Successful organisations understand the benefits that information technology (IT) provides and exploit IT to drive their shareholders’ value and deliver benefits to key stakeholders. These organisations recognise the critical dependence on IT, whether it is conforming to increasing regulatory compliance demands, facilitating the countless business processes across the organisation, or managing risk effectively. An unending and increasing challenge!
In 1996, the Information Systems Audit and Control Association (ISACA), an international professional association that deals with IT Governance, recognised the need to provide guidance to organisations. Along with the IT Governance Institute (ITGI), they developed and published the Control Objectives for Information and related Technology (COBIT) framework.
COBIT is a set of best practices (framework) for IT management, providing managers, auditors, and IT users with a set of measures, indicators, processes and best practices, to assist them in maximising the benefits derived through the use of IT, and developing appropriate IT governance and control across an organisation.
COBIT is very robust. Not only has it been through several iterations but it is based on the consolidated research activities of numerous organisations. COBIT’s control objectives have been exposed to the IT industry and the IT audit profession to allow an opportunity for review, challenge and comment. The feedback received has been incorporated into the evolving COBIT framework.
So who should use COBIT? COBIT is designed to be useful to:
- Management – to balance risk and to control IT investments.
- Process Owners – to discharge their responsibility for controlling the information aspects of the processes.
- Users – to obtain assurance about the IT services received.
- Auditors – to plan, audit and report on the systems of internal control established over IT processes.
Benefits from using COBIT
COBIT’s framework will guide management in deciding on the acceptance level of risk, appropriate control practices and the direction to follow when it is necessary to improve the level of control. In a nutshell, COBIT addresses management concerns about better control, minimising risk, performance measurement and comparisons against benchmarks.
COBIT is an excellent framework to adopt if your organisation aims to achieve robust and successful IT governance.