Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Join author Masatoshi Kajimoto as he responds to ISACA member questions beginning 23 April 2012. Add your questions by responding to this post!

You must be logged in and be a member of this group* to participate.
*After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.


The author's first article "Using COBIT to Aid in Hospital Risk Management,"(COBIT Focus volume 1, 2012) ended at the starting point of the system integration. This article picks up where the first left off. Next, the organization needed to clearly distinguish clinical and IT risk management subjects/objectives, define appropriate system requirements and new business processes, clearly identify performance indices, and establish appropriate new business and IT management/control processes.Read the rest of the article
You must sign in to rate content.
(1 ratings)

Comments

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

I enjoyed Mr. Kajimoto's approach and a real-world example on how to use COBIT in a sensitive environment. From the conclusion, I'm taking the 'Expect the Unexpected' part. There's always uncertainty on what we do and Risk Management is about understanding, envisioning what might happen and applying the rich processes, procedures and controls.
I think it is a nice piece of work from Mr. Kajimoto and show the applicability of the framework. Congratulations!
RamsesSocial at 4/24/2012 11:53:01 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Great work. I'm doing something similar for a financial institution. Our previous approach aligned the IT Audit Universe with the IT organisational structure, however this did not provide a complete view of all the components of an accepted framework such as Cobit as some departments had responsibility for more than one Cobit process. I'm now taking your approach to get a full view of the process and aligning it to the departments.

Question 1:
Is the IT Governance Framework as defined the same framework that the organisation use or is it an assurance spesific framework

Question 2:
It would be grealty appreciated if you could share your mapping of the control objectives to the relevant areas on your framework.

Thanks. Werner.
mullerwhObserver at 10/22/2012 9:08:24 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Answer 1:

I applied COBIT 4.1 (IT Governance framework) into a medical institute to
establish good IT related risk management.

Please refer Part 1 of my article.


<http://www.isaca.org/Groups/Professional-English/3-cobit-use-it-effectively
/Pages/ViewDiscussion.aspx?PostID=99>
http://www.isaca.org/Groups/Professional-English/3-cobit-use-it-effectively/
Pages/ViewDiscussion.aspx?PostID=99

"COBIT 4.1 ToolKit" is very useful for this purpose. To get complete view
of target business area, BSC approach is recommended. (#06 and #09 file of
ToolKit)

Of course, knowledge of business processes (medical care processes, hospital
management processes) is essential.



Answer 2:

Appendix I of COBIT 4.1 is useful for this purpose. I rewrote "Business
Goals" and "IT Goals" of these matrices based on Medical care process and
Hospital management process. Based on BSC, these were defined.



If you have any more questions, please submit more questions here. I will
create a workshop of this theme, if required.

My Best,



Masa



Masatoshi Kajimoto,CISA, CRISCEnergizer at 10/23/2012 4:12:40 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Answer 1:

I applied COBIT 4.1 (IT Governance framework) into a medical institute to
establish good IT related risk management.

Please refer Part 1 of my article.


<http://www.isaca.org/Groups/Professional-English/3-cobit-use-it-effectively
/Pages/ViewDiscussion.aspx?PostID=99>
http://www.isaca.org/Groups/Professional-English/3-cobit-use-it-effectively/
Pages/ViewDiscussion.aspx?PostID=99

"COBIT 4.1 ToolKit" is very useful for this purpose. To get complete view
of target business area, BSC approach is recommended. (#06 and #09 file of
ToolKit)

Of course, knowledge of business processes (medical care processes, hospital
management processes) is essential.



Answer 2:

Appendix I of COBIT 4.1 is useful for this purpose. I rewrote "Business
Goals" and "IT Goals" of these matrices based on Medical care process and
Hospital management process. Based on BSC, these were defined.



If you have any more questions, please submit more questions here. I will
create a workshop of this theme, if required.

My Best,



Masa



Masatoshi Kajimoto,CISA, CRISCEnergizer at 10/23/2012 4:12:40 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Great work. I'm doing something similar for a financial institution. Our previous approach aligned the IT Audit Universe with the IT organisational structure, however this did not provide a complete view of all the components of an accepted framework such as Cobit as some departments had responsibility for more than one Cobit process. I'm now taking your approach to get a full view of the process and aligning it to the departments.

Question 1:
Is the IT Governance Framework as defined the same framework that the organisation use or is it an assurance spesific framework

Question 2:
It would be grealty appreciated if you could share your mapping of the control objectives to the relevant areas on your framework.

Thanks. Werner.
mullerwhObserver at 10/22/2012 9:08:24 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

I enjoyed Mr. Kajimoto's approach and a real-world example on how to use COBIT in a sensitive environment. From the conclusion, I'm taking the 'Expect the Unexpected' part. There's always uncertainty on what we do and Risk Management is about understanding, envisioning what might happen and applying the rich processes, procedures and controls.
I think it is a nice piece of work from Mr. Kajimoto and show the applicability of the framework. Congratulations!
RamsesSocial at 4/24/2012 11:53:01 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

I enjoyed Mr. Kajimoto's approach and a real-world example on how to use COBIT in a sensitive environment. From the conclusion, I'm taking the 'Expect the Unexpected' part. There's always uncertainty on what we do and Risk Management is about understanding, envisioning what might happen and applying the rich processes, procedures and controls.
I think it is a nice piece of work from Mr. Kajimoto and show the applicability of the framework. Congratulations!
RamsesSocial at 4/24/2012 11:53:01 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Great work. I'm doing something similar for a financial institution. Our previous approach aligned the IT Audit Universe with the IT organisational structure, however this did not provide a complete view of all the components of an accepted framework such as Cobit as some departments had responsibility for more than one Cobit process. I'm now taking your approach to get a full view of the process and aligning it to the departments.

Question 1:
Is the IT Governance Framework as defined the same framework that the organisation use or is it an assurance spesific framework

Question 2:
It would be grealty appreciated if you could share your mapping of the control objectives to the relevant areas on your framework.

Thanks. Werner.
mullerwhObserver at 10/22/2012 9:08:24 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT to Aid in Hospital Risk Management, Part 2

Answer 1:

I applied COBIT 4.1 (IT Governance framework) into a medical institute to
establish good IT related risk management.

Please refer Part 1 of my article.


<http://www.isaca.org/Groups/Professional-English/3-cobit-use-it-effectively
/Pages/ViewDiscussion.aspx?PostID=99>
http://www.isaca.org/Groups/Professional-English/3-cobit-use-it-effectively/
Pages/ViewDiscussion.aspx?PostID=99

"COBIT 4.1 ToolKit" is very useful for this purpose. To get complete view
of target business area, BSC approach is recommended. (#06 and #09 file of
ToolKit)

Of course, knowledge of business processes (medical care processes, hospital
management processes) is essential.



Answer 2:

Appendix I of COBIT 4.1 is useful for this purpose. I rewrote "Business
Goals" and "IT Goals" of these matrices based on Medical care process and
Hospital management process. Based on BSC, these were defined.



If you have any more questions, please submit more questions here. I will
create a workshop of this theme, if required.

My Best,



Masa



Masatoshi Kajimoto,CISA, CRISCEnergizer at 10/23/2012 4:12:40 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.