CobiT definition:
An IT organisation is defined by considering requirements for staff, skills, functions, accountability, authority, roles and responsibilities, and supervision. This organisation is embedded into an IT process framework that ensures transparency and control as well as the involvement of senior executives and business management. A strategy committee ensures board oversight of IT, and one or more steering committees in which business and IT participate determine the prioritisation of IT resources in line with business needs. Processes, administrative policies and procedures are in place for all functions, with specific attention to control, quality assurance, risk management, information security, data and systems ownership, and segregation of duties. To ensure timely support of business requirements, IT is to be involved in relevant decision processes.
Control over the IT process of
Define the IT processes, organisation and relationships
that satisfies the business requirement for IT of
being agile in responding to the business strategy whilst complying with governance requirements and
providing defined and competent points of contact
by focusing on
establishing transparent, flexible and responsive IT organisational structures and defining
and implementing IT processes with owners, roles and responsibilities integrated into
business and decision processes
is achieved by
- Defining an IT process framework
- Establishing appropriate organisational bodies and structure
- Defining roles and responsibilities
and is measured by
- Percent of roles with documented position and authority descriptions
- Number of business units/processes not supported by the IT organisation that should be supported, according to the strategy
- Number of core IT activities outside of the IT organisation that are not approved or are not subject to IT organisational standards
Control objectives:
PO4 Define the IT Processes, Organisation and Relationships
PO4.1 IT Process Framework
PO4.2 IT Strategy Committee
PO4.3 IT Steering Committee
PO4.4 Organisational Placement of the IT Function
PO4.5 IT Organisational Structure
PO4.6 Establishment of Roles and Responsibilities
PO4.7 Responsibility for IT Quality Assurance
PO4.8 Responsibility for Risk, Security and Compliance
PO4.9 Data and System Ownership
PO4.10 Supervision
PO4.11 Segregation of Duties
PO4.12 IT Staffing
PO4.13 Key IT Personnel
PO4.14 Contracted Staff Policies and Procedures
PO4.15 Relationships
Check out the links for details on the control objectives.
Related posts:
- ME4 Provide IT Governance CobiT definition: Establishing an effective governance framework includes defining organisational structures, processes, leadership, roles and responsibilities to ensure that enterprise...
- PO4.1 IT Process Framework CobiT definition: Define an IT process framework to execute the IT strategic plan. This framework should include an IT process...
- PO6 Communicate Management Aims and Direction CobiT definition: Management develops an enterprise IT control framework and defines and communicates policies. An ongoing communication programme is implemented...
- DS5 Ensure Systems Security CobiT definition: The need to maintain the integrity of information and protect IT assets requires a security management process. This...
- DS2 Manage Third-party Services CobiT definition: The need to assure that services provided by third parties (suppliers, vendors and partners) meet business requirements requires...
