• Bookmark

COBIT Focus Archives

Using COBIT for IT Organizational Design

By Azhar Zia-ur-Rehman, CISA, CRISC, CISM, ISO 27001 LA

COBIT Focus | 19 December 2016

 

The organizational structure of an IT department is usually the result of a series of changes, trials, experiments and political manipulations. It is often adjusted to suit or accommodate individuals. As a result, the organization is sometimes cumbersome and the cause of problems, inefficiency and excess cost. Read More >>


COBIT 5 Mapping Exercise for Establishing Enterprise IT Strategy

By Christopher Oparaugo, CISM, CGEIT, CRISC

COBIT Focus | 5 December 2016

 

In recent years, (as demonstrated in my previous article titled “ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance”), the balanced scorecard (BSC) has been applied to enterprise IT and the first real-life IT security governance application has been developed based on mapping the control objectives from the... Read More >>


COBIT 5: Creating Buy-in and Empowering Teams to Change

By Paul Wilkinson and Gary Hardy

COBIT Focus | 28 November 2016

 

It is an inescapable fact that IT is changing the way organizations do business. There is a global emphasis on “digital transformation,” which means that IT is increasingly becoming a critical enabler to realizing business value. At the same time, IT represents a significant risk if not governed effectively. Read More >>


COBIT 5: Taking IT Governance and Management to the Next Level

By Syed Salman, CISA

COBIT Focus | 14 November 2016

 

A Big 4 professional services firm in the Middle East region was selected by a leading retail bank in the region to assist in finding solutions to pressing problems related to IT governance and IT management. The bank was and continues to be heavily dependent on IT infrastructure and IT application systems to deliver an efficient and effective banking experience to its customers. Read More >>


Ensuring Value From IT-enabled Investments

By Aamir Jamil, CISM, CGEIT

COBIT Focus | 31 October 2016

 

Ensuring that value is realized from IT investments is an essential component of enterprise governance. IT governance in practice ensures that IT investments deliver the promised benefits against the strategy at an agreed risk exposure. It also concentrates on optimizing resources throughout the economic life cycle—including the initial investment and the resulting IT services and other IT assets. Read More >>


A Partial Transition to COBIT 5 Demonstrates Value to IT

By Victor Antonio Jimenez

COBIT Focus | 24 October 2016

 

Several years ago, the IT department of the largest bakery factory in the world, with a presence in the United States, Mexico, Central America, South America, Asia, Europe, Canada and the United Kingdom, conducted a COBIT 4 assessment and implementation of a enterprise governance.
Read More >>


Change Enablement for GEIT Implementation and Improvement

By Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 17 October 2016

 

Frameworks, best practices and standards are useful only if they are adopted and adapted effectively. A successful governance of enterprise IT (GEIT) implementation or improvement requires an enterprise culture that is accepting and supportive of the changes that a GEIT implementation brings to the enterprise. Read More >>


Using COBIT 5: Enabling Information to Perform an Information Quality Assessment

By Felipe da Silva Antonio, COBIT Foundation, CTFL, and Alessandro Manotti, CISA, CISM

COBIT Focus | 3 October 2016 Portuguese

 

Information is considered a main resource for any organization as the evolution of information technology in recent decades has reached almost all organizations. No matter their size—small, medium or large—organizations use computer systems to perform the most critical processes and provide them competitive advantage. Companies currently use the power of data analytics to decide where to open a branch, how to increase investments or when to launch a product in accordance with their target customers. Read More >>


Introduction to COBIT Videos Provide Insights into COBIT 5

By Mark Thomas, CRISC, CGEIT, and Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 19 September 2016

 

The Introduction to COBIT Video Series is a collection of short videos that explain, in a straightforward, simple manner, the many features, tools and benefits of the COBIT 5 framework. The series can be viewed from start to finish or by module, based on individual needs and interests. Read More >>


Ambiguities in Translation of Information and Knowledge Concepts in COBIT 5

By Ahmet Efe, Ph.D., CISA, COBIT 5 Foundation

COBIT Focus | 12 September 2016

 

Data, information, knowledge, business intelligence and wisdom (DIKIW) are sequential, theoretical and conceptual stations of understanding. Some researchers assert that business intelligence (or intelligence) is different than knowledge and wisdom. Each concept of DIKIW has its place in guiding individuals and legal entities to take proper action to save more in assets while losing less in resources. Read More >>


The Importance of Planning a Governance of Enterprise IT Implementation

By Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 29 August 2016

 

Embarking on a governance of enterprise IT (GEIT) implementation can be intimidating. There is plenty of anecdotal evidence describing failed GEIT projects and the problems associated with GEIT implementations. In my experience, common elements in failed GEIT implementations include a failure to obtain key executive commitment and not performing adequate analyses of the enterprise prior to embarking on the GEIT implementation itself. Read More >>


COBIT: The Road Ahead

By Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 22 August 2016

 

1996 had its share of significant events. The first flip phone, the Motorola StarTAC, went on sale. The Czech Republic applied for European Union membership. Australia defeated Sri Lanka 2-0 to win cricket's World Series Cup. The first version of the Java programming language was released. The massive Internet collaboration "24 Hours in Cyberspace" took place. Read More >>


The Five A’s of Enterprise Governance of IT

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, RESILIA FC, SSGB

COBIT Focus | 8 August 2016

 

At the 2016 COBIT Conference in New Orleans, many of the presenters talked about the need to adopt and adapt the COBIT framework. You will find this tailoring concept as a principle of many modern frameworks (e.g., PRINCE2). With frameworks, one size does not fit all. No doubt these 2 action verbs—adopt and adapt—are necessary to gain success in implementing your framework using COBIT 5; however, I think we need to add 3 additional verbs: alert, align and assure. Read More >>


An Appropriate Approach for Program and Project Management

By My Hanh Nguyen, CISA, CISM, CRISC, CGEIT, ACCA

COBIT Focus | 25 July 2016

 

One of the challenges of IT management is how to manage and deliver transformation projects on time, on budget, in compliance with the quality standards, while achieving the business’s requirements. BAI01 Manage Programs and Projects is good guidance to ensure that IT management has overall project management knowledge. Read More >>


Creating Value

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SFC, SSGB, RESILIA FC

COBIT Focus | 18 July 2016

 

In COBIT 5, we are taught that enterprises exist to create value for their stakeholders. A truism if ever there was one. Consequently, every enterprise will have value creation as an objective. The COBIT 5 framework helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. Read More >>


Transforming Risk Culture Through Organizational Culture Leveraging COBIT 5 for Risk

By Ganapathy Kannan, ISO 27001 LA, and Vinoth Sivasubramanian, CEH, CISSP, DCPLA, ISO 27001 LA

COBIT Focus | 5 July 2016

 

The point has been made again and again and, as per the Forcepoint 2016 Global Threat Report, humans are still the weakest link in security. It is, therefore, essential that information security professionals acknowledge and address this problem. Resolving problems within the human workforce is complex, challenging and daunting, but it is definitely not an insurmountable task. Read More >>


Improving Business With COBIT 5

By Sushil Chatterji, CGEIT, CEA, CMC

COBIT Focus | 20 June 2016

 

Benefits realization of IT-enabled investments is a strategic imperative. In a 2008 study on benefits realization, researchers found that in the majority of enterprises surveyed (57%), less than half of the change initiatives undertaken delivered the expected business benefits. This conclusion is consistent with earlier studies that show that that the majority of IT-enabled initiatives are judged to be unsuccessful. Read More >>


Root Cause Analysis

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SFC, SSGB, RESILIA FC

COBIT Focus | 13 June 2016

 

Buried in COBIT 5 processes such as APO11 Manage quality and APO12 Manage risk in the Align, Plan and Organize (APO) domain, you will find a root cause analysis (RCA) as an output of the management practices. The RCA output is used by numerous other processes. Obviously, knowledge of RCA methods and techniques are essential for the Deliver, Service and Support (DSS) processes DSS02 Manage service requests and incidents and DSS03 Manage problems. Read More >>


Creating Value with an Enterprise IT Governance Implementation Model Using COBIT 5

By Yuichi (Rich) Inaba, CISA

COBIT Focus | 23 May 2016 Japanese

 

After the subprime mortgage crisis and the Lehman Brothers collapse in the US, the Financial Services Agency of Japan (FSA) strengthened financial regulations. The FSA regulations introduced an IT governance perspective, which detailed the rules for information security enhancement and IT risk minimization. Read More >>


Monitoring, Evaluating and Assessing Compliance

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC

COBIT Focus | 16 May 2016

 

A 2015 Deloitte Risk Services Report found that 35% of companies still do not actively measure the effectiveness of their compliance programme. The rest of the study’s participating companies (that is, 65%) measure the effectiveness of their compliance function using “busy metrics” such as the number of incidents and completion of compliance training. The COBIT 5 Monitor, Evaluate and Assess (MEA) process MEA03 Monitor, evaluate and assess compliance with external requirements itself focuses on busy metrics such as... Read More >>


Are Your IT and Strategic Business Goals Aligned?

By Alexander Zapata, CISA, CGEIT, CRISC, COBIT 5 Implementation and Assessor, ISO 22301 LI, ISO 27001 and Foundations, PMP

COBIT Focus | 9 May 2016

 

Developing and using models to help represent relationships between business strategy and IT is an effective method to show the strategic effect of IT within the enterprise. As more and more business commerce becomes automated, the growing impact of IT on business strategy, such as the development of a sustained competitive advantage in a highly connected world, becomes increasingly evident. Read More >>


Stuck Thoughts

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC

COBIT Focus | 25 April 2016

 

I never thought in 2016 that I would hear someone say, “We have always done it that way,” but I did. Undoubtedly, these are 7 of the saddest and most expensive words in the English language. You might know this phrase by one of its variants: “That is not the way we do it here,” or “You just do not understand how we do things around here.” These are what psychologists call “stuck thoughts.” Read More >>


Unearthing and Enhancing Intelligence and Wisdom Within the COBIT 5 Governance of Information Model

By Ahmet Efe, Ph.D., CISA, COBIT 5 Foundation

COBIT Focus | 18 April 2016

 

Data, information, knowledge and wisdom (DIKW) are the best known, sequential, theoretical and conceptual stations of understanding of things for taking proper action to save more in assets while losing less in resources in the course of life, both for individuals and legal entities. They are also the most difficult issues that can be differentiated within a certain context by practitioners without studying and referring to pertinent academic researches. Read More >>


Implementing COBIT 5 at ENTSO-E

By Greet Volders, CGEIT, COBIT Certified Assessor and Kees de Jong, CIPM, CISSP, SIPP/E

COBIT Focus | 11 April 2016

 

The IT director of the European Network of Transmission System Operators for Electricity (ENTSO-E) undertook a pragmatic approach toward implementing COBIT 5 at the organisation beginning in 2014. Now, 2 years later, it is time to share this successful collaboration between the internal IT department, the business organisation and the external consultants and to share how the results were achieved. Read More >>


A Governance and Management Model for the Public Sector Shared Services Center Based on COBIT 5

By Edson Cezar Mello Jr., and Joao Souza Neto, Ph.D., CGEIT, CRISC, PMP

COBIT Focus | 28 March 2016

 

Shared services is an environment in which a company can absorb activities that support the principle processes of each of the company’s other business units, consolidating these activities into a principal operating unit.
Read More >>


Understanding Architecture Roles

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC

COBIT Focus | 21 March 2016

 

When I teach classes on governance, I ask the class this: If you were newly made manager of something—security, change or problem management, or any of the COBIT processes—and you had a “greenfield,” what would you do first in the planning phase? Typically, the range of answers is wide, but the responses usually start with “fix processes” or “create a strategy.” Read More >>


Internal Controls White Paper Released

By Jimmy Heschl, CISA, CISM, CGEIT

COBIT Focus | 14 March 2016

 

COBIT 5 offers governance and management practices that can be used to construct specific controls depending on the resources that enable the accomplishment of IT-related goals. These resources are called enablers, and Internal Control Using COBIT 5 looks at the seven enablers detailed in COBIT 5 and discusses their use in developing internal controls. Read More >>


The Need for Sanctions

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 28000 FC, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC

COBIT Focus | 29 February 2016

 

In many organizations, applying the COBIT 5 Culture, Ethics and Behavior enabler is hard. Many believe that all you need to do is write a policy, tell people about it and watch them change. However, it does not work that way in the real world. People do not always embrace change and new policy. Read More >>


Initiating GEIT Using COBIT 5 at the Oman Ministry of Manpowers

By Rohit Banerjee, Redha Ahmed Al-Lawati and Maqbool Mohammed Al-Balushi

COBIT Focus | 22 February 2016

 

While attending one of the ISACA continuous professional education (CPE) sessions related to optimizing IT spending using COBIT 5 practices, it was surprising to realize that many IT audit and assurance professionals who attended the session confided having difficulty in initiating governance of enterprise IT (GEIT) and wished they had more insight on where to begin when implementing GEIT in their respective organization. Read More >>


Tips for Understanding the COBIT 5 Enabler of Process

By Lisa Young, CISA, CISMC

COBIT Focus | 8 February 2016

 

The concept of process improvement has been around for centuries. Some of the earliest efforts to improve the efficiency of work began during the Industrial Revolution in the US and Europe. Eli Whitney observed how much work was needed to remove cotton seeds from the boll by hand and invented a machine to automate the process in 1793. Read More >>


Process Standardization Is Key

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 28000 FC, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC

COBIT Focus | 25 January 2016

 

Our IT frameworks and methodologies have one thing in common. They all call for the development and standardization of processes. These processes must become ritualistic. A ritual is simply a highly precise behavior that you do at a specific time so that it becomes automatic over time and no longer requires your conscious intention or energy. Read More >>


Dubai Customs COBIT 5 Implementation

By Vishal Vyas, GEIT, Juma Al Ghaith, Ahmad Al Yaqoobi, PMP, and Syed Junaid Hasan, PMP

COBIT Focus | 18 January 2016

 

Dubai Customs is a complex and dynamic organization. The management at Dubai Customs endeavors to be on the leading edge of the latest management principles and frameworks and it utilizes many global best practices to manage activities in all business processes. Read More >>


Importance of CMMI-DEV in COBIT-based IT Governance

By Kiran Chaudhari, CISA, COBIT Assessor, CMMI, ISO 27001, ISO 90001

COBIT Focus | 4 January 2016

 

The Capability Maturity Model Integration (CMMI) is a world-class performance improvement framework for competitive organizations that want to achieve high-performance operations. Today, CMMI has become the de facto standard for information and communications technology (ICT) companies to improve operational efficiencies. Read More >>

 

COBIT Focus Archives page 1 | 2 | 3 | 4

THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA. OUR PRIVACY POLICY IS LOCATED HERE.