If you’ve been thinking about looking into COBIT, but haven’t because you are not quite sure what it can do for your enterprise, now is the time to get started. As an IT professional who has used COBIT for several years, I can say without hesitation that it has more to offer than you might imagine. COBIT can help you look at your organization from the governance and management standpoints, and expands the view beyond just processes through the use of enablers. This framework is not an academic reference that grew out of the audit, risk and security areas. It is a flexible, useable tool that has completely won me over, and here are five reasons I’m a big fan:
- COBIT is relevant—the goal is to deliver value.
The enterprise exists to create value for its stakeholders. This is simple in theory, but tough in real life. COBIT was created from the top down, meaning that the entire model focuses on the primary facets of providing value by realizing benefits while optimizing risks and resources. From the goals cascade to the enablers, COBIT helps you focus on value.
- COBIT still focuses on information.
If an enterprise does not manage its information, it will no longer exist. COBIT focuses on the information first, and that is the right way to look at it. Without information, there is no need for the technology.
- COBIT is not just for the big companies.
COBIT has escaped the “for big companies only” misconception. Whether you have a small IT organization or several hundred resources, COBIT fits any size; you just need to identify your business goals, objectives and mission to operate as a going concern. I have seen an organization with two IT staff members leverage COBIT.
- COBIT is a framework that looks beyond just processes.
COBIT’s seven enablers are designed to help you get beyond just looking at processes. These enablers include 1) Principles, Polices and Frameworks, 2) Processes, 3) Organizational Structures, 4) Culture, Ethics and Behavior, 5) Information, 6) Services, Infrastructure and Applications, and 7) People, Skills and Competencies. These provide a more holistic approach to governance where changes in one enabler must be adequately assessed across all enablers.
- COBIT is a great reference for process owners.
All processes should have owners. I will even take that a step further and say that all processes should have assigned roles. Within COBIT 5 there is a wealth of information regarding processes. There are 37 processes organized into five domains (one governance domain and four management domains). Within this process reference model, the biggest hitters for me include: process description and purpose, practices and activities, inputs and outputs, RACI charts, goals, and related industry standards and frameworks.
And the benefits don’t end there. See five additional reasons here.
Whether you are a board member, executive, auditor or IT operator, do yourself a favor and learn more about COBIT. Admittedly, many people find it difficult to simply thumb through the various publications and experience the “ah, I get it now” feeling. My advice to anyone who wants to learn more about it is to go to the ISACA site and download some of the key publications, or visit COBIT online. And consider joining me at the first-ever COBIT Conference, taking place in March 2015 in Orlando, Florida, USA.
Adopting a framework does not guarantee your governance success, but it sure does offer a great starting point. COBIT offers a common language that can be shared across the enterprise, but real adoption requires executive support, a desire to improve and a strong desire to achieve the governance of enterprise IT.
Mark Thomas, CGEIT, CRISC, ITIL, MOF
President of Escoute
To learn more about the COBIT Conference, visit www.isaca.org/cobitconference.