• Bookmark

COBIT Focus Archives

GEIT Framework at Work, Part 4: Outlining the Work Products

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 17 September 2018 Spanish


No governance of enterprise IT (GEIT) initiative can be accomplished without careful attention to the work products and the project plan. They are the elements that deliver tangible results from GEIT. This article—the fourth in a 6-part series that looks at the practical application of a GEIT framework—outlines the work that is required to create the defined work products and execute the project plan in an efficient, effective and successful manner. Read More >>

Tips for Implementing IT Governance With COBIT 5

By Zachy Olorunojowon, CISA, CGEIT, COBIT 5 Foundation, Implementation and Assessor, CSXF, PMP

COBIT Focus | 4 September 2018


Underlying the implementation of a number of governance of enterprise IT (GEIT) initiatives are information governance and information management issues such as big data, analytics, information disintermediation, security, privacy, compliance and the need to drive quality decisions based on quality information, among others. Read More >>

Better the Process You Know Than the Gaps You Don’t

By James Reeve, CISA, CRISC, CISM, CGEIT, COBIT 5 Foundation and Assessor

COBIT Focus | 20 August 2018


James Reeve The FirstRand Group is a financial services provider in South Africa. It is one of the largest financial institutions in South Africa and the holding company of First National Bank (FNB), a retail and commercial bank. One of the core principles of the FirstRand Group is an ownership culture in which each subsidiary is empowered to make business decisions. Read More >>

COBIT 5—How to Get Inspired

By Andrey Drozdov, CISA, CISM, CGEIT, COBIT 5 Accredited Trainer

COBIT Focus | 6 August 2018 Portuguese


Even best-in-class frameworks need to be half as inspiring as a good novel—and twice as inspiring for practitioners to read and use them! As a COBIT trainer, I use the following tips on how to capitalize on COBIT for IT governance-related projects and workshops. Read More >>

GEIT Framework at Work, Part 3: Creating a Project Plan

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 23 July 2018 Spanish


Peter C. Tessin There is an old saying about the importance of planning: “Failing to plan is planning to fail.” While the saying has become almost a cliché from years of use, it is essentially true. Very few projects are successful in achieving their goals without the support of a clear, comprehensive, fully defined and approved plan. Read More >>

The Victorian Protective Data Security Framework and COBIT 5

By Syed Salman, CISA

COBIT Focus | 9 July 2018


Syed Salman The amount of data being produced, processed, communicated and stored is larger than ever before. Most people are well aware that information about them is typically held by a variety of organizations ranging from governments to private organizations. The information can be personal in nature, which individuals would not want to have disclosed to others without their express consent. Read More >>

Tips for Making COBIT 5 Implementation Fit the Enterprise

By Rohit Banerjee, CRISC, CGEIT, COBIT 5 Implementation, CSX Foundation, ISO/IEC 27001 Lead Auditor, ISO/IEC 38500 Lead IT Corporate Governance Manager, ISO 21500 Lead Project Manager, ISO 9001 Lead Auditor and Lead Implementer, ITIL V3 2011 Foundation, MSP Practitioner, PRINCE2, PMP, Six Sigma Black Belt

COBIT Focus | 25 June 2018


Rohit Banerjee Implementing COBIT 5 in an organization is an ambitious aspiration and a noteworthy endeavor. It demonstrates the maturity, willingness and commitment to improve. However, practical implementation challenges are often daunting and numerous. While the COBIT 5 framework and the COBIT 5 Implementation guide, along with several other references, do provide a very solid foundation on which to build... Read More >>

GEIT Framework at Work, Part 2: Plan the Solution

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 11 June 2018 Spanish


This article is the second in a 6-part series that looks at the practical application of a governance of enterprise IT (GEIT) framework. This article focuses on planning the resolution of the issue identified in part 1. In part 1, the issue identified was a reliance on controls identified and designed by management without involving anyone responsible for looking at the control portfolio from the enterprise perspective. Read More >>

Update of System Audit Standard and System Management Standard in Japan

By Masatoshi Kajimoto, CISA, CRISC

COBIT Focus | 29 May 2018


Masatoshi Kajimoto The Japanese Ministry of Economy, Trade and Industry (METI) published the System Audit Standard and the System Management Standard in 2004. Despite significant changes to the IT environment after that date, no updates to these materials were published. Needless to say, they had become quite outdated. Read More >>

GEIT Framework at Work, Part 1: Identifying the Problem

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 14 May 2018 Spanish


Peter C. Tessin This article is the first in a 6-part series that looks at the practical application of a governance of enterprise IT (GEIT) framework. The starting point is discussed in this article—forming an awareness that a problem exists and how to approach it. The subsequent articles will move through planning and executing the solution. Read More >>

Seven COBIT 5 Implementation Pitfalls to Avoid

By Opeyemi Onifade, CISA, CISM, CGEIT, BRMP, CISSP

COBIT Focus | 9 April 2018 Portuguese


Opeyemi Onifade Good practices are as good as those who practice them. As a COBIT trainer, I recommend the following tips which can help COBIT users become “good” COBIT 5 practitioners.
1. Principles are the guiding thoughts established to underpin the implementation of good practices. Read More >>

Improving the Service Desk by Using COBIT 5

By Claudio Cilli, Ph.D., CISA, CRISC, CISM, CGEIT

COBIT Focus | 26 March 2018


Claudio Cilli The IT service desk plays a significant role in the day-to-day operations of any organization. When it functions well, all other activities perform well. If the service desk cannot perform, either because it does not have the proper technical skills or does not show requisite empathy, key personnel and activities suffer. Read More >>

Here Comes the GDPR. Are You Ready?

By Mark Thomas, CRISC, CGEIT

COBIT Focus | 26 February 2018


Mark Thomas By now, most have at least heard of something called the EU General Data Protection Regulation (GDPR). If not, you may be in for a big surprise.

The EU Data Protection reform, adopted as the General Data Protection Regulation, has emerged as a seemingly unavoidable sweeping regulation that is getting the attention of organizations across the globe. Read More >>

Process Capability Assessment Using COBIT 5 as a Compliance Requirement

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 12 February 2018


Peter C. Tessin Governance and management of enterprise information technology (GEIT) is the practice of applying enterprise resources (enablers) to the creation and delivery of value to enterprise stakeholders. ISACA’s COBIT 5 GEIT framework is well established, having reached its 20th anniversary in 2017, and is used in many industries around the world. Read More >>

Portfolio, Program and Project Management Using COBIT 5, Part 3

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM

COBIT Focus | 29 January 2018


Sunil Bakshi Eswar Muthukrishnan This is the continuation of a series of articles published in COBIT Focus beginning in September 2017. The first article discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI’s) standards and publication A Guide to the Project Management Body of Knowledge (PMBOK Guide). The second article discussed the differences between PMI standards and COBIT 5 at a high level. Read More >>

GDPR Countdown and COBIT 5

By Sue Milton, CISA, CGEIT

COBIT Focus | 15 January 2018


Compliance with the EU General Data Protection Regulation (GDPR) begins on 25 May 2018, giving us almost 6 months to finalize GDPR preparations. Doing nothing is not an option.

Doing Something

The exact number of days left can be found here. Read More >>

Portfolio, Program and Project Management Using COBIT 5, Part 2

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA

COBIT Focus | 2 January 2018


Sunil Bakshi Eswar Muthukrishnan This is a continuation of a previous article published in COBIT Focus in September 2017. The first article discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI) standards and The Standard for Program Management–Fourth Edition. Read More >>

Drive Transparent and Measurable Value With COBIT 5 Process Metrics

By Okanlawon Zachy Olorunojowon, CISA, CGEIT, COBIT Assessor, COBIT Foundation, COBIT Implementation, COBIT Trainer, CSX Foundation, PMP, Prosci Change Management

COBIT Focus | 18 December 2017


Okanlawon Zachy Olorunojowon “If you cannot measure it, you cannot manage it” is a saying that applies to governance of enterprise IT (GEIT) just as much as it does to the entire organization. Not only would one fail the test of effective governance and management without metrics, but improvement would lag and proof of value would be, at best, unfounded. Read More >>

Delivering Disruptive Innovation Using the COBIT 5 Framework

By Oluwaseyi Ojo, CEng, CRISC, CISM, CGEIT, COBIT 5 Certified Assessor, CISSP, SABSA CSA, TOGAF 9

COBIT Focus | 4 December 2017


Oluwaseyi Ojo In today’s competitive and dynamic business environment, it is mandatory to have disruptive innovation capability or capabilities both for growing a business and protecting existing markets. Yet delivering disruptive innovation needs new mindsets and behaviors for organization leaders and the organizations they lead. This article describes how to use the COBIT 5 framework to deliver disruptive innovation. Read More >>

Using COBIT in Government Departments

By Panduranga Bichal, COBIT Implementer, ISO 27001 LI, ITIL Expert, PRINCE2 Practitioner, TOGAF

COBIT Focus | 30 October 2017


Panduranga Bichal The government of India is focused on ensuring the effective delivery of government services to its customers who consist of citizens, businesses, tourists or anyone who may require interaction with government departments at different levels for their day-to-day activities. The government of India’s aim is to improve the lives of the nation’s citizens by doing much more than simply implementing technology. Read More >>

Using COBIT 5 to Assess IT Processes Capabilities and Evaluate Compliance With the World Lottery Association Security Control Standard and ISO 27001

By Ioannis Panopoulos, CISA, CRISC, CGEIT, CSXF, ISO 27001 LA, and Maria Melliou, CISA, CAML, CCO, CIA, CRMA, ISO 27001 LA

COBIT Focus | 16 October 2017


Ioannis Panopoulos Maria Melliou The internal audit team of one of the biggest gaming operators in Europe implemented a cloud-based governance, risk and compliance (GRC) platform to improve the quality of its audit work papers and the productivity and collaboration with the other assurance teams (i.e., compliance, risk, security) of the company. MetricStream was selected as partner for this implementation. Read More >>

Focus on COBIT Adoption Rather Than Implementation

By Pam Erskine, COBIT Implementation and Assessor, DevOps Fundamentals ITIL Expert, Kepner-Fourie, Lean IT, Six Sigma

COBIT Focus | 25 September 2017


Pam Erskine Organizational change management (OCM) focuses on helping people adapt to change. Research shows that by acknowledging the importance of OCM and taking steps to address the people side of change, organizations will be 4 times more likely to be successful. Read More >>

Portfolio, Program and Project Management Using COBIT 5


COBIT Focus | 11 September 2017


Sunil Bakshi Many organizations attribute their success to being able to execute their strategic goals and objectives. Execution will be successful if it is measured and if corrective actions are taken at appropriate times when there are deviations. Thus, there has to be a plan that should enable measurement, help track progress and enable corrective action to be taken at the right time to keep the execution on track. Read More >>

Participatory Health Care Security

By Ed Moyle

COBIT Focus | 21 August 2017


Ed Moyle If you have ever wanted to be a doctor but ended up taking a different career path, participatory medicine may be just the new development for you. As its name implies, it is a philosophy of providing health care in which patients abandon their traditional passive stance and instead take an active role in their treatment. Read More >>

Using ISACA Privacy Principles for GDPR Compliance


COBIT Focus | 14 August 2017


Rebecca Herold I started addressing privacy risk within a large multinational financial and health care organization around 1993 when, generally, no legal requirements for addressing privacy existed, but certainly many privacy risk factors and concerns did indeed exist. (Note: Just because there are no laws governing privacy, it does not mean there is no privacy risk or potential privacy harms; there could be many.) How times have changed. Read More >>

A Group IT Governance System Model With a Pair of Wheels—Oversight and Shared IT—for a Financial Group in Japan

By Yuichi (Rich) Inaba, CISA

COBIT Focus | 31 July 2017 Japanese


Yuichi (Rich) Inaba The financial industry in Japan has seen a growing number of organizing financial groups or conglomerates since the Japanese antitrust law was revised in the late 1990s to make it easy to establish a holding company and formulate a company group. Read More >>

COBIT 5 Aids Transition to Smart and Sustainable Cities

By Graciela Braga, CGEIT, COBIT 5 Foundation, CSX Foundation

COBIT Focus | 24 July 2017


Graciela Braga A new edition of The Green Standards Week has finished, but the journey for cities has just begun.

The International Telecommunication Union (ITU), together with several organizations, including the United Nations Human Settlements Programme (UN-Habitat) and the Inter-American Association of Telecommunication Enterprises (ASIET), have organized the 7th edition of the Green Standards Week from 3 to 5 April 2017 in Manizales, Colombia. Read More >>

COBIT 5 for Risk—A Powerful Tool for Risk Management

By Hafiz Sheikh Adnan Ahmed, CGEIT, COBIT 5 Assessor, ISO 20000 LA, ISO 27001 LA, ISO 27032 Lead Cybersecurity Manager ISO 38500 Lead IT Corporate Governance Manager, Lean Six Sigma Green Belt

COBIT Focus | 10 July 2017


Hafiz Sheikh Adnan Ahmed Today, as we continue to adapt to a highly volatile environment, businesses are becoming more proactive about risk management. Risk management is on most corporate agendas, whether a private or public organization. Special attention to risk management is paid by governments, semigovernments, stock exchanges, shareholders and regulators. Read More >>

Which Screws Have to Tighten?

By Roberto Soriano, CISA, CRISC, CISM, ISO 27001 LA, PMP

COBIT Focus | 26 June 2017 Spanish


Roberto Soriano When most organizations undertake an important process improvement effort (e.g., compliance, cyber security, governance), they typically refer to different standards and prepare a complex process to implement the improvement. Read More >>


COBIT 5 for Risk: Making Sense of IT Risk Management

By Syed Salman, CISA

COBIT Focus | 12 June 2017


A leading Big 4 professional services firm in the Middle East was selected by a large retail bank in the region to assist in enabling IT risk management practices to deliver value to the enterprise in a cost-effective manner. The bank was facing and continues to face a growing and ever-changing IT risk landscape. Read More >>

COBIT 5 and the GDPR

By Joanna Karczewska, CISA

COBIT Focus | 29 May 2017


With just a year left until the European Union’s (EU’s) General Data Protection Regulation (GDPR) takes effect, it is time for any organization with European customers to get started with the implementation of its requirements. Most supervisory authorities in EU countries have published guidelines on how to get ready. Read More >>

Applying the Goals Cascade to the COBIT 5 Principle Meeting Stakeholder Needs

By Govind Kulkarni, COBIT 5, CSQA, DevOps Master, ISO 27000 Auditor, ITIL Expert, PMP

COBIT Focus | 24 April 2017


COBIT 5 is a renowned best practice framework for governing and managing enterprise information technology. This framework covers the entire enterprise from end to end in terms of processes, organization structures, policies, skills and talent, information, and other enablers, and top to bottom from the board of directors to incident management specialists working in operations. Read More >>

How COBIT 5 Can Help Reduce the Likelihood and Impact of the Top 5 Cyberthreats

By Sue Milton, CISA, CGEIT

COBIT Focus | 3 April 2017


2017 is here with cyberbreaches increasing, with their impacts rippling ever further into business and personal life.

Are these threats too big to manage? Is cyberthreat management the ‘elephant in the room’? Read More >>

Using Visual Models for Adopting IT Governance Practices

By Rafael Almeida, Pedro Linares Pinto, Renato Lourinho, Miguel Mira da Silva, Ph.D.

COBIT Focus | 20 March 2017


IT governance (ITG) can be adopted using a mixture of various structures, processes and relational mechanisms that encourage behaviors consistent with the organization’s mission, strategy, values, norms and culture. Examples of process mechanisms are ITG frameworks, best practices and International Organization for Standardization (ISO) standards such as COBIT 5, ITIL 2011 and ISO/IEC 27001. Read More >>

A Model Proposal for Organizational Prudence and Wisdom Within Governance of Business and Enterprise IT

By Ahmet Efe, Ph.D., CISA, COBIT 5 Foundation

COBIT Focus | 6 March 2017


The intimidatingly rapid growth of big data in the ever-changing, innovative information technology environment has created challenges for enterprises, such as the optimization of risk, costs and resources to best respond to the requirements of the ecosystem and the needs of stakeholders.

The Essence of Information

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, DevOps FC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005 Lead Risk Manager, ISO 27032 Lead Cybersecurity Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, RESILIA FC, SFC, SSGB

COBIT Focus | 13 February 2017


I was taught that information was processed data. While the definition was useful, it was not very enlightening. It raised as many questions as it answered. Who uses the information? Why do I need information? For what do I use information? Where do I use information? When do I use it? How do I use it? So many questions. Read More >>

Extending COBIT 5 Data Security and Governance Guidance

By Myles Suer, ITIL, and Les McMonagle, CISA, CISSP, ITIL

COBIT Focus | 30 January 2017


COBIT 5 contains highly relevant guidance for IT practitioners and business leaders regarding governing and protecting data and information. However, the question of whether COBIT 5 is enough should be asked. This article explores what COBIT 5 provides and does not provide, then suggests a series of appropriate additions. Read More >>

Developing Business Capabilities Using COBIT 5

By Oluwaseyi Ojo, CEng, CRISC, CISM, CGEIT, COBIT 5 Certified Assessor, CISSP, TOGAF 9

COBIT Focus | 16 January 2017


To execute your strategy, you need to build business capabilities. In order to ensure a business will be successful in the future, an organization must understand how it defines success and must know if it has the capability today to do better or to do more to achieve this success.

Setting the Record Straight: Convincing Management of COBIT’s Value in Risk Management

By Julian Marquez, CISA, CRISC, COBIT Foundation, ISO 27001 LA, ITIL Foundation

COBIT Focus | 3 January 2017


Although COBIT remains an extremely valuable tool for IT risk management, many Latin American companies still find themselves slightly confused when trying to understand what it takes to carry out a complete or partial COBIT implementation. In fact, organizations still struggle with how to achieve long-term business and IT goals through ... Read More >>


COBIT Focus Archives page 1 | 2 | 3 | 4