How Does COBIT Support Your Business
COBIT is ISACA’s framework designed to develop, implement, monitor and improve information technology (IT) governance and management practices.
The COBIT framework provides a common language understood by business executives for communication about goals, objectives and results. COBIT version 1, published in 1996 focuses on auditing while COBIT 5, the latest version, emphasises the value of Information Governance and Risk Management. (Rouse, 2015)
In this article, we discuss the question, “How Does COBIT Support support your business” and what COBIT actually represents.
COBIT links business goals to IT infrastructure by providing maturity models and associated metrics to measure the achievements and identify business responsibilities for each IT process. COBIT is designed as a supportive tool for managers to bridge the gap between technical issues, control requirements, and business risk.
The aim of COBIT 5 is to provide an end-to-end view of governance for the enterprise IT with the emphasis on the central role of IT in creating value for the business. COBIT 5 is recognised by various international standards including ITIL, CMMI, COSO, ISO 27000 and PRINCE2. (Simplilearn, 2016)
Principles of COBIT
The foundation of COBIT 5 is a set of principles that an organisation can build and test security policies, guidelines, standards, processes, and controls. (Olzak, 2013)
Meeting Stakeholder Needs
Stakeholders include all individuals or groups affected by the existing state of a process, system or policy. A stakeholder analysis needs to be completed to determine the stakeholders affected. The analysis is an important step to ensure the success of project planning and risk management initiatives. Failure to involve all interested parties will result in a less than optimum outcome at best. Worst-case outcomes can be a failed project or material audit deficiency.
Covering the Enterprise End-to-End
In business, information security is often applied as a series of point solutions. COBIT recommends that regular security reviews are completed as part of the business process, IT development, and implementation activities. Also, all levels of management must include InfoSec in all business strategic and operational planning activity.
Applying a Single Integrated Framework
Application of security controls is sometimes a point-and-shoot process that fails to address all issues. Implementing policies and controls that address all vulnerabilities is a better approach. It is better to design a framework that includes aspects of information storage, flow, and processing that provides a foundation for an efficient and controlled implementation.
Enabling a Holistic Approach
Security must be seen as a set of related components and not as individual silos to gain a comprehensive overview of information. This approach ensures all elements of security receive attention from all parties concerned.
Separating Governance from Management
According to COBIT 5 for Information Security, the purpose of this principle is to establish a line between setting objectives and measuring outcomes. Governance ensures that the enterprise objectives are achieved by evaluating stakeholder needs, conditions, and options; setting direction through prioritisation and decision-making, monitoring compliance, performance, and progress against agreed-on direction and objectives. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
Benefits of COBIT
COBIT 5 provides an enterprise-wide framework that assists in achieving governance and management of organisational objectives. COBIT 5 introduces organisations to a set of globally accepted principles and practices that help increase the trust in, and value from, the IT department. The COBIT principles provide IT and business with a robust framework that assists in delivering organisational objectives and strategy.
There are numerous benefits to using COBIT 5 when establishing an IT management and governance framework in the organisation. These advantages can be listed as follows:
– Efficient use of technology to achieve operational excellence
– Reduction in complexity and increased cost effectiveness and ease of integration of information security standards.
– Improved customer satisfaction with information security arrangements
– Maintenance of quality information that supports business decisions
– Innovative use of IT to achieve strategic business goals
– Enhanced support for innovation and competitiveness
– Maintain IT risk at levels acceptable to business
– Better understanding of information security
– Optimise cost of IT technology and services
– Improvement of management expenses related to the information security function
– Introduce laws, contractual agreements and regulations to support compliance
COBIT 5 brings together the five principles allowing the business to build an effective management and governance framework based on a holistic set of seven enablers that optimise information and technology investment and use for the benefit of stakeholders.
Olzak, T 2013. Available: TechRepublic COBIT 5 for information security: The underlying principles
Rouse, M 2015. Available: COBIT
Simplilearn 2016. Available: What is COBIT? – Significance and Framework