COBIT and the IT Governance Institute
A more IT-oriented internal control assessment and guidance framework, called COBIT (Control Objectives for Information and related Technology), has actually been in place long before SOx, with COBIT first released in 1996. The COBIT framework was initially developed for the internal and external auditors who reviewed computer systems and technology controls (often called IT auditors), but COBIT also has become a preferred tool in many enterprises for complying with SOxSection 404 internal control procedures and related IT governance support. COBIT provides guidance for evaluating and understanding internal controls, with an emphasis on enterprise IT resources.
COBIT today has evolved into a helpful tool for assessing IT governance and evaluating all internal controls across an enterprise. It provides emphasis and guidance on the linkage of IT with other business resources to deliver overall values to an enterprise today. It is an important tool to help the senior enterprise executive establish effective IT governance practices.
AN EXECUTIVE’S INTRODUCTION TO COBIT
COBIT is an IT governance internal control framework that is an important support tool for documenting and understanding COSO internal controls and SOxrequirements, and for recognizing the value of and risks associated with IT assets in an enterprise. The COBIT standards and framework are issued and regularly updated by the IT Governance Institute (ITGI),1 and the closely affiliated professional organization, the Information Systems Audit and Control Association (ISACA).
ISACA is more focused on IT auditing, while ITGI’s emphasis is on research and governance processes. ISACA also manages the Certified IT Auditor (CISA) examination and professional designation as well as other certifications such as the Certified Information Systems Manager (CISM) and the Certified in the Governance of Enterprise IT (CGEIT) designation certificationand examination.
The Certified Information Security Manager (CISM) certification targets IT security managers and promotes the advancement of professionals who wish to be recognized for their IT governance– related experience and knowledge. COBIT now in its 2011 evolved in version 5.0 edition. This new edition of the framework was not officially released at the time of our publication, but our comments are based on the final draft releases of this version and the assumption that it will soon become official. With virtually all enterprise processes today tied to IT-related facilities, an understanding of the overall area of IT governance is critical.
The COBIT framework consists of what are called five principles, broad and interconnected areas of governance and internal controls, as illustrated in Exhibit 5.1. COBIT’s principles are five major areas of emphasis arranged around the important core concept of IT governance:
• COBIT Principle 1 : An Integrated of IT Framework
• COBIT Principle 2 : Stakeholder Value Drivers
• COBIT Principle 3 : Resources Focus on A Business Context
• COBIT Principle 4 : Risk Management
• COBIT Principle 5 : Performance Measurement
COBIT IT Governance Principles
THE COBIT FRAMEWORK AND ITS DRIVERS
An enterprise executive might ask, “I think I understand some of the key SOxrules and my enterprise uses COSO internal controls; why should I be concerned about this thing called COBIT, yet another framework?”
Our answer here is that COBIT provides an alternative and sometimes preferable approach to both define and describe processes that have more of an IT governance emphasis than the pure COSO internal control framework.
Information and supporting IT processes often are the most valuable assets for virtually all enterprises today, and management has a major responsibility to safeguard its supporting IT assets, including automated systems. An enterprise executive today needs to understand these information-related processes and the controls that support them. This combination is concerned about the effectiveness and efficiency of their IT resources, processes, and overall business requirements.
The COBIT framework recognizes that information should be considered a key resource for all enterprises, and throughout the whole life cycle of information there is a huge dependency on technology. IT and its related technologies are pervasive in enterprises and they need to be governed and managed in a holistic manner, taking in the full end-to-end business and IT functional areas of responsibility.
Through the effective implementation of COBIT framework guidance, an enterprise should achieve increased:
• Value creation through enterprise IT.
• Business user satisfaction with IT engagement and services.
• Compliance with relevant laws, regulations, and policies.
COBIT PRINCIPLE 1: ESTABLISH AN INTEGRATED IT ARCHITECTURE FRAMEWORK
A more IT-oriented internal control assessment and guidance framework, called COBIT (Control Objectives for Information and related Technology), has actually been in place long before SOx, with COBIT first released in 1996. The COBIT framework was initially developed for the internal and external auditors who reviewed computer systems and technology controls (often called IT auditors), but COBIT also has become a preferred tool in many enterprises for complying with SOxSection 404 internal control procedures and related IT governance support. COBIT provides guidance for evaluating and understanding internal controls, with an emphasis on enterprise IT resources.
COBIT today has evolved into a helpful tool for assessing IT governance and evaluating all internal controls across an enterprise. It provides emphasis and guidance on the linkage of IT with other business resources to deliver overall values to an enterprise today. It is an important tool to help the senior enterprise executive establish effective IT governance practices.
AN EXECUTIVE’S INTRODUCTION TO COBIT
COBIT is an IT governance internal control framework that is an important support tool for documenting and understanding COSO internal controls and SOxrequirements, and for recognizing the value of and risks associated with IT assets in an enterprise. The COBIT standards and framework are issued and regularly updated by the IT Governance Institute (ITGI),1 and the closely affiliated professional organization, the Information Systems Audit and Control Association (ISACA).
ISACA is more focused on IT auditing, while ITGI’s emphasis is on research and governance processes. ISACA also manages the Certified IT Auditor (CISA) examination and professional designation as well as other certifications such as the Certified Information Systems Manager (CISM) and the Certified in the Governance of Enterprise IT (CGEIT) designation certificationand examination.
The Certified Information Security Manager (CISM) certification targets IT security managers and promotes the advancement of professionals who wish to be recognized for their IT governance– related experience and knowledge. COBIT now in its 2011 evolved in version 5.0 edition. This new edition of the framework was not officially released at the time of our publication, but our comments are based on the final draft releases of this version and the assumption that it will soon become official. With virtually all enterprise processes today tied to IT-related facilities, an understanding of the overall area of IT governance is critical.
The COBIT framework consists of what are called five principles, broad and interconnected areas of governance and internal controls, as illustrated in Exhibit 5.1. COBIT’s principles are five major areas of emphasis arranged around the important core concept of IT governance:
• COBIT Principle 1 : An Integrated of IT Framework
• COBIT Principle 2 : Stakeholder Value Drivers
• COBIT Principle 3 : Resources Focus on A Business Context
• COBIT Principle 4 : Risk Management
• COBIT Principle 5 : Performance Measurement
COBIT IT Governance Principles
These five COBIT principles or areas of emphasis define the COBIT framework’s elements and provide a definition for the key elements of IT governance. The COBIT framework is an effective tool for documenting IT and all other internal controls. The COBIT framework is an effective mechanism for documenting and understanding internal controls and managing IT governance processes at all levels. Although COBIT first started primarily as a set of “IT audit” guidance materials, it is a much more powerful tool today.
THE COBIT FRAMEWORK AND ITS DRIVERS
An enterprise executive might ask, “I think I understand some of the key SOxrules and my enterprise uses COSO internal controls; why should I be concerned about this thing called COBIT, yet another framework?”
Our answer here is that COBIT provides an alternative and sometimes preferable approach to both define and describe processes that have more of an IT governance emphasis than the pure COSO internal control framework.
Information and supporting IT processes often are the most valuable assets for virtually all enterprises today, and management has a major responsibility to safeguard its supporting IT assets, including automated systems. An enterprise executive today needs to understand these information-related processes and the controls that support them. This combination is concerned about the effectiveness and efficiency of their IT resources, processes, and overall business requirements.
The COBIT framework recognizes that information should be considered a key resource for all enterprises, and throughout the whole life cycle of information there is a huge dependency on technology. IT and its related technologies are pervasive in enterprises and they need to be governed and managed in a holistic manner, taking in the full end-to-end business and IT functional areas of responsibility.
Through the effective implementation of COBIT framework guidance, an enterprise should achieve increased:
• Value creation through enterprise IT.
• Business user satisfaction with IT engagement and services.
• Compliance with relevant laws, regulations, and policies.
COBIT PRINCIPLE 1: ESTABLISH AN INTEGRATED IT ARCHITECTURE FRAMEWORK
Architecture describes how we build or the style of our office headquarters, but today it also often refers to an enterprise’s IT architecture technology selections. For example, when IT functions moved away from the centralized legacy mainframe computer systems, now many years ago, to networks of smaller server systems, an enterprise IT function would state that it had adopted or implemented “client–server architecture.”
Systems architecture is a term IT functions use to refer to the major hardware or software configurations of their IT resources. COBIT has its own architecture; however, a copy of the current published COBIT 5.0 architecture may scare off non-IT specialists because of the diagram’s complexity in its current draft form. Exhibit 5.2 is a simplified diagram of COBIT’s version 5.0 architecture components.
Consultants Factory has developed the Service Management in Digital Context, 4 Courses series combining 2 Global Certification and 2 Workshop session. This course will provide the indepth knowledge on Service Management role in Digital Era, VeriSM, SIAM and also how will user will implement these practices in real environment.
ReplyDeleteservice management training
https://sreemon4.wixsite.com/mysite/blog/cobit-training-online-cobit-certification-1
ReplyDelete