Possible to establish enforceable governance decisions within the processes of an organization.
Helps in demonstrating to the business what is working and what is not,
How those processes may be changed to create greater benefit to the business.
Briefly, we say the governance process is applied to the governed processes.
Example : - Operation metrics specifications daily basis for exerting control on the business processes.
An example: - daily average response time. For the developing organizations, code churn -- the frequency of changes in program source code -- would be an operational measure but without proper methods that would lead to improper decision making about company’s growth.
COBIT Relationship with CMMI Plan and Organize Provides better support for objectives with greater project focus such as requirements, risks, quality and project Management Acquire and Implement Provides excellent coverage for achieving and implementation objectives Delivery and Support Project Management processes can be translated to support management of service levels, third parties, capacity, problems and data Continuous operation and user support services are not well covered Monitor Provides for monitoring functions at the project level. Does not involve audit controls at the organization level
10 Threats to Sarbanes-Oxley Compliance ( * According to Deloitte) :
1.Lack of an enterprise-wide, executive-driven internal control management program
2. Lack of a formal enterprise risk management program
3. Inadequate controls associated with the recording of non-routine, complex, and unusual transactions