What is COBIT?

COBIT was known as – Control Objectives for Information and Related Technologies in the past and it is known as a best practice framework founded by ISACA for IT Management and IT Governance. Before the release of framework, people talked about COBIT as “control objective for IT” or Control Objective for Information and Related Technology.

COBIT draw a clear distinction between governance and management ever since they involve different activities which require different organisational structure that serve both different purposes. The governance ensures stakeholder needs, conditions and options are assessed to ensure balanced and it is aligned on enterprise objectives. Path is set based on prioritization and decision making. In the meantime, management plans, builds, runs and observe activities that are in alignment with the path that established by governance body to achieve enterprise level objectives.

COBIT can be used as business framework to implement enterprise governance of IT for deploying new and existing platforms and technologies. Organisation may conduct a systematic approach for using COBIT 2019 components as a benchmark, tailored them as required to build an operative governance system with define focus.

There are 7 steps organisation can consider when selecting and customising COBIT 2019:

Step 1: Identify Stakeholder Needs
Step 2: Identify Enterprise Goals and Alignment Goals
Step 3: Identify the Governance and Management Objectives
Step 4: Select and Customize Goals and Metrics for Enterprise and Alignment Goals
Step 5: Select and Customize the Components of the Governance and Management
Step 6: Prepare Customized COBIT Contents and Integrate Them into Enterprise Practices
Step 7: Implement Performance and Monitoring Measures to Confirm Results and Take Remedial Action

Step 1: Identify Stakeholder Needs

The implementation of an appropriate business continuity strategy supported by relevant policies and procedures ensure minimum business disruption by ensuring maximum flexibility of business operations.

Step 2: Identify Enterprise Goals and Alignment Goals

According to stakeholder needs, Organisational Goals and relevant alignment goals must be identified. In COBIT® 2019 Framework: Governance and Management Objectives, it guides organisation by helping with mapping Organisation Goals to Alignment Goals. This can be use as reference to identify the relevant alignment goals.

Step 3: Identify the Governance and Management Objectives

By using the COBIT 2019 framework guide, organisation be able to select the relevant governance and management objectives. From the template, organisation would be able to have an overview of the primary governance and objectives that applicable. With the overview, organisation may decide based on priority with either implement or improve processes that relating to managed continuity.

Step 4: Select and Customize Goals and Metrics for Enterprise and Alignment Goals

From COBIT core model, sample list of goals and metrics is listed to assist organisation in getting started. Organisation may select the most relevant goals and metrics from the ready list. The goals and metrics also can be tailored and integrated as is or can be used as Key Goal Indicators (KGIs), Key Performance Indicators (KPIs) or Key Risk Indicators (KRIs) or areas as described by organisation’s reporting and monitoring system.

Step 5: Select and Customize the Components of the Governance and Management

In COBIT® 2019 Framework: Introduction and Methodology, the COBIT governance and management components giving guidance and best practices for each component which allows organisation to select and tailor as required. The organisation may select any or all the governance and management practices relevant to its circumstances and tailor each practice further if required. You may also decide to whether to use it as practice level or activities level.

Step 6: Prepare Customized COBIT Contents and Integrate Them into Enterprise Practices

The relevant components that extracted from COBIT could be tailor further by adding guidance from appropriate regulations that applicable. It should be then be interpreted and reorganized in detailed policies and procedures, standards and guideline that are integrated towards proper documentation for organisation. Furthermore, relevant KGIs and KPIs would be required for each of the KGAs in order to monitor and measure the performance of the established standards. Next would be job responsibilities are then required to be updated and selected staff would need to be trained to perform based on the updated standards and procedures, consequently integrating the COBIT 2019 content into the day-to-day work of the business operations.

Step 7: Implement Performance and Monitoring Measures to Confirm Results and Take Remedial Action

The governing body should be informed with the changes required and benefits of the changes. To implement new approach, approval must be granted and it should be based on criticality, deliverables and milestones. Necessary budget and implementing changes within the organisation also required approval and decision based on relevant performance measurement metrics for all KGAs operation by using relevant KGIs and KPIs. These should be reported and monitored on regular basis to ensure compliance and value delivery.

COBIT 2019 provide rich source of guidance that can be used for implementation that not only on controls but also a governance system. The key differentiator of a governance system is the involvement of top management in leading and controlling the use of business IT to achieve objectives using appropriate decision-making mechanism as a guidance that is equip with responsible and accountable matrix with a monitoring system. COBIT 2019 content can be identified and selected as required using the mapping tables of business goals, alignment goals, and governance and management objectives, and how content from each of the 7 components of the governance and management system can be identified, selected and customized to address business needs.

If you are interested to know more about COBIT, please subscribe to our newsletter by clicking here or contact us at info@cybiant.com.