IT GOVERNANCE: COBIT REVIEW AND IMPLICATIONS
Dr. Tanvir Orakzai
July 13, 2007
As the technology continues to grow; Business are making huge IT investments in order to achieve improving sales and achieving efficiency and providing better customer service and solutions. IT being critical companioned of any company is meant to bring tangible benefits for the companies; however if it is left without guidance; the business and IT projects can grow in reverse. The IT Governance is an attempt to establish reporting, monitoring and evaluation process to guide business and protect investment in the 21ist century economy.
One of the most popular IT Governance models is “Control Objectives for Information and Related Technology” (COBIT) that came into being due to the collaboration between Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) to provide a standardized IT policy for modern organizations. COBIT assists managers, auditors, and IT users to provide information technology control objectives in their organization.
COBIT has been published four times. The 4th version, released in 2005, provides advantages in cross-references of data flows through COBIT processes and RACI diagram program for every activity process. COBIT 4.0 significant changes are its Maturity Model support, description in Simplification of Goals; and its ability to cascade the processes and bi-directional of Business, IT Goals and IT Processes.
The COBIT framework explains; how IT process can help business through 34 levels objectives of delivery and control; and how to achieve business objectives through control framework. It defines seven criteria of information; effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability. The framework analyzes which criteria, as well as IT resources that would match the business’ demand.
It is hard to keep business profitability in a consistent stable conditions forever because of rapidly changing technology; as technological change the dynamics of business as well. In order to counter these rapid changes; the Control Objectives helps users to deal with this problem by adopting the right policy and practices of IT controls. The Audit Guideline explains; what procedure to be performed to correspond to the every level of control objectives avoiding possible risks.
The Implementation Tool Set of COBIT is provides Management Awareness, IT Control Diagnostics, and Implementation Guide, FAQ’s, case studies, and slide presentation. These facilities are meant to help COBIT’s implementation and explaining; how it works. The Management Guidelines helps in resolving expectation level of control at each stage as it compares them with the industry norms.
The COBIT Planning and Organization domain helps figuring the best of information and technology use that can help business to achieve its goals and objectives. The Acquire and Implement domain identifies the requirements needs and implementations of information technology within the company’s business process. It also assists users in selecting which maintenance plan should be adopted for the IT systems and components. The Delivery and Support domain specializes in IT delivery aspects to support the process of application executions.
In order to keep the IT system updated, the Monitoring and Evaluation covers the company’s strategy to analyze whether the system meets the company’s objectives or require improvement. The Monitoring system makes ensures that the IT system is effective in controlling the company’s processes reviewed and audited by internal and external auditors. COBIT has been internationally accepted framework for IT Governance and Control. ISO/IEC 17799:2005 represents COBIT’s international standard and it defines the best practice for implementing security management in modern organizations; which if pursued can bring stability and continuity in businesses.
One of the most popular IT Governance models is “Control Objectives for Information and Related Technology” (COBIT) that came into being due to the collaboration between Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) to provide a standardized IT policy for modern organizations. COBIT assists managers, auditors, and IT users to provide information technology control objectives in their organization.
COBIT has been published four times. The 4th version, released in 2005, provides advantages in cross-references of data flows through COBIT processes and RACI diagram program for every activity process. COBIT 4.0 significant changes are its Maturity Model support, description in Simplification of Goals; and its ability to cascade the processes and bi-directional of Business, IT Goals and IT Processes.
The COBIT framework explains; how IT process can help business through 34 levels objectives of delivery and control; and how to achieve business objectives through control framework. It defines seven criteria of information; effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability. The framework analyzes which criteria, as well as IT resources that would match the business’ demand.
It is hard to keep business profitability in a consistent stable conditions forever because of rapidly changing technology; as technological change the dynamics of business as well. In order to counter these rapid changes; the Control Objectives helps users to deal with this problem by adopting the right policy and practices of IT controls. The Audit Guideline explains; what procedure to be performed to correspond to the every level of control objectives avoiding possible risks.
The Implementation Tool Set of COBIT is provides Management Awareness, IT Control Diagnostics, and Implementation Guide, FAQ’s, case studies, and slide presentation. These facilities are meant to help COBIT’s implementation and explaining; how it works. The Management Guidelines helps in resolving expectation level of control at each stage as it compares them with the industry norms.
The COBIT Planning and Organization domain helps figuring the best of information and technology use that can help business to achieve its goals and objectives. The Acquire and Implement domain identifies the requirements needs and implementations of information technology within the company’s business process. It also assists users in selecting which maintenance plan should be adopted for the IT systems and components. The Delivery and Support domain specializes in IT delivery aspects to support the process of application executions.
In order to keep the IT system updated, the Monitoring and Evaluation covers the company’s strategy to analyze whether the system meets the company’s objectives or require improvement. The Monitoring system makes ensures that the IT system is effective in controlling the company’s processes reviewed and audited by internal and external auditors. COBIT has been internationally accepted framework for IT Governance and Control. ISO/IEC 17799:2005 represents COBIT’s international standard and it defines the best practice for implementing security management in modern organizations; which if pursued can bring stability and continuity in businesses.
Print
Email
