What is COBIT 5?
COBIT 5 is the only business framework for the governance and management of enterprise IT. It is the product of a global task force and development team from ISACA, a nonprofit, independent association of more than 140,000 governance, security, risk and assurance professionals in 187 countries.
COBIT 5 incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems.
Why Use COBIT 5?
New user demands, industry-specific regulations and risk scenarios emerge every day. Maximizing the value of intellectual property, managing risk and security and assuring compliance through effective IT governance and management has never been more important.
No other framework focused on enterprise IT offers the breadth or benefits of COBIT. It helps enterprises of all sizes:
- Maintain high-quality information to support business decisions
- Achieve strategic goals through the effective and innovative use of IT
- Achieve operational excellence through reliable, efficient application of technology.
- Maintain IT-related risk at an acceptable level
- Optimize the cost of IT services and technology
- Support compliance with relevant laws, regulations, contractual agreements and policies
Who Uses COBIT 5?
COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in public sector.
COBIT 5 is used globally by those who have the primary responsibility for business processes and technology, depend on technology for relevant and reliable information, and provide quality, reliability and control of information and related technology.
Key COBIT 5 users include enterprise executives and consultants in the following areas:
- Audit and Assurance
- Compliance
- IT Operations
- Governance
- Security and Risk Management
Source: https://cobitonline.isaca.org
COBIT 5 Framework
COBIT 5 is a holistic business framework for the governance and management of
the enterprise IT in its entirety. The COBIT 5 framework is based on five principles
which are explained hereafter.
Principle 1: Meeting Stakeholder Needs
An company has a number of internal and external stakeholders, for example, a bank includes management and staff who are internal stakeholders and the external stakeholders are clients, investors, vendors, government and regulators. These stakeholders have various and sometimes conflicting requirements. Employees want job security, management want profitability, investors want bank stability and good returns and regulators want full compliance with regulations and legislation. The bank’s decision to invest in IT modernization to provide online banking facilities will have different significance for various stakeholders. Employees will be concerned about their jobs; management will be concerned about selecting the right technologies and quick returns on investment; customers will be happy to get better service but, at the same time, they will be concerned about the security and confidentiality of their information; and regulators will be careful to track whether the bank complies with all the regulations.
It is important to take into account not only the management perspective but also the governance perspective when implementing IT, in order to meet the different requirements of internal and external stakeholders. The aim of governance is to make a balanced decision taking into account the needs of all stakeholders.
The management team represents all investors and consists of the Chairman’s Board of Directors. The ultimate goal of management is to generate value for the company. This value creation contributes to the company’s realization. Not every decision will please all shareholders. Governance requires bargaining and agreeing between different value interests of shareholders. Each decision will have different repercussions.
The implementation of cloud computing for banks, for example, will reduce infrastructure investment and thus reduce capital investment and increase profitability.
Nonetheless, it will raise consumer safety concerns. Regulators will be concerned about the location of data and whether the trans boundary flow of customer information violates the IT Act. Governance must therefore not only maximize capital but also the costs to achieve the benefits. At the same time, it must also take a balancing step which takes account of all the stakeholders ‘ needs when following the purpose of creating value.
How is COBIT 5 accomplished this?
A large number of stakeholder concerns have been reported by COBIT 5 in these circumstances. Such concerns relate to the selection of client priorities.
How can a system recognize what a company’s priorities are? COBIT 5 uses the Balanced Scorecard (BSC) approach as a business framework. According to BSC principles, an organisation needs to balance its priorities in four dimensions: economic, consumer, internal, learning and development. A business with only financial goals but no objectives from the remaining three dimensions will soon fail as its objectives are not balanced.
In our example of IT modernization for the bank, the organisational priorities could be:
Financial dimension:
1. Managed business risk (safeguarding of assets)
2. Compliance with external laws and regulations
Customer dimension:
1. Customer-oriented service culture
2. Agile response to a changing business environment
3. Business service continuity and availability
Internal dimension:
1. Optimization of business process functionality
2. Optimization of business process costs
3. Operational and staff productivity
Learning and growth:
1. Skilled and motivated people
2. Product and business innovation culture
These organisation priorities are business-oriented and important for corporate governance. We need to turn these into IT-related priorities for IT management. COBIT 5 includes a framework to align organisational goals with IT objectives. We may define the following IT-related priorities using the matrix.
Financial:
1. Alignment of IT and business strategy
2. IT compliance and support for business compliance with external laws and regulations
3. Managed IT-related business risk
4. Realised benefits from IT-enabled investments and service portfolio
5. Transparency of IT costs, benefits and risk
Customer:
1. Adequate use of applications, information and technology solutions
Internal:
1. IT agility
2. Security of information and processing infrastructure and applications
3. Optimization of IT assets, resources and capabilities
4. Enablement and support of business processes by integrating applications and technology into business processes
Learning and growth:
1. Competent and motivated IT personnel
2. Knowledge and expertise and initiative for business innovation
It is not necessary to fulfil each of these objectives simultaneously. Governance is also a matter of priority. The bank can choose specific objectives to be followed with higher priority. In order to achieve the selected IT objectives, specific enabler objectives can then be identified from the seven enablers identified in COBIT 5.
A maximum of 37 processes are available to direct us.
Principle 2: Covering the Enterprise End to end
The IT department was in charge of the IT feature in the early days of software adoption. The information was forwarded to the IT department and the documents produced were returned.
That’s no longer the case. Data has become one of the Organization’s vital resources and the information age rightly says: digital is the company’s currency. Each action and decision depends on the right information being available at the right time. COBIT 5 took this perspective and incorporated corporate IT governance into corporate governance.
It not only concentrates on the IT role but also views information and related technology as an asset for the business as any other resource. This company-wide approach is possible by corporate governance facilitators, such as a common system, standards, frameworks, processes and procedures. It also needs the resources of the organisation, e.g. equipment, personnel and data.
Knowledge itself is an essential facilitator. That stakeholder has different information needs. A bank customer needs very specific information. To order to do the job, the banker would require different kinds of information. COBIT 5 allows every stakeholder to define a comprehensive and complete information requirement and life cycle. This helps the IT function to identify and support all information needs of stakeholders.
COBIT 5 also includes comprehensive transparency and obligation positions, activities and interactions between shareholders, the governing body, management, operations and the executive team to avoid any misunderstanding.
Principle 3: Applying a Single Integrated Framework
A comprehensive macro-level business framework in COBIT 5. That, however, does not exclude the use of other niche standards and structures that can be implemented under COBIT for specialized areas. COBIT 5 is very well matched with other norms and frameworks. to provide guidance on corporate IT governance and management, while maintaining the general focus as a business framework. This is a very important aspect because technical people can focus too much on detailed technical tasks and forget the principal business objective. COBIT 5 guarantees that you do not lose sight of the general organisation priorities to meet the needs of investors when following IT objectives.
Principle 4: Enabling a Holistic Approach
ISACA claims that business targets can not be met through technological processes alone. To bring this thinking in clear focus, COBIT 5 has defined 7 enterprise enablers
1. Principles, policies and framework
2. Processes
3. Organisational structures
4. Culture, ethics and behaviour
5. Information
6. Services, infrastructure and applications
7. People, skills and competencies
The four dimensions of each enabler are stakeholders, goals, life cycle and good practice. The efficiency can be managed by defining both metrics for the attainment of objectives and metrics for practice implementation. It helps us to control whether we are on the right track and measure progress towards these objectives. For example, by implementing modern IT systems and improving processes, the reliability of information available to banking customers should be significantly improved. This should be assessed to assess whether the facilitators have actually contributed to better information performance by active IT planning and leadership.
Principle 5: Separating Governance from Management
Governance is to determine the interests, expectations and options of the stakeholders; settle on realistic, agreed-upon company goals; and guide the business. That alone is not appropriate. Governance also includes performance monitoring and compliance with negotiated guidelines and objectives. To help IT corporate governance, COBIT 5 defined five independent EDM (Evaluate, Guide and Monitor) governance processes. These systems are very well structured for the management of organisation IT. Company IT planning requires a number of procedures. The four areas of management responsibility are: plan, create, operate and track. These were further defined as follows:
Plan – APO (Align, Plan and Organise)
Build – BAI (Build, Acquire and Implement)
Run – DSS (Deliver, Service and Support)
Monitor – MEA (Monitor, Evaluate and Assess)
Together these four fields have a total of 32 leadership processes. Every system is connected to IT priorities, clearly defined objectives and indicators, RACI maps, management practises, inputs / outputs and activities. To date, the following publications have been released by ISACA to help understand and enforce COBIT 5.
1. COBIT 5: A Business Framework for
the Governance and Management of
Enterprise IT
2. COBIT 5 : Enabling Processes
3. COBIT 5 Implementation
4. COBIT 5 for Information Security
5: Enabling Information and other enabler guide
Governance is the need of the hour as is amply demonstrated by failure of various
enterprises that have not had an effective governance framework. Research has
confirmed that enterprises which have effective governance in place are more
successful and command a higher premium in the market. COBIT 5 is not just
another framework but a holistic business framework essential for governance
and management of enterprise IT. With growing importance of IT in enterprises
and huge investments being made in e-Business and e-Governance projects
and the e-way becoming the highway for all core business processes, it is essential
that each one of us learns how to use COBIT 5 to make sure that we become
more effective and can contribute in our chosen area of work to facilitate achieving
the enterprise business goals.
https://www.youtube.com/watch?v=Xy73u9n4JXs
References
[1] http://www.isaca.org/cobit
[2] http://whatis.techtarget.com/definition/framework
[3] http://www.isaca.org /KnowledgeCenter/
SINHARA'S NMIT Blog 