Standards body updates IT governance framework

The IT Governance Institute is about to launch its first update in five years to a technology management standard with a greater focus on business regulations and compliance issues.

Aimed at all levels of management, Control Objectives for Information and related Technology (CobIT) 4.0 offers guidance and best practices to manage 34 different processes, including planning, acquisition, delivery and monitoring. The first edition was published in 1994. This version offers research in eight industries in an attempt to provide a clearer insight into how COBIT processes support the achievement of specific IT goals and, by extension, business goals. CobIT 4.0 is published by the Information Systems Audit and Control Association (ISACA).

CobIT enjoys considerable support in Canada, particularly among public sector organizations such as Public Works and Government Services Canada, Canada Housing and Mortgage Corp. and a number of auditor general offices. Deloitte & Touche, KPMG and PricewaterhouseCoopers all offer CobIT expertise, as do a number of smaller firms.

“There’s a need to prove you have repeatable processes and controls . . . people want to have something more turnkey that they’re able to implement,” said Ivan Milam, president of ISACA’s Ottawa-Valley Chapter, who praised the enhancements. “It was comprehensive to start with, but the additional content will help practitioners.”

The Office of the Auditor General of Manitoba has been using some parts of CobIT for years, said Barry Saunders, audit associate and president of the Winnipeg ISACA chapter.

“In version 4, part of the process is to identify the business plans and ensure there’s a correlation with the IT at the other end, instead of the IT department going off and developing some fantastic program that doesn’t get used,” he said. “People like it because the structure is what we think it should be.”

Unlike the IT Infrastructure Library (ITIL), which tends to outline more detailed steps to handling technology-based processes, CobIT is more high-level, Milam said. That doesn’t mean the two standards need to compete with each other, however. 

“What you’ll see oftentimes is people combine the two and that gives them a complete framework for managing information and technology,” he said.

Though CobIT predates compliance mechanisms such as the U.S. Sarbanes-Oxley regulations, accounting scandals and the consequent scrutiny over business processes has raised CobIT’s profile among CIOs, Saunders.

“When we go in and talk about CobIT now, they at least know what we’re talking about,” he said. “That wouldn’t have been true a few years ago.”

CobIT 4.0 will also attempt to harmonize and maps to other standards such as ISO 17799, according to the ITGI. It also tries to clarify key goal indicator (KGI) and key performance indicator (KPI) relationships and identify how one can drive the achievement of the other.

Comment: [email protected]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schick
Your guide to the ongoing story of how technology is changing the world

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.