Philip Cao

Stay Hungry. Stay Foolish.

Using COBIT 5 to Audit Knowledge Management

3 min read


As an African proverb reminds us, “Knowledge is the only treasure you can give entirely without running short of it.” Knowledge is recognized as the most important strategic asset for every organization. According to the Journal of Knowledge and Process Management, knowledge management is a holistic process that optimizes intellectual capital to achieve organizational objectives by leveraging information and expertise. The main purpose of knowledge management practice is to mitigate the possible loss of extensive tacit and explicit knowledge due to loss of employees.

Knowledge management practices enhance the capability of an organisation to identify, capture or acquire, share, reuse and internalization of knowledge. Audits of knowledge management practices are rarely undertaken by audit functions, and this gap has been identified as one of the contributing factors in knowledge management initiatives.

COBIT 5 introduced a new defined process—BAI08:Manage Knowledge process. This process fits well in one of COBIT 5’s information technology goals: “ knowledge, expertise and initiatives for business innovation.” The process provides guidelines on how to facilitate information system knowledge management within an IT organisation. For a detailed look at it, download ISACA’s BAI08 Manage Knowledge Audit Assurance Program.

What is knowledge management audit?
In an article from The Hong Kong Polytechnic University, “Re-Thinking knowledge audit: its values and limitations in the evaluation of organizational and cultural asset ,” knowledge management audit is defined as the systematic investigation, examination, verification, measurement and evaluation of explicit and tacit knowledge resources and assets, in order to determine how efficiently and effectively they are used and leveraged by the organisation . A knowledge management audit provides an opportunity to understand the current state of the knowledge management capability of an organization and a direction of where and how to improve the capability to provide the knowledge for quality decision making and enhanced productivity.

Planning for knowledge management audits for IT function
Before planning to undertake knowledge management audits, professionals should understand the knowledge management landscape within the entire organisation, and not just the IT function. It goes without saying that understanding the bigger picture of the organisation is critical in planning IT knowledge management audits. Noted in the Journal of Knowledge and Process Management, the knowledge management landscape of any organisation will involve people culture, processes, structures and technology that support its initiatives. The following knowledge management elements should be reviewed at the audit planning stage.

Knowledge Management (KM) Elements Why review this document at planning stage
Knowledge management strategy The document provides the long-term vision and objectives of the organisation as far as knowledge management is concerned. KM elements like KM structure, resources, projects, roles and responsibilities and roadmaps will be highlighted in this document.
Knowledge management policy To understand the high-level management commitment and support for knowledge management within the organisation
Interview those responsible for knowledge management (Knowledge Management Officers) To understand current knowledge management initiatives, structures and challenges within the organisation
Walk through existing collaborative tools (intranet, online community of practice, knowledge- sharing platforms, document management systems, etc.) To understand the available collaborative tools used across the organisation for knowledge management
Preliminary social network analysis to map the major information flows within an organisation To understand knowledge flow within the organisation. This aids the auditor to identify the key nodes of knowledge creation, sharing, reuse and storage.

Audit Reporting
Knowledge management audit reports should provide the following outputs: an assessment of current levels of knowledge management practice and knowledge sharing; identification and analysis of knowledge management opportunities that have not been explored; isolation of potential problems and existing gaps; and an evaluation of the perceived value of knowledge management within the IT organisation. The report should highlight the existing knowledge management gaps and offer recommendations on four key perspectives: people culture, processes, structures and technology.

By auditing knowledge management processes, you will be able to identify gaps in an organization’s knowledge management practices and activities, build from what is working, and identify areas that require improvement. The outcome should be a blueprint for moving forward in developing organizational knowledge management best practices.

John Masika
IS Audit Manager at Kenya Airways Ltd


Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved