February 27, 2009

COBIT for Dummies – A quick introduction

Posted in COBIT tagged at 6:10 pm by Molly

COBIT stands for “Control OBjectives for Information and related Technology”.

COBIT is just one of the frameworks from ISACA (Information Systems Audit and Control Association), an international professional association, affiliated member of (IFAC) International Federation of Accountants and (ITGI) IT Governance Institute. ISACA has more than 86,000 members in 160 countries and is a recognized worldwide leader in IT governance, control, security and assurance which was founded back in 1969.

COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework. [from ISACA website]

COBIT uses a maturity model as a means of assessing the maturity of the processes described in the domains (see below for a full description of Domains). The model encompasses the following levels:

1) non-existent
2) initial / ad hoc
3) repeatable but intuitive
4) defined process
5) managed and measurable
6) optimised

COBIT is made up of a number of ‘domains’, ‘processes’ & ‘activities’. Here they are:

DOMAIN

1) Plan & Organise (PO)

PROCESSES

PO1 Define a Strategic IT Plan and direction
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO4 Define the IT Processes, Organization and Relationships
PO5 Manage the IT Investment (ITIL related: Financial Management for IT Services)
PO6 Communicate Management Aims and Direction
PO7 Manage IT Human Resources
PO8 Manage Quality
PO9 Assess and Manage IT Risks
PO10 Manage Projects

DOMAIN

2) Acquire & Implement (AI)

PROCESSES

AI1 Identify Automated Solutions
AI2 Acquire and Maintain Application Software
AI3 Acquire and Maintain Technology Infrastructure
AI4 Enable Operation and Use
AI5 Procure IT Resources
AI6 Manage Changes (ITIL related: Change Management)
AI7 Install and Accredit Solutions and Changes (ITIL related: Release Management)

DOMAIN

3) Deliver & Support (DS)

PROCESSES

DS1 Define and Manage Service Levels (ITIL related: Service Level Management)
DS2 Manage Third-party Services
DS3 Manage Performance and Capacity (ITIL related: Capacity Management)
DS4 Ensure Continuous Service (ITIL related: IT Service Continuity Management)
DS5 Ensure Systems Security (ITIL related: Security Management)
DS6 Identify and Allocate Costs (ITIL related: Financial Management for IT Services)
DS7 Educate and Train Users
DS8 Manage Service Desk and Incidents (ITIL related: Incident Management)
DS9 Manage the Configuration (ITIL related: Configuration Management)
DS10 Manage Problems (ITIL related: Problem Management)
DS11 Manage Data (ITIL related: Availability Management)
DS12 Manage the Physical Environment
DS13 Manage Operations

DOMAIN

4) Monitor & Evaluate (ME)

PROCESSES

ME1 Monitor and Evaluate IT Processes
ME2 Monitor and Evaluate Internal Control
ME3 Ensure Regulatory Compliance
ME4 Provide IT Governance

COBIT identifies four classes of IT resources:

1) people
2) applications
3) information
4) infrastructure

SUMMARY

COBIT is intended for management, business users of IT and auditors:-

* managers = to balance risk and control investment, since these are the people who control and direct;
* users = who require assurances on security and control of IT services;
* auditors = structure and substantiate opinions as well as provide advice to managers to improve controls;

Although ITIL is the dominant framework with regards to ITSM (IT Service Management), COBIT assists to further improve ITSM;

Primary reason for COBIT benefiting management is to help balance risk and control investment decisions;

COBIT’s main aim is to address the business objectives;

Control of the IT process is intended to satisfy those business requirements, you can’t have one without the other existing, but the processes are the result of those requirements, because you need to have a certain knowledge level first;

Advertisements

1 Comment »

  1. Nice summary of COBIT. I am a strong supporter of adopting the principles embedded in the framework. It provides an end-to-end view of IT that we don’t see in the other industry-accepted frameworks, methodologies and standards. At the same time, however, it doesn’t attempt to duplicate the other frameworks; it is meant to be used in concert with them. The other frameworks, methodologies and standards often provide the “drill-down” details as to HOW to implement what COBIT suggests should be in place. I view COBIT as the umbrella framework through which we can show the integration of the end-to-end IT work in the enterprise.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: