Go To Home Page
Contact Us Locations Request for help
Process models, CobiT and CMM Research, viewpoints and other Guidance Who we are, our locations, and more Print This PageE-Mail This Page
ADVERTISERS:  INFO SEC AFRICA   BOONEN & ASSOCIATES  WILDHABER CONSULTING 
Executive summary
What is IT Governance?
What is Process Governance?
Getting started
Defining a Governance framework
Building capability
Implementing controls
Measuring outcomes
Case studies








Getting Started

You want to be the best.

CobiT is a flexible guideline that is readily adaptable to many situations. It therefore has many different applications. The implementation of CobiT can be kept simple by reducing the initial choices in scope that are possible. The current perception that business management and executives have about IT is often the departure point.

CobiT can be used by IT management to address these perceptions in three ways:
  • Ensure that the minimum process controls for core IT processes are in place.
  • Build capability in delivering IT services reliably, efficiently, etc.
  • Match IT activities to the outcomes that will satisfy the expectations of business and executive management.

The approach to be followed when implementing CobiT could be enterprise-wide, process, business unit or “problem” specific. Frequently companies choose to start by using the CobiT framework and language to develop policies for enterprise-wide implementation. An initial set of high-level policies is developed and used to set direction. Over time, this initial set of policies is expanded to cover all areas of significance within IT.

The 34 high-level control objectives are used to draft policies for all 34 processes, or a subset of key processes. Business unit leaders are asked to endorse these policies and take steps necessary to comply with the requirements. Periodic reviews would be undertaken to establish the extent of compliance with these policies. An initial review is undertaken to record the starting position in relation to the target position – a gap analysis. These reviews are then repeated to determine how quickly the gap is narrowing. As the gap narrows greater compliance with enterprise policies will be attained.

With policies in place to provide direction, the next step would be to examine the controls that map to these policies. The choice of controls will differ according to the level of maturity desired for a particular process. At higher levels of maturity greater levels of sophistication is expected. Controls are process specific and are in response to the threats to the business in these process areas.

Control implementation is aimed at providing a minimum baseline of process control following best practice, and then countering specific risks to the process outputs that are prevalent in an area of business activity. CobiT contains information about the minimum set of controls that are generally accepted as best practice.

Increased levels of process capability indirectly address controls to counter process risks. As process maturity increases, inherent risks decrease. Similarly, higher levels of maturity may have a positive impact on the outcomes delivered to the business.

To be certain that IT is producing the right results for business, key goals and key IT process performance indicators are established, monitored and managed.

 

 

 

 

In need of guidance?
Contact us for assistance.
Want to request training? Go here.



Copyright 2004 by The IT Governance Network (Pty) Ltd. All rights reserved.
The IT Governance Network operates around the world via separate and independent legal entities. 		Print This Page  | E-Mail This Page
HOME |  Site Map |  Back To Top