COBIT 5 provides the next generation of ISACA’s guidance on the enterprise governance and management of IT. It builds on more than 15 years of practical usage and application of COBIT by many enterprises and users from business, IT, risk, security and assurance communities. The major drivers for the development of COBIT 5 include the need to:
• Provide more stakeholders a say in determining what they expect from information and related technology (what benefits at what acceptable level of risk and at what costs) and what their priorities are in ensuring that expected value is actually being delivered. Some will want short-term returns and others long-term sustainability. Some will be ready to take a high risk that others will not. These divergent and sometimes conflicting expectations need to be dealt with effectively. Furthermore, not only do these stakeholders want to be more involved, but they want more transparency regarding how this will happen and the actual results achieved.
• Address the increasing dependency of enterprise success on external business and IT parties such as outsources, suppliers, consultants, clients, cloud and other service providers, and on a diverse set of internal means and mechanisms to deliver the expected value.
• Provide more stakeholders a say in determining what they expect from information and related technology (what benefits at what acceptable level of risk and at what costs) and what their priorities are in ensuring that expected value is actually being delivered. Some will want short-term returns and others long-term sustainability. Some will be ready to take a high risk that others will not. These divergent and sometimes conflicting expectations need to be dealt with effectively. Furthermore, not only do these stakeholders want to be more involved, but they want more transparency regarding how this will happen and the actual results achieved.
• Address the increasing dependency of enterprise success on external business and IT parties such as outsources, suppliers, consultants, clients, cloud and other service providers, and on a diverse set of internal means and mechanisms to deliver the expected value.
• Deal with the amount of information, which has increased significantly. How do enterprises select the relevant and credible information that will lead to effective and efficient business decisions? Information also needs to be managed effectively and an effective information model can assist.
• Deal with much more pervasive IT; it is more and more an integral part of the business. Often, it is no longer satisfactory to have IT separate even if it is aligned to the business. It needs to be an integral part of the business projects, organisational structures, risk management, policies, skills, processes, etc. The roles of the chief information officer (CIO) and the IT function are evolving. More and more people within the business functions have IT skills and are, or will be, involved in IT decisions and IT operations. IT and business will need to be better integrated.
• Provide further guidance in the area of innovation and emerging technologies; this is about creativity, inventiveness, developing new products, making the existing products more compelling to customers and reaching new types of customers. Innovation also implies streamlining product development, manufacturing and supply chain processes to deliver products to market with increasing levels of efficiency, speed and quality.
• Cover the full end-to-end business and IT functional responsibilities, and cover all aspects that lead to effective governance and management of enterprise IT, such as organisational structures, policies and culture, over and above processes.
• Get better control over increasing user-initiated and user-controlled IT solutions.
• Achieve enterprise:
– Value creation through effective and innovative use of enterprise IT
– Business user satisfaction with IT engagement and services
– Compliance with relevant laws, regulations, contractual agreements and internal policies
– Improved relations between business needs and IT objectives
• Connect to, and, where relevant, align with, other major frameworks and standards in the marketplace, such as Information Technology Infrastructure Library (ITIL), The Open Group Architecture Forum (TOGAF), Project Management Body of Knowledge (PMBOK), PRojects IN Controlled Environments 2 (PRINCE2), Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the International Organization for Standardization
(ISO) standards. This will help stakeholders understand how various frameworks, good practices and standards are positioned relative to each other and how they can be used together.
• Integrate all major ISACA frameworks and guidance, with a primary focus on COBIT, Val IT and Risk IT, but also considering the Business Model for Information Security (BMIS), the IT Assurance Framework (ITAF), the publication titled Board Briefing on IT Governance, and the Taking Governance Forward (TGF) resource, such that COBIT 5 covers the complete enterprise and provides a basis to integrate other frameworks, standards and practices as one
single framework.
No comments:
Post a Comment