Control Objectives for Information and Related Technology

COBIT (Control Objectives for Information and Related Technology) defines a set of generic processes for the management of IT. The framework defines each process together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model.

The COBIT components include:

• Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements.
• Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.
• Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
• Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
• Maturity models: Assess maturity and capability per process and helps to address gaps.

As a framework designed to help business professionals discuss IT-related goals and results, Control Objectives for Information and Related Technology is often simply referred to as COBIT. This framework has existed since the mid-1990’s, and has been developed and adapted since that time. Thanks to the popularity of COBIT, there are a great number of tools and resources available to help managers get the most benefit from using this framework. There are five basic principles involved in the COBIT framework:

1) Meet Stakeholder Needs

This principle is something that should apply to just about every business decision that is made on a daily basis – but certainly to those decisions that are made with regard to IT. The whole purpose of IT is to enable others within the organizations to do their jobs to the best of their abilities. If a given IT project isn’t meet the needs of the stakeholders, there is very little point to continuing on with the project. Only when stakeholder needs are properly met is a project going to be considered a successful venture in the end. It should be no surprise that this principle is included in the COBIT framework because it is such an important aspect of the IT world.

2) Covering the Enterprise End-to-End

If you have any real-world business experience, you probably already know that the IT department doesn’t always agree with what the other departments in the organization have to say. Finding harmony between IT and everyone else can be challenging, but it must be accomplished if the business it going to reach its full potential. What is done in IT should be done to the benefit of everyone throughout the entire organization, not just a select group of people. Often, this is one of the greatest challenges that decision makers within a business will have to deal with. In order to get the best possible return for the investment that you have made in the IT area, it is crucial that the work they do is framed with the best interests of the whole organization in mind.

3) Applying a Single, Integrated Framework

The advantages of having a single framework in use throughout the organization should be obvious. If nothing else, using a single framework should add simplicity and consistency to everything that the business does. Also, costs are generally better controlled when there is a single framework in play rather than a variety of frameworks serving various needs in different parts of the business.

Flexibility within the project management team is another benefit of this approach. When different parts of the business are governed by several different frameworks, the IT department might not be as flexible in responding to needs and problems. However, when working within only one framework, it should be much easier for any member of the IT team to work on any problem that may come up – no matter where it is throughout the organization. This kind of flexibility is appealing, and can help insulate the department against the loss of key team members. Building a strong IT infrastructure over the long run should be the goal, and using a single IT framework from the start can help make that a reality.

4) Enabling a Holistic Approach

Many organizations fall into the habit of dividing up their IT department into different segments which rarely interact. This can be a mistake when it comes to being able to develop new technologies that have an impact on the business as a whole. Ideally, the whole IT department will be ‘on the same page’ in terms of its priorities and techniques. Just like the marketing department needs to have a consistent plan of action for selling the company’s products or services, so to should the IT department be working together as closely as possible. Allowing the IT department to become fragmented early on in the development of the organization can create tricky problems that will be harder to solve later on.

5) Separating Governance from Management

Too often, especially in small organizations, governance and management become one and the same. That can be a problem when it comes to IT. The COBIT framework calls for the two to be separated, so that the governance of what the IT department will be responsible for is different from the day to day management of that department.

Depending on the structure of your organization, the responsibility for governance of the IT department could come from a Board of Directors, or even straight from the owner of the company. Meanwhile, the management of the IT department will generally be left the department head. In other words, the person responsible for managing the day to day activity of the IT department shouldn’t be the same person who is governing them. Those are two different responsibilities, and should be separated as such.

It is no secret that a strong and productive IT department is one of the greatest advantages that an organization can have in this day and age. Technology has never been more important than it is today, and the IT department that you have working for your business may mean the difference between success and failure in the long run. Ideally, the IT department won’t feel like a separate arm of the organization, and instead will be just another integrated group of employees much like the teams in marketing, accounting, etc.

Thanks to its widespread use, COBIT is a framework that can apply to many different businesses. There are a great number of resources available to back up your use of this framework as well. If you feel like your organization could use a better roadmap to keep the IT department working toward its goals, and working to the benefit of the rest of the company, COBIT is something to strongly consider putting to use. Improvements made in IT can quickly be seen throughout the rest of the business, so COBIT stands to make your organization better as a whole.

Key Points

• Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology management and governance.
• It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
• Cobit components include a framework to organize IT governance objectives and good practices by IT domains and processes, and link them to business requirements.
• Process descriptions provide a reference process model and common language for everyone in an organization.
• Control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
• Management guidelines help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
• Maturity models assess maturity and capability per process and help to address gaps.