CobiT definition:

Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It should provide integration amongst the processes that are specific to IT, enterprise portfolio management, business processes and business change processes. The IT process framework should be integrated into a quality management system (QMS) and the internal control framework.

Bill says,

First of all, for those of you subscribed and reading in a reader, I apologize for the rash of posts yesterday – I decided it would be easier for me to keep these updates coming if I fleshed out the entire CobiT framework first so that now all I need to focus on is the content and updating the links in the tables of contents. So I think that meant I posted 25 or so posts yesterday. Certainly not the norm!

Speaking of frameworks, this control objective talks about establishing an IT Process Framework. Now I don’t take this to mean overall IT governance, that is something not addressed until we get to the Monitor and Evaluate domain. But I do feel as though this is related. The very first thing that we did in CobiT is to define our Strategic IT Plan and this control objective is all about establishing the rules for how you will ensure adherence to that strategic plan. A plan is useless unless followed!

In the definition it refers to an internal control framework and to be honest that is something I struggle with because rather than that being something different I see the process framework as basically the same thing. But remember, I am coming from a small organization so I do tend to see things differently as I prefer to lump many of these control objectives together where it makes sense.

Here is the bottom line for me – what you need is some sort of plan for how you will keep your people and your processes aligned to your strategic plan. There needs to be some gating mechanisms and some methods for reporting and analyzing results. The key is that this is something that just needs to be included in everyone’s daily work, not some thing you whip out when reviewing your strategic plan with the Board.

The first step in Defining the IT Processes, Organization and Relationships is to define a solid IT Process Framework.

{ 0 comments }

ME4 Provide IT Governance

CobiT definition:
Establishing an effective governance framework includes defining organisational structures, processes, leadership, roles and responsibilities to ensure that enterprise IT investments are aligned and delivered in accordance with enterprise strategies and objectives.
Control over the IT process of
Provide IT governance
that satisfies the business requirement for IT of
integrating IT governance with corporate governance objectives and complying with [...]

Read the full article →

ME3 Ensure Compliance With External Requirements

CobiT definition:
Effective oversight of compliance requires the establishment of a review process to ensure compliance with laws, regulations and contractual requirements. This process includes identifying compliance requirements, optimising and evaluating the response, obtaining assurance that the requirements have been complied with and, finally, integrating IT’s compliance reporting with the rest of the business.
Control over the [...]

Read the full article →

ME2 Monitor and Evaluate Internal Control

CobiT definition:
Establishing an effective internal control programme for IT requires a well-defined monitoring process. This process includes the monitoring and reporting of control exceptions, results of self-assessments and third-party reviews. A key benefit of internal control monitoring is to provide assurance regarding effective and efficient operations and compliance with applicable laws and regulations.
Control over the [...]

Read the full article →

ME1 Monitor and Evaluate IT Performance

CobiT definition:
Effective IT performance management requires a monitoring process. This process includes defining relevant performance indicators, systematic and timely reporting of performance, and prompt acting upon deviations. Monitoring is needed to make sure that the right things are done and are in line with the set directions and policies.
Control over the IT process of
Monitor and [...]

Read the full article →

DS13 Manage Operations

CobiT definition:
Complete and accurate processing of data requires effective management of data processing procedures and diligent maintenance of hardware. This process includes defining operating policies and procedures for effective management of scheduled processing, protecting sensitive output, monitoring infrastructure performance and ensuring preventive maintenance of hardware. Effective operations management helps maintain data integrity and reduces business [...]

Read the full article →

DS12 Manage the Physical Environment

CobiT definition:
Protection for computer equipment and personnel requires well-designed and well-managed physical facilities. The process of managing the physical environment includes defining the physical site requirements, selecting appropriate facilities, and designing effective processes for monitoring environmental factors and managing physical access. Effective management of the physical environment reduces business interruptions from damage to computer equipment [...]

Read the full article →