• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / COBIT evolves as technology does

By Jeffrey Sherman, MBA, FCPA, FCA | 3 Minutes Read November 19, 2012

COBIT evolves as technology does

CobiT (“Control Objectives for Information and Related Technology”) was introduced in 1996, and more widely adopted by the business community in the United States in 2002, becoming the framework for evaluating internal controls. The newest issue of ITPP contains revisions and updates to CobiT as it continues to evolve to reflect the role of IT in business.
CobiT 5 was released in 2012. It takes a higher-level governance approach, focusing on stakeholders and their needs. It incorporates the internal control focus of earlier versions of CobiT but goes beyond them. A diagram of the CobiT 5 principles is shown below.

Differing from other formats for internal control, CobiT focuses on information technology as it functions in a business. The approach is holistic, integrating the needs of regulating an organization internally with the priorities of a thriving business. The two objectives, that is, running a smoothly-operating organization within a successful business are of course dependent on each other, though integrating the principles therein is not necessarily clear.
The guidelines within CobiT seek to harmonize these operations. As technology in particular evolves so rapidly, new changes to the mandates in CobiT keep businesses functioning well, making the most of information technology’s tools. Learn more in ITPP’s latest update.
How can I use ITPP to. . . understand CobiT 5?
Information Technology PolicyPro (ITPP) published by First Reference Inc. includes a succinct introduction to CobiT 5 (as well as our own Canadian IT-control model). You may find it helpful to review it to gain an overview of the new CobiT 5 IT control model, released in 2012.
CobiT 5 divides its 37 governance and managing processes into five broad categories (called “domains”). Those enabling processes are mapped to 17 IT-related goals and to process goals and metrics.
For example, the first domain, “Evaluate, direct, and monitor”, relates to board-level governance over enterprise information technology, the other four domains relate to management of enterprise information technology.
The 17 IT-related goals in the CobiT 5 model (as shown below) are based upon the “balanced scorecard” framework that divides goals between financial, internal processes, customer-based, and learning and growth.
Financial

  1. Alignment of IT and business strategy
  2. IT compliance and support for business compliance with external laws and regulations
  3. Commitment of executive management for making IT-related decisions
  4. Managed IT-related business risk
  5. Realized benefits from IT-enabled investments and services portfolio
  6. Transparency of IT costs, benefits and risk
    Customer

  7. Delivery of IT services in line with business requirements
  8. Adequate use of applications, information and technology solutions
  9. Internal

  10. IT agility
  11. Security of information, processing infrastructure and applications
  12. Optimization of IT assets, resources and capabilities
  13. Enablement and support of business processes by integrating applications and technology into business processes
  14. Delivery of programs delivering benefits, on time, on budget, and meeting requirements and quality standards
  15. Availability of reliable and useful information for decision making
  16. IT compliance with internal policies
  17. Learning and Growth

  18. Competent and motivated business and IT personnel
  19. Knowledge, expertise and initiatives for business innovation

Source: CobiT 5 A Business Framework for the Governance and Management of Enterprise IT, ISACA, 2012, page 52.
ITPP release 2012-03
With this ITPP release we start the process of converting the cross-references in this book from CobiT 4.1, (published in 2007) to CobiT 5, (published in 2012). Previously, every policy was cross-referenced to CobiT 4.1’s objectives. CobiT 5 takes a somewhat different approach, so the new references are to CobiT 5 “processes” and “IT-related goals.”
CobiT is published by the Information Systems Audit and Control Association (ISACA). It is an authoritative standard for IT controls, while the latest iteration expands the ambit to include governance and enterprise risk management.
This release consists of a replacement of the Introduction to ITPP (where the discussion of CobiT is updated), as well as to all of Chapter 1– Planning, which includes the following policies:
IT 1.01 – Strategic Planning identifies critical elements of the IT strategic plan and ensures that IT planning is aligned with the organization’s strategic goals.
IT 1.02 – Tactical Planning deals with the annual planning cycle and ensures that it is consistent with the strategic plan.
IT 1.03 – Implementation Planning provides overall policies for implementing and modifying systems and applications.
IT 1.04 – Site Planning addresses selection and preparation of a site for an IT installation.
IT 1.05 – Risk Assessment provides policies for dealing explicitly with risk identification and risk assessment.
IT 1.06 – Risk Management addresses procedures to review and manage IT risks.
The material has been updated and freshened, and cross-references and links have been replaced and updated.
Jeffrey D. Sherman
BComm, MBA, CIM, FCA

  • About
  • Latest Posts
Jeffrey Sherman, MBA, FCPA, FCA
CFO at Atrium Mortgage Investment Corporation (TSX:AI)
Jeffrey is CFO of Atrium Mortgage Investment Corporation (TSX:AI), a director of several companies and has had over 20 years of executive management experience. His interests include corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Jeffrey is a popular presenter, and was an adjunct professor at York University for 15 years. He is a frequent course director and course author for many organizations, including provincial bodies of Chartered Professional Accountants across Canada.

He has written over 20 books including: Canadian Treasury Management, Canadian Risk Management, and Financial Instruments: A Guide for Financial Managers (all published by Thomson-Reuters/Carswell), as well as Finance and Accounting PolicyPro and Information Technology PolicyPro (guides to governance, procedures, and internal control), and Cash Management Toolkit for Small and Medium Businesses (all published by Chartered Professional Accountants of Canada [CPA Canada]).
Latest posts by Jeffrey Sherman, MBA, FCPA, FCA (see all)
  • How does IT recovery planning differ from business continuity planning? - August 4, 2015
  • How to manage bank accounts: the basics - July 6, 2015
  • Refresher on financial statistics and metrics - April 6, 2015

Article by Jeffrey Sherman, MBA, FCPA, FCA / Business, Privacy / Alignment of IT and business strategy, and monitor, balanced scorecard, Business, COBIT, Control Objectives for Information and Related Technology, direct, domain, Evaluate, information technology, Information Technology PolicyPro, Internal Controls, internal processes, IT control model, IT-related goals, ITPP, manage IT risks, management of enterprise information technology, risk assessment, risk identification, technology

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Jeffrey Sherman, MBA, FCPA, FCA

Jeffrey is CFO of Atrium Mortgage Investment Corporation (TSX:AI), a director of several companies and has had over 20 years of executive management experience. His interests include corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Jeffrey is a popular presenter, and was an adjunct professor at York University for 15 years. He is a frequent course director and course author for many organizations, including provincial bodies of Chartered Professional Accountants across Canada.

He has written over 20 books including: Canadian Treasury Management, Canadian Risk Management, and Financial Instruments: A Guide for Financial Managers (all published by Thomson-Reuters/Carswell), as well as Finance and Accounting PolicyPro and Information Technology PolicyPro (guides to governance, procedures, and internal control), and Cash Management Toolkit for Small and Medium Businesses (all published by Chartered Professional Accountants of Canada [CPA Canada]).

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy