3. Why does IT need an IT control framework? What does Cobit do? How does Cobit support the governance of IT? Who needs an IT control framework? What are the benefits of implementing Cobit?
4. 2009 ISACA All Rights reserved. Is my information technology organisation doing the right things? Are we doing them the right way? Are we getting them done well? Are we getting the benefits? * * Based on the “Four Ares” as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003 COBIT answers Key Business Questions
5.
6.
7.
8.
9.
10.
11.
12.
13.
Editor's Notes
When we think about C OBI T and IT governance at the most fundamental level, there are four questions that every leader asks him or herself when it comes to IT initiatives: Is my IT organisation doing the right things? Are we doing them the right way? Are we getting them done well? Are we getting the benefits? Using the maturity models developed for each of C OBI T’s 34 IT processes, management can identify: • The actual performance of the enterprise—Where the enterprise is today • The current status of the industry—The comparison • The enterprise’s target for improvement—Where the enterprise wants to be • The required growth path between ‘as-is’ and ‘to-be’
IT governance goes a long way towards bridging the gap between corporate expectations and perceptions of the IT function. The need for top management direction and oversight regarding the value of IT and the management of IT-related risks are now understood as key elements of governance. Value, risk and control constitute the core of IT governance. IT governance consists of the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives. Governance is not the sole responsibility of the CIO; it is the responsibility of an enterprise’s top executives and board of directors. Successful enterprises understand the risks and exploit the benefits of IT and find ways to deal with: • Aligning IT strategy with the business strategy • Ensuring investors and stakeholders that a ‘standard of due care’ around mitigating IT risks is being met by the enterprise • Providing organisational structures that facilitate the implementation of strategy and goals • Measuring IT’s performance These are the benefits of sound IT governance.
The C OBI T mission is to research, continually update, publicise and promote an authoritative, internationally accepted IT governance control framework for adoption by enterprises and day-to-day use by business managers, IT professionals and assurance professionals. Now in its 4.1 release, the framework has been used successfully by IT organisations and business executives in many industries and of many sizes. C OBI T provides a common language to communicate goals, objectives and expected results. A common language benefits all levels of IT, including management and stakeholders.