An Overview of COBIT Framework - Research Paper Example

?CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) Control Objectives for Information and related Technology (COBIT) Affiliation Date Table of Contents CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) 1 Control Objectives for Information and related Technology (COBIT) 1 Author 1 Table of Contents 2 COBIT framework 4 Evolution 6 COBIT objectives 7 COBIT framework 8 COBIT activities and tasks 11 Creating the Right Environment 12 Recognizing Pain Points and Trigger Events 12 Enabling Change 13 A Life Cycle Approach 13 Conclusion 16 References 16 Introduction Successful businesses understand the importance of information technology (IT) and make better use of their organizational resources to improve their shareholders’ value. Additionally, they fully understand the significance of IT for running their business procedures. They are fully aware of the need to fulfill growing demands and the advantages of handling risk successfully. The process through which organizations attempt to improve their business information systems, their performance and risk management is known as IT Governance. This process makes sure that the investments in information technology are returning appropriate value. In order to help the business effectively convince present business challenges through effective management of IT governance, ISACA has published version COBIT® 4.1. In this scenario, control objectives for information and related technology (COBIT) is an information technology governance structure as well as supporting toolset that facilitates executives to bridge the gap among control needs, technical matters and corporate risks. COBIT allows the organizations to develop a clear policy as well as adopt good practice for information technology control all through businesses. In addition, the COBIT offers strict control over organizational procedure, facilitates business to augment the value achieved from IT, improves business structure and simplifies completion of the COBIT structure (ISACA., 2011; Turban, Leidner, McLean, & Wetherbe, 2005). COBIT framework At the present, successful enterprises try to make effective use of information technology to drive their stakeholders’ value. However, these corporations as well identify and manage the associated risks, like that growing regulatory implementation as well as critical dependence of a lot of business procedures on information technology. In addition, the need for assurance regarding the worth of IT, the administration of IT-related risks and increased requirements for gaining control over information resources are at the present recognized as basic elements of corporate governance. In this scenario, value, risk and control constitute the fundamentals of IT governance. Additionally, the IT governance is the accountability of administrative staff and the board of directors, and consists of the management, organizational arrangements and procedures that make sure that the enterprise’s IT maintains and expands the organization’s strategies as well as objectives (ISACA2, 2011). In addition, control objectives for information and related technology (COBIT) offers high-quality performance all through business domain and structure and offers tasks in a convenient and logical structure. Additionally, the COBIT’s high quality practices demonstrate the agreement of specialists. They are powerfully focused on extra control, fewer on execution. In this scenario, this technology based practice allows the organizations to optimize IT-facilitated investments, make sure service delivery and offer a quantifiable approach against which to evaluate when things are not done correctly. Thus, for information technology to be flourishing in conveying against business needs, management should place a domestic control system or structure in position. In this scenario, the COBIT control structure applies these requirements through: (ISACA2, 2011) Establishing a connection to the business needs Put in order IT tasks into a normally accepted procedure model Recognizing the main IT resources to be leveraged Describing the management control aims and objectives to be measured effectively The business direction of COBIT composed of connection to the business objectives to IT aims, offering metrics and maturity models to determine their success, as well as recognizing the connected jobs of business and IT development vendor (ISACA2, 2011). In this scenario, the process pays attention on COBIT that is demonstrated through a procedure model that subdivides information technology into 4 different domains and 34 procedures in line with the accountability regions of plan, construct, run and monitor, by offering a continuous analysis of IT. In addition, enterprise structural design perceptions facilitate in recognizing the resources necessary for procedure of development, i.e., information, applications, infrastructure and people (ISACA2, 2011; IT Governance Institute, 2007; Lahti, Peterson, & Lanza, 2011). Moreover, in order to offer the information that a corporation needs to attain its objectives, IT resources need to be well-managed through a set of obviously grouped procedures. For this, business management needs to control objectives that describe the eventual objective of implementation of plans, policies and measures, and organizational arrangements to offer logical declaration that: Business objectives are attained Undesired events are prohibited or noticed plus corrected Moreover, in today’s complicated environments, organizations are for all time searching for strong and timely information to formulate hard decisions on value and risk to manage quickly and successfully. However, enterprises require an aim and intention to determine of where they are and where development is required, and they need to make use of a tool kit to supervise this development process (IT Governance Institute, 2007; Lahti, Peterson, & Lanza, 2011). Evolution Offering business direction is the major idea of COBIT. It does not only engage the users and auditors, however as well, and more significantly, management for organization and company process owners. In addition, more and more, business practices engage the comprehensive empowerment of business procedure owners consequently they have overall accountability for the entire aspects of the business procedure. Especially, this comprises providing sufficient controls (ISACA2, 2011; IT Governance Institute, 2007). Moreover, the COBIT Framework offers a tool for the company process owner that helps get rid of this accountability. Though, the framework initiated from a simple and practical premise. In addition, COBIT as well encompasses an implementation tool set that offers lessons learned from those businesses that rapidly and productively implement COBIT in their work arrangement. In this scenario, it offers two functional tools those are IT Control Diagnostic and Management Awareness Diagnostic to support in analyzing an organization’s information technology control environment (IT Governance Institute, 2000; Kabay, 2011). COBIT objectives The basic intention of COBIT is to provide management and business procedure owners with an information technology (IT) control model that could facilitate in offering value from IT and recognizing and handling the risks linked with IT. Additionally, COBIT helps the organizations in bridging the gaps between business requirements, control requirements and technical issues. In other words, it is a control structure to convene the requirements of IT governance as well as guarantee the reliability of information and information systems. In addition, COBIT is utilized internationally by those who have the main tasks for business procedures and technology, those who heavily rely on technology for applicable and dependable information, and offering reliability, quality and control of information technology (ITGovernance Institute, 2011; IT Governance Institute, 2007; IT Governance Institute, 2000; ISACA2, 2011). Though, the organizations’ services and programs have achieved distinction by implementing the uppermost levels of brilliance in standards, certification, professional education and technical publishing. In this scenario, it certification program (that is known as the Certified Information Systems Auditor TM) is simply international designation all through the IT control and audit community. Additionally, its standard tasks establish the quality baseline which is used to measure other IT control and audit tasks. In addition, it’s specialized learning programs present management and technical conferences and seminars on five continents internationally to help professionals all over the world receive high-quality education. In the same way, its technological publishing area offers professional and references development materials to supplement its notable range of programs along with services (ITGovernance Institute, 2011; IT Governance Institute, 2007; IT Governance Institute, 2000; ISACA2, 2011). COBIT framework Capital or money was not maintained as an IT resource for categorization of control objectives for the reason that it is recognized as being the investment into some of the resources. In addition, it should as well be kept in mind that the structure does not specially outline documentation of the entire material regarding a particular information technology procedure. As a matter of high-quality practice, documentation is recognized critically for high-quality control, and consequently lack of documentation would cause further evaluation and analysis used for compensating controls in some specific region under review (ISACA3, 2011). Figure 1COBIT Structure, Image Source: http://www.tcontas.pt/eurosai/lisboa_etc-seminar/Documents/Cobit/CobitFramework.pdf Additionally, in order to make sure that the required information are convinced, sufficient control procedures require being described, monitored and implemented over these resources (ISACA3, 2011). Figure 2COBIT Framework, Image source: http://www.tcontas.pt/eurosai/lisboa_etc-seminar/Documents/Cobit/CobitFramework.pdf Moreover, the COBIT Framework is composed of sophisticated control objectives and a generally arrangement for their categorization. In this scenario, the fundamental theory for the categorization is that there must be three levels of IT attempts when recognizing the administration of IT resources. The bottom line deals with the actions and jobs required to accomplish quantifiable outcomes. However, tasks have a life-cycle initiative as jobs are extra dissimilar. In this scenario, the life-cycle idea has distinctive control needs dissimilar from discrete tasks. In addition, the procedures are described one layer up as a sequence of connected jobs with natural (control) breaks. Additionally, at the uppermost level, procedures are logically clustered jointly into domains. Their natural alignment is frequently established like accountability domains in an organizational arrangement and is in sequence with the administration cycle or life cycle appropriate to IT procedures (IT Governance Institute, 2000; ISACA3, 2011). Therefore, the conceptual structure could be attained from 3 vantage points: such as information principles, information technology IT resources and IT procedures. In addition, these 3 vantage points are represented in form of COBIT Cube. In this scenario, with the preceding as the structure, the fields are acknowledged by means of wording that administration utilizes in everyday tasks of the business not examiner jargon. As a result, 4 wider domains are identified: organization and planning, implementation and acquisition, support and delivery and monitoring (IT Governance Institute, 2000 ISACA3, 2011). Figure 3COBIT Framework, Image Source: http://www.tcontas.pt/eurosai/lisboa_etc-seminar/Documents/Cobit/CobitFramework.pdf COBIT activities and tasks ISACA offers practical and widespread implementation management in its publication COBIT 5. In this scenario, the implementation is based on a repeated enhancement life cycle. However, it does not refer to a controlling technique or an accomplished solution, however rather a way to keep away from normally encountered dangers, influence most excellent practices and assist in establishment of flourishing results. In addition, the COBIT is as well supported by an accomplishment tool kit including a multiplicity of resources that will be frequently improved. Its content contains: (IT Governance Institute, 2000; ISACA3, 2011) Self evaluation, quantity as well as diagnostic tools Presentations meant at a variety of audiences Associated articles as well as further explanations Creating the Right Environment COBIT has to be appropriately managed and effectively controlled for developing effective plans. In fact, most of the IT plans fail because of insufficient trend, support and oversight by a variety of necessary stakeholders, and failure to control or manage IT facilities in leveraging COBIT application. In this scenario, support and direction from basic stakeholders are important consequently that development is approved and sustained. However, in a weak enterprise situation (like that an indistinct generally business operating model or shortage of corporate level of governance enablers), it becomes even more significant (IT Governance Institute, 2000; ISACA3, 2011). Recognizing Pain Points and Trigger Events There are a number of issues and aspects that can increase need for enhanced governance and management of corporate IT resources. In this scenario, through trigger measures as the launching point for launching plans, the control or administration of corporate IT enhancement can be associated to practical, daily issues being practiced. As well, rapid wins could be achieved and value addition can be established in those regions that are the most noticeable or familiar in the enterprise. Thus, this offers a platform for initiating further transformations and can be helpful in attaining extensive senior management dedication and support for more persistent transformations (IT Governance Institute, 2000; ISACA3, 2011).   Enabling Change Effective implementation depends on applying the correct change (the accurate management and governance enablers) in the correct way. Though, a lot of corporations pay more attention to the initial characteristic, fundamental control or administration of IT however not sufficient importance on handling the human, behavioral and cultural feature of motivating and changing stakeholders to pay for the change (IT Governance Institute, 2000; ISACA3, 2011). A Life Cycle Approach The COBIT implementation life cycle offers ways for corporations to tackle the complexity and challenges normally meet all through COBIT implementation. In addition, there are 3 interconnected components to the life cycle: (IT Governance Institute, 2000; ISACA3, 2011)    The fundamental frequent development life cycle The establishment of change (tackling the behavioral as well as cultural scenarios) The administration of the program   Stage 1 is initiated by agreeing on and recognizing to need for an implementation or enhancement initiative. In addition, it identifies the present pain points and triggers and produces a need to modify at executive management levels (IT Governance Institute, 2000; ISACA3, 2011). Stage 2 pays attention on describing the scope of the implementation or enhancement initiative by means of COBIT’s mapping of corporate objectives to IT associated objectives to the related IT procedures. In this scenario, the high level diagnostics can be very helpful for understanding and scoping high priority regions on which to focus. An evaluation of the present state is then achieved and issues or insufficiencies are recognized. This could, for instance, be attained in the course of COBIT’s procedure potential evaluations. In addition, large scale schemes should be planned as numerous iterations of the life cycle; for some accomplishment initiative exceeding 6 months there is a danger of losing drive, pay attention on stakeholders’ initiatives (IT Governance Institute, 2000; ISACA3, 2011). Stage 3 is aimed at placing the target, which is pursued through a more comprehensive analysis enhancing COBIT’s management to recognize gaps and possible results. In this scenario, a number of clarifications can be rapid wins and others more demanding and longer term tasks. In addition, priority should be specified to plans that are simpler to attain and those probably to acquiesce the maximum advantages (IT Governance Institute, 2000; ISACA3, 2011). Stage 4 is aimed at planning practical solutions by describing projects supported through reasonable corporate cases. At this stage a change plan meant for implementation is as well developed. In this scenario, an effectively developed business case facilitates to make sure that the project’s advantages are acknowledged and examined (IT Governance Institute, 2000; ISACA3, 2011). At stage 5 planned solutions are applied into day-to-day performance. Additionally, the measures are described and assessed, along with COBIT’s objectives and metrics to make sure that corporate arrangement is attained and sustained and performance can be calculated. However, the success necessitates the appointment and established promise of top administration and ownership through the influenced business and information technology stakeholders (IT Governance Institute, 2000; ISACA3, 2011). Stage 6 pays attention on the sustainable process of the new or enhanced enablers and checks the implementation for expected advantages (IT Governance Institute, 2000; ISACA3, 2011). At stage 7 overall success of the proposal is reviewed, additional requirements for the control or management of corporate IT is acknowledged, and the required frequent enhancement is reinforced (IT Governance Institute, 2000; ISACA3, 2011). Eventually, the life cycle should be pursued iteratively even as building a sustainable technique to the domination and administration of corporate information technology (IT Governance Institute, 2000; ISACA3, 2011). Conclusion Successful businesses understand the importance of information technology (IT) and make better use of their organizational resources to improve their shareholders’ value. Additionally, they fully understand the significance of IT for running their business procedures. Thus, in order to help the business effectively convince present business challenges through effective management of IT governess; ISACA has published version COBIT® 4.1. In this scenario, control objectives for information and related technology (COBIT) is an information technology governance structure as well as supporting toolset that facilitates executives to bridge the gap among control needs, technical matters and corporate risks. This paper has presented a detailed overview of COBIT Framework. This paper has disused in detail the overall working and structure of this framework. This framework really plays an important role in the success of a business. References ISACA. (2011). COBIT Framework for IT Governance and Control. Retrieved December 10, 2011, from http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx ISACA2. (2011). Frequently Asked Questions. Retrieved December 11, 2011, from http://www.isaca.org/Knowledge-Center/cobit/Pages/FAQ.aspx#1 ISACA3. (2011). COBIT 5: The Framework Exposure Draft. Retrieved December 10, 2011, from http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT5-Framework-ED-27June2011.pdf IT Governance Institute. (2000, July). COBIT® Framework, 3rd Edition. Retrieved December 08, 2011, from http://www.tcontas.pt/eurosai/lisboa_etc-seminar/Documents/Cobit/CobitFramework.pdf IT Governance Institute. (2007). The IT Governance Institute. Retrieved December 10, 2011, from http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf ITGovernance Institute. (2011). The ITGovernance Institute® is pleased to offer you this complimentary download of COBIT. Retrieved December 05, 2011, from http://www.netbotz.com/library/Cobit_regulations.pdf Kabay, M. E. (2011, August 29). COBIT 5: New evolution of COBIT guidance. Retrieved December 09, 2011, from Network World: http://www.networkworld.com/newsletters/sec/2011/082911sec1.html Lahti, C., Peterson, R., & Lanza, S. (2011). Introduction to COBIT for SOX compliance. Retrieved December 09, 2011, from TechTarget.com: http://searchsecurity.techtarget.com/feature/Introduction-to-COBIT-for-SOX-compliance Turban, E., Leidner, D., McLean, E., & Wetherbe, J. (2005). Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley. Read More