COBIT helps enterprises to create optimal value from IT by maintaining a balance among realizing benefits, optimizing risk levels, and resource usage. The framework addresses both businesses and IT functional areas across an enterprise. It considers the IT-related interests of internal and external stakeholders. Enterprises of all sizes, whether commercial, not-for-profit, or in the public sector, can benefit from COBIT.
What is COBIT
COBIT is a best-practice framework created by international professional association ISACA for information technology (IT) management and IT governance. Here is the explanatory video of COBIT 2019 from ISACA.
COBIT provides an implementable “set of controls” over information technology and organizes them around a logical framework of IT-related processes and enablers.
It is positioned at a high level and has been aligned with other, more detailed IT standards and good practices such as ITIL, ISO 27000, TOGAF, and PMBOK. However, COBIT is known to provide a mile-wide and inch-deep approach towards creating interfaces between all these individual frameworks. It creates a blanket organizational framework to manage these domains through a holistic approach.
How to Implement an IT Governance Strategy using COBIT Framework
Before moving on to the IT Governance, the implementation part lets take a look at how CIO Magazine defines IT Governance as:
“Simply put, it’s putting structure around how organizations align IT Strategy (Information Technology Strategy) with business strategy, ensuring that companies stay on track to achieve their strategies and goals, and implementing good ways to measure IT’s performance. It makes sure that all stakeholders’ interests are taken into account and that processes provide measurable results. An IT governance framework should answer some key questions, such as how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it’s making.”
An efficient IT team within an organization is imperative to manage transactions, information, and knowledge necessary to promote financial growth and higher productivity. While many organizations across the globe recognize the value an efficient IT team delivers, a successful Enterprise also works towards optimizing and continually improving it. A few common pain areas for organizations using IT are:
- Aligning IT strategy with the business strategy
- Cascading strategy and goals down into the enterprise
- Providing organizational structures that facilitate the implementation of strategy and goals
- Insisting that an IT control framework be adopted and implemented
- Measuring IT performance
How does COBIT work?
COBIT is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques. It provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT builds and expands on COBIT 4.1 by integrating other major frameworks, standards, and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®), and related standards from the International Organization for Standardization (ISO).
For a successful implementation of COBIT 2019 within an Enterprise, a combination of the listed objectives must be used. A specified set of 40 objectives becomes the heart of COBIT 2019. These objectives are to be fulfilled if the enterprise goals are to be achieved.
These objectives are further bifurcated into governance and management objectives, ensuring that the Boards & executive management undertake the governance processes while management implements management processes, respectively.
Governance and Management Objectives in COBIT 2019
COBIT separates the process design activity by segregating it as follows:
- Governance objectives are grouped in the Evaluate, Direct, and Monitor (EDM) In this domain, the governing body evaluates strategic options, directs senior management on the chosen strategic options and monitors the achievement of the strategy.
- Management Objectives are grouped into four domains:
- Align, Plan and Organize (APO) addresses the overall organization, strategy and supporting activities
- Build, Acquire and Implement (BAI) treats the definition, acquisition, and implementation of solutions and their integration in business processes
- Deliver, Service and Support (DSS) addresses the operational delivery and support of services, including security
- Monitor, Evaluate and Assess (MEA) addresses performance monitoring and conformance with internal performance targets, internal control objectives and external requirements
However, to satisfy governance and management objectives, each enterprise needs to establish, tailor, and sustain a governance system built from several components. These components are factors that, individually and collectively, contribute to the proper operations of the enterprise’s governance system.
Seven COBIT 2019 Components
For the achievement of governance & management objectives, these components shall be used in a manner that governance’s overall objective of value creation is successfully achieved.
- Processes describe an organized set of practices and activities to achieve objectives and must produce a set of outputs to support the achievement of overall I&T-related goals.
- Organizational structures ensure key decision-making entities exist in the enterprise and are aware of their roles, responsibilities, and their expected involvement.
- Principles, policies, and frameworks translate the desired behavior into practical guidance for day-to-day management.
- Information required for the effective functioning of the governance system of the enterprise needs to be produced, protected, and made available as and when required.
- Culture, ethics, and behavior of individuals, and the enterprise need to be maintained continually as no policies, processes, or technology can be effectively implemented without overcoming the cultural constraints.
- People, skills, and competencies are essential for the right decisions, execution of corrective actions, and successful completion of planned activities.
- Services, infrastructure, and applications support effective enterprise governance of I&T.
Business Beam helps in the effective implementation of IT Governance. We have consultants and coaches provide strategic, tactical, and operational guidance to leaders, managers, and teams. We ensure that IT strategy and assets are aligned with organizational strategy and objectives as directed by COBIT 2019.
Ahmed Sohail is a Senior Advisor at Business Beam (Pvt.) Limited who specializes in implementing IT Governance and Information Security. Holder of a bachelor’s degree in Computer Science and certified with ITIL and PRINCE 2, he made the switch from software development after discovering a passion for information and cybersecurity. Since 2018, he has helped numerous banks thrive, including Pakistan’s central and commercial banks. When not training, Ahmed can be found reading books, or on Bug Bounty and Red Teaming tournaments. You can find Ahmed on LinkedIn.