Subscribe

SA government adopts COBIT Framework


Johannesburg, 27 Feb 2013

The Department of Public Service and Administration recently released a circular that now compels all government departments and entities to adopt an ICT governance framework. In this context, a Corporate Governance of ICT (CGICT) Policy Framework has been issued by the department, which maps out how governance of ICT within government entities are to be applied, structured and implemented.

The development of the CGICT policy framework was primarily as a result of the assessments conducted by the Auditor General over the last couple of years. In 2010/11, the Auditor General concluded that only 21% of departments had implemented adequate governance controls, and that 79% of institutions did not have an ICT governance policy framework.

The CGICT policy framework depicts the COBIT Governance Framework as the core reference for the governance of ICT. COBIT is the internationally recognised business framework for the governance and management of enterprise IT, and is published by ISACA.

"This is a significant step by the South African government to ensure that ICT should be governed and managed at a political leadership and executive management level," said Winston Hayden, President of ISACA South Africa. "We are very pleased to see that COBIT is going to be used for the governance of IT within the public service. Not only will this assist government entities to respond to the various inherent IT risks, but it will also ensure value is derived from its IT investments and resources."

The overall policy framework is based on principles found in the King III Code, ISO/IEC38500 and COBIT5. It also goes as far as stipulating certain governance practices for a government entity's Executive Authority, the Head of Department, the Risk and Audit Committee, and the Executive Management. The policy framework also outlines the implementation approach to be used, and sets out the high-level activities in a three-phased approach.

Furthermore, an Assessment Standard and an Implementation Guide has also been released, which provides a more detailed plan to establish the necessary structures and processes. As a very minimum, the following COBIT processes need to be implemented:

* EDM01: Governance framework setting and maintenance
* APO01: Manage the ICT management framework
* APO02: Manage strategy
* APO03: Manage enterprise architecture
* APO05: Manage portfolio
* APO10: Manage suppliers
* APO12: Manage risk
* APO13: Manage security
* BAI01: Manage programmes and projects
* DSS01: Manage operations
* DSS04: Manage continuity
* MEA01: Monitor, evaluate and assess performance and conformance

Copies of the Policy Framework, the Assessment Standard, the Implementation Guide and the Directive to all heads of government departments are published on the DPSA Web site. (http://www.dpsa.gov.za/dpsa2g/psictm_documents.asp)

Share

ISACA

With over 100 000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the non-profit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations. ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the areas of assurance, security, and risk and control, and deliver value to the business.

Contact ISACA South Africa:
E-mail: admin@isaca.org.za
www.isaca.org.za
Phone: (+27) 11 582 9622
Facsimile: 086 684 2979

Editorial contacts

Winston Hayden
ISACA
president@isaca.org.za