Knowledge Management,
(CAMP), IEEE Press, March 2010, pp. .310 – 314,
doi:10.1109/INFRKM.2010.5466897
[5] S. Schreiner, A Survey of IT Governance through COBIT, ITIL, and
ISO 17799, Report, University of Illinois at Urbana-Champaign, Dec.
2008
[6] H. C. Lucas, Information technology: Strategic decision making for
managers. John Wiley & Sons, USA, 2005.
[7] S. D. Haes and W. V. Grembergen, “IT Governance and Its
Mechanisms”, Information Systems Control Journal, vol. 1, 2004
[8] M. Simonsson and P. Johnson, “Assessment of IT Governance - A
Prioritization of COBIT", Proceedings of the Conference on Systems
Engineering Research (CSER), 2006.

© © 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works