Few companies are currently able to express the value that their IT functions deliver to the business. Operational metrics are not enough. Collecting and summarising easy to measure data about the day-to-day activities does little to convince business management that their investments in IT have been worthwhile and real value is being created.
In a survey conducted late last year, Meta Group analyst Louie Boyle found that fewer than 5% of large firms have implemented "integrated" IT governance.
The IT process model "CobiT" (Control Objectives for Information and related Technology) provides three measurement frameworks that help companies take stock of their capabilities. The first area to receive attention is the basic control of IT processes. The CobiT Control Framework identifies a minimum set of best practice for managing IT specific risks.
Based on extensive research around the world, a baseline of control has been identified. This baseline of control activities will complement the implementation of ITIL or ISO 17799. Over time it is expected that many of these controls will be standardised and automated as organisational maturity grows.
The second framework is the IT process maturity model. CobiT divides IT into 34 processes and provides a maturity model for each process. This enables companies to benchmark the maturity of the core IT processes. Frequently IT management are surprised to discover that their operations are not nearly as mature as they first expected. All too frequently there is significant dependence on individuals - a clear indicator of very low organisational maturity.
The CobiT governance framework seeks to align IT activities with business objectives. It ensures that IT is viewed from various perspectives. In addition to the quality of internal processes, actual investment in sustaining the IT operations, customer satisfaction and business contribution are also taken into account. Although it is often the practice that this is only done at a high level, for good integrated governance these four perspectives must be measured at each of the organisational levels within the IT function. Relationships between organisation levels are explored to discover the cause and effect relationships that might exist.
CobiT is a freely available methodology downloadable from the Internet. It can be customised so that it is applicable to both small and large enterprises.
For more information about CobiT, visit www.infosecafrica.co.za.
Share
Editorial contacts