CA Community






This Blog
Syndication

A COBIT Resurgence

Published: December 29 2008, 06:30 AM
by Christopher Daugherty


COBIT® is a tried and true IT framework. It is very useful for IT practitioners as well as individuals who work with IT on controls and compliance. COBIT has existed since 1996, but has recently undergone a resurgence, the major catalyst being the Sarbanes-Oxley Act (SOX). SOX caused companies to leverage recognized frameworks such as COSO for the business controls and COBIT for IT controls. The following is a timeline for COBIT:



  • COBIT - first published in 1996



  • Version 3.0 - released in 2000



  • Version 4.0 "" November 2005



  • Version 4.1 "" May 2007



  • Control Practices 4.1 - May 2007



  • IT Assurance Guide - May 2007






I am fortunate to interact with many companies in different areas such as IT, finance, internal audit, and other groups focused on compliance and risk management. I am constantly asked what the value of COBIT is. I believe there are many uses of COBIT and ways to leverage it, depending on the individual, their job function, and ultimate objectives. As a general principle, I encourage organizations to leverage COBIT, ITIL, ISO, and other frameworks in the following manner:



  • Recognized set of standards and principles for IT control practices



  • Benchmark for common IT procedures and processes




  • General guidance on what and how IT can function



  • Helps to "˜translate' control objectives into management actions



  • Guidance on IT value propositions and risk drivers






Users of COBIT and other frameworks must understand these principles are not intended as a one size fits all guide to IT. COBIT is independent of industry, size, complexity, and technology. COBIT contains a plethora of information on how to establish, maintain, and improve IT practices to better support the business. It is a recognized "framework" for groups to adopt and leverage to enhance overall IT services and the controls/metrics for supporting those services.

Like others, I support the adoption of frameworks such as COBIT with some degree of caution. Professionals must understand how to apply these strategies to their own environment. I always stress that users must understand the business context of IT with a focus on risk. Lastly, the value of these kinds of frameworks is best determined by each individual organization. We recommend signing up as a user at www.isaca.org to obtain the COBIT documents and evaluate when, where, and how to apply the framework to your organization.

More information on COBIT is available on the ISACA web site and on this resource page.

Do you have experience with COBIT? What have you found to be its greatest benefits? Are you seeing more companies leveraging frameworks like COBIT throughout the enterprise? Do you think there's been a resurgence?
Share this post:  
Tags: , , , , ,
Leave a comment

 

By: Christopher Daugherty
Christopher Daugherty has over 14 years of consulting experience focused on technical assessments, ERP implementations, IT infrastructure management, IT governance, and information security. Today he is a Sr. Architect with CA, where he works with Fortune 500 companies to develop solutions involving...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit