The Meta Group has found through a recent survey that "leading CIOs in global 2000 enterprises and government agencies have shifted senior management`s perception of IT from a cost centre focused on increasing organisational efficiency to a value provider focused on winning competitive advantage for the organisation".
These findings reinforce the significance of IT governance and show that value creation and risk management, key IT governance issues, are now at the top of the agenda for many CIOs. According to the Meta Group findings, Control Objectives for Information and related Technologies (CobiT) is one of the tools leading information technology organisations are using to assist with creating value and managing risk.
CobiT is a strategy-based management and performance measurement system from the IT Governance Institute, first released in 1998. The CobiT framework presents IT activities in a manageable and logical structure. It contains good practice across its structure around 34 IT processes. It has five key focus areas, the first being risk management. Closely associated with risk management is control implementation. Together these components of CobiT present management with a sound control framework for managing information technology.
Risk management is focused on seven information criteria, namely availability, effectiveness, efficiency, reliability, confidentiality, integrity and compliance. Discussing information technology issues in the context of these criteria will enhance communications with senior management. The CobiT framework can assist IT management address the business concerns senior management have about IT today and enables better alignment of IT activities with the needs of the business.
IT alignment, the third focus area of CobiT, is based on balanced scorecard techniques to establish the alignment between IT and business objectives. CobiT is also a tool to assist management address the following:
* Optimise expenditure on information technology;
* Create value for the business;
* Deploy human capital in alignment with business needs;
* Ensure operational excellence in core IT processes.
The popularity of CobiT around the world is derived primarily from its ability to create a "communications bridge" between information technology management and senior business management. By maintaining a clear perspective of the business needs, the role and value of information technology can be discussed and ultimately better understood. CobiT is an umbrella process model and therefore complements ITIL, ISO 9000, ISO 17799, etc.
The CobiT framework includes the research efforts of experts from around the world. It contains control and governance frameworks and a model for managing and measuring operational excellence within IT. At its core are 34 IT processes grouped into the four domains of Planning & Organisation, Acquisition & Implementation, Delivery & Support and Monitoring.
With the current emphasis on good governance, CobiT has been selected by many local enterprises as the basis for their IT governance framework. Implementing CobiT will assist management with many of the recommendations of the King II report and address the concerns King II raised about information technology generally.
To learn more about CobiT and how it addresses the concerns of today`s CIO, attend one of the seminars held regularly by Info Sec Africa. The next CobiT seminar is scheduled for the 7 and 8 May at the Sandton Hilton. To obtain more information, visit www.infosecafrica.co.za or contact Peter Hill on 082 55 88 732.
Info Sec Africa is a leading IT governance consultancy with an extensive training programme around CobiT. It has developed COMPASS, an implementation process and monitoring tool for CobiT.
Share
Editorial contacts