PO4.1 IT Process Framework

by Bill Oxley

CobiT definition:

Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It should provide integration amongst the processes that are specific to IT, enterprise portfolio management, business processes and business change processes. The IT process framework should be integrated into a quality management system (QMS) and the internal control framework.

Bill says,

First of all, for those of you subscribed and reading in a reader, I apologize for the rash of posts yesterday – I decided it would be easier for me to keep these updates coming if I fleshed out the entire CobiT framework first so that now all I need to focus on is the content and updating the links in the tables of contents. So I think that meant I posted 25 or so posts yesterday. Certainly not the norm!

Speaking of frameworks, this control objective talks about establishing an IT Process Framework. Now I don’t take this to mean overall IT governance, that is something not addressed until we get to the Monitor and Evaluate domain. But I do feel as though this is related. The very first thing that we did in CobiT is to define our Strategic IT Plan and this control objective is all about establishing the rules for how you will ensure adherence to that strategic plan. A plan is useless unless followed!

In the definition it refers to an internal control framework and to be honest that is something I struggle with because rather than that being something different I see the process framework as basically the same thing. But remember, I am coming from a small organization so I do tend to see things differently as I prefer to lump many of these control objectives together where it makes sense.

Here is the bottom line for me – what you need is some sort of plan for how you will keep your people and your processes aligned to your strategic plan. There needs to be some gating mechanisms and some methods for reporting and analyzing results. The key is that this is something that just needs to be included in everyone’s daily work, not some thing you whip out when reviewing your strategic plan with the Board.

The first step in Defining the IT Processes, Organization and Relationships is to define a solid IT Process Framework.

{ 2 comments… read them below or add one }

1 Kien Goh January 5, 2012 at 11:50 am

First of all, I want to say thank you Bill for this blog. I’m currently assisting a client on an IT governance engagement and the sharing of interpretations of the various COBIT components would be most helpful.

Re: PO4.1, I tend to view the “IT process framework” as a set of IT processes (i.e., process flows and documentation) to support the IT strategy, as opposed to an IC framework. The IT process framework established is then supported by the governance (steering committee, work groups) and organization structures with well-defined roles and responsibilities set out in job descriptions and/or other HR documentation.

Please let me know how you see this.

2 Jenise Rucker April 2, 2012 at 1:19 pm

Consensus on definition of IT Governance and the alignment of IT Strategy with overall organizational strategy is paramount to success.  Upfront education has proven invaluable to clients.  Thank you for your contributions.

Leave a Comment

Previous post:

Next post: