PO4 Define the IT Processes, Organisation and Relationships

by Bill Oxley

CobiT definition:

An IT organisation is defined by considering requirements for staff, skills, functions, accountability, authority, roles and responsibilities, and supervision. This organisation is embedded into an IT process framework that ensures transparency and control as well as the involvement of senior executives and business management. A strategy committee ensures board oversight of IT, and one or more steering committees in which business and IT participate determine the prioritisation of IT resources in line with business needs. Processes, administrative policies and procedures are in place for all functions, with specific attention to control, quality assurance, risk management, information security, data and systems ownership, and segregation of duties. To ensure timely support of business requirements, IT is to be involved in relevant decision processes.

Control over the IT process of
Define the IT processes, organisation and relationships

that satisfies the business requirement for IT of
being agile in responding to the business strategy whilst complying with governance requirements and
providing defined and competent points of contact

by focusing on
establishing transparent, flexible and responsive IT organisational structures and defining
and implementing IT processes with owners, roles and responsibilities integrated into
business and decision processes

is achieved by

  • Defining an IT process framework
  • Establishing appropriate organisational bodies and structure
  • Defining roles and responsibilities

and is measured by

  • Percent of roles with documented position and authority descriptions
  • Number of business units/processes not supported by the IT organisation that should be supported, according to the strategy
  • Number of core IT activities outside of the IT organisation that are not approved or are not subject to IT organisational standards

Control objectives:

PO4 Define the IT Processes, Organisation and Relationships

PO4.1 IT Process Framework
PO4.2 IT Strategy Committee
PO4.3 IT Steering Committee
PO4.4 Organisational Placement of the IT Function
PO4.5 IT Organisational Structure
PO4.6 Establishment of Roles and Responsibilities
PO4.7 Responsibility for IT Quality Assurance
PO4.8 Responsibility for Risk, Security and Compliance
PO4.9 Data and System Ownership
PO4.10 Supervision
PO4.11 Segregation of Duties
PO4.12 IT Staffing
PO4.13 Key IT Personnel
PO4.14 Contracted Staff Policies and Procedures
PO4.15 Relationships

Check out the links for details on the control objectives.

Leave a Comment

Previous post:

Next post: