Saturday, October 12, 2013

IT Governance - COBIT 5 version - S1E1 - Executive Summary

Information is a key resource for all enterprises, and from the time that information is created to the moment that it is destroyed, technology plays a significant role. Information technology is increasingly advanced and has become pervasive in enterprises and in social, public and business environments.

As a result, today, more than ever, enterprises and their executives strive to:
• Maintain high-quality information to support business decisions.
• Generate business value from IT-enabled investments, i.e., achieve strategic goals and realize business benefits through effective and innovative use of IT.
• Achieve operational excellence through the reliable and efficient application of technology.
• Maintain IT-related risk at an acceptable level.
• Optimize the cost of IT services and technology.
Comply with ever-increasing relevant laws, regulations, contractual agreements and policies.


Over the past decade, the term ‘governance’ has moved to the forefront of business thinking in response to examples demonstrating the importance of good governance and, on the other end of the scale, global business mishaps.

Successful enterprises have recognized that the board and executives need to embrace IT like any other significant part of doing business. Boards and management—both in the business and IT functions—must collaborate and work together, so that IT is included within the governance and management approach. In addition, legislation is increasingly being passed and regulations implemented to address this need.

COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector.






COBIT 5 is based on five key principles for governance and management of enterprise IT:

Principle 1: Meeting Stakeholder Needs—Enterprises exist to create value for their stakeholders by maintaining a balance between the realization of benefits and the optimization of risk and use of resources. COBIT 5 provides all of the required processes and other enablers to support business value creation through the use of IT. Because every enterprise has different objectives, an enterprise can customize COBIT 5 to suit its own context through the goals cascade, translating high-level enterprise goals into manageable, specific, IT-related goals and mapping these to specific processes and practices.


Principle 2: Covering the Enterprise End-to-end—COBIT 5 integrates governance of enterprise IT into enterprise governance:
– It covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.
– It considers all IT-related governance and management enablers to be enterprise-wide and end-to-end, i.e., inclusive of everything and everyone—internal and external—that is relevant to governance and management of enterprise information and related IT.


Principle 3: Applying a Single, Integrated Framework—There are many IT-related standards and good practices, each providing guidance on a subset of IT activities. COBIT 5 aligns with other relevant standards and frameworks at a high level, and thus can serve as the overarching framework for governance and management of enterprise IT.

Principle 4: Enabling a Holistic Approach—Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components. COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT. Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise. The COBIT 5 framework defines seven categories of enablers:
– Principles, Policies and Frameworks
Processes
– Organisational Structures
– Culture, Ethics and Behavior
– Information
– Services, Infrastructure and Applications
– People, Skills and Competencies


Principle 5: Separating Governance From Management—The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines encompass different types of activities, require different organisational structures and serve different purposes. COBIT 5’s view on this key distinction between governance and management is:

Governance: ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. In most enterprises, overall governance is the responsibility of the board of directors under the leadership of the chairperson. Specific governance responsibilities may be delegated to special organisational structures at an appropriate level, particularly in larger, complex enterprises.
Management: plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.In most enterprises, management is the responsibility of the executive management under the leadership of the chief executive officer (CEO).

Together, these five principles enable the enterprise to build an effective governance and management framework that optimizes information and technology investment and use for the benefit of stakeholders.

No comments:

Post a Comment