Introduction > Where to start
|
Introduction > Where to start |
|
A sensible place to start is with an understanding of the COBIT Framework and the concepts of IT Governance. The objective of this online tutorial is to provide an easy to use guide that describes COBIT, IT Governance and the relationship between them.
Prepared with the basics, it is possible to devise an efficient approach to address IT matters of interest to management. Typical applications include measuring the effectiveness and efficiency of the IT department, planning an improvement program for IT related services, defining baseline controls for particular environments, developing Group policy statements for IT, agreeing on the criteria that are to be used as the basis for an assessment of IT.
As COBIT is business process orientated, it addresses itself in the first place to the owners of these processes. Based on Porter's "Generic Business Model", COBiT is built around the core processes of procurement, operation, marketing, sales and the support processes of human resources, administration, and information technology.
Following the process model has the advantage of being focused on the final outcome. It matches the deployment of IT in a manner that supports the enterprise and its business objectives through a focus on the delivery of information at the business process level.
Because COBIT is business oriented, using it to understand IT control objectives in order to manage IT related business risks is straightforward:
| 1 | start with your business objectives in the Framework, |
| 2 | select the IT processes and controls appropriate to your enterprise from the Control Objectives |
| 3 | operate from your business plan, |
| 4 | assess your procedures and results with the Audit Guidelines, and |
| 5 | assess the status of your organization, identify critical activities leading to success and measure performance in reaching enterprise goals with the Management Guidelines. |
One could also start with the organisational structure, the roles and the people. The primary focus would be on the relationships between functional groups, the roles of staff, specific responsibilities and the people and their skills.
Another departure point could be from the perspective of the Application systems, with an emphasis on the IT resources required to support these applications. But there is a danger that the business objectives may not be fully addressed.
|