CobiT definition:
An IT organisation is defined by considering requirements for staff, skills, functions, accountability, authority, roles and responsibilities, and supervision. This organisation is embedded into an IT process framework that ensures transparency and control as well as the involvement of senior executives and business management. A strategy committee ensures board oversight of IT, and one or more steering committees in which business and IT participate determine the prioritisation of IT resources in line with business needs. Processes, administrative policies and procedures are in place for all functions, with specific attention to control, quality assurance, risk management, information security, data and systems ownership, and segregation of duties. To ensure timely support of business requirements, IT is to be involved in relevant decision processes.
Control over the IT process of
Define the IT processes, organisation and relationships
that satisfies the business requirement for IT of
being agile in responding to the business strategy whilst complying with governance requirements and
providing defined and competent points of contact
by focusing on
establishing transparent, flexible and responsive IT organisational structures and defining
and implementing IT processes with owners, roles and responsibilities integrated into
business and decision processes
is achieved by
- Defining an IT process framework
- Establishing appropriate organisational bodies and structure
- Defining roles and responsibilities
and is measured by
- Percent of roles with documented position and authority descriptions
- Number of business units/processes not supported by the IT organisation that should be supported, according to the strategy
- Number of core IT activities outside of the IT organisation that are not approved or are not subject to IT organisational standards
Control objectives:
PO4 Define the IT Processes, Organisation and Relationships
PO4.1 IT Process Framework
PO4.2 IT Strategy Committee
PO4.3 IT Steering Committee
PO4.4 Organisational Placement of the IT Function
PO4.5 IT Organisational Structure
PO4.6 Establishment of Roles and Responsibilities
PO4.7 Responsibility for IT Quality Assurance
PO4.8 Responsibility for Risk, Security and Compliance
PO4.9 Data and System Ownership
PO4.10 Supervision
PO4.11 Segregation of Duties
PO4.12 IT Staffing
PO4.13 Key IT Personnel
PO4.14 Contracted Staff Policies and Procedures
PO4.15 Relationships
Check out the links for details on the control objectives.
Related posts:
- CobiT Domain – Deliver and Support The third domain in CobiT is Deliver and Support (DS). It is made up of 13 processes and 91 control...
- CobiT Domain – Monitor and Evaluate The fourth domain in CobiT is Monitor and Evaluate (ME). It is made up of 4 processes and 25 control...
- CobiT Domain – Acquire and Implement The second domain in CobiT is Acquire and Implement (AI). It is made up of 7 processes and 40 control...
- PO3.5 IT Architecture Board CobiT definition: Establish an IT architecture board to provide architecture guidelines and advice on their application, and to verify compliance....
