CobiT definition:
Management develops an enterprise IT control framework and defines and communicates policies. An ongoing communication programme is implemented to articulate the mission, service objectives, policies and procedures, etc., approved and supported by management. The communication supports achievement of IT objectives and ensures awareness and understanding of business and IT risks, objectives and direction. The process ensures compliance with relevant laws and regulations.
Control over the IT process of
Communicate management aims and direction
that satisfies the business requirement for IT of
supplying accurate and timely information on current and future IT services and associated risks and responsibilities
by focusing on
providing accurate, understandable and approved policies, procedures, guidelines and other documentation to stakeholders, embedded in an IT control framework
is achieved by
- Defining an IT control framework
- Developing and rolling out IT policies
- Enforcing IT policies
and is measured by
- Number of business disruptions due to IT service disruption
- Percent of stakeholders who understand the enterprise IT control framework
- Percent of stakeholders who are non-compliant with policy
Control objectives:
PO6 Communicate Management Aims and Direction
PO6.1 IT Policy and Control Environment
PO6.2 Enterprise IT Risk and Control Framework
PO6.3 IT Policies Management
PO6.4 Policy, Standard and Procedures Rollout
PO6.5 Communication of IT Objectives and Direction
Check out the links for details on the control objectives.
No related posts.