Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.1 - IT Process Framework

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.1 - IT Process Framework is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
7 Members
0 Online
3623 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

IT Process Framework

Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It should provide integration amongst the processes that are specific to IT, enterprise portfolio management, business processes and business change processes. The IT process framework should be integrated into a quality management system (QMS) and the internal control framework.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Consistent approach for the definition of IT processes
  • Organisation of key activities into logical, interdependent processes
  • Clear definition of ownership of and responsibility for processes and key activities
  • Reliable and repeatable execution of key activities
  • Flexible and responsive IT processes
  Risk Drivers
  • Framework not being accepted by the business and IT processes not being related to business requirements
  • Incomplete framework of IT processes
  • Conflicts and unclear interdependencies amongst processes
  • Overlaps between activities
  • Inflexible IT organisation
  • Gaps between processes
  • Duplication of processes

View Control Practices  help

Hide Control Practices  help

  1. Identify IT processes required to realise the IT strategic plan.
  2. Define and implement a framework to enable the definition and follow-up of process goals, measures, controls and maturity.
  3. Define relationships and touchpoints (e.g., inputs/outputs) amongst the IT processes, enterprise portfolio management and business processes.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 158 total

Must be a Topic member to contribute
View All »
Posted by ISACA 542 days ago
Posted by ISACA 553 days ago
Posted by ISACA 1628 days ago

Events & Online Learning: 8 total

6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
16 Jun 2014
ISACA International Event
Seattle, WA, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
17 Aug 2015
ISACA International Event
Phoenix, Arizona, US
2015 GRC Conference - August 17-19, Phoenix, AZ. Explore the future of Governance Risk and Control through expert-led workshops and sessions developed by the IIA and ISACA. Register early for our GRC learning tracks.
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM

Journal Articles: 351 total

Volume 4, 2015
by B. Aysha Banu and M. Chitra, Ph.D.
Deep web is content that is dynamically generated from data sources, namely file systems or databases.
Volume 4, 2015
by Arian Eigen Heald, CISA, CGEIT, CEH, CISSP, GCFA
From businesses to government agencies, nearly every entity contracts some aspect of software development, system integration and hosting services—creating an emerging crisis in accountability.
Volume 4, 2015
by Steven De Haes, Ph.D., Anant Joshi, Ph.D., and Wim Van Grembergen, Ph.D.
This article presents some key results of a recent international study on how organizations are adopting GEIT using COBIT 5 and whether these adoptions deliver enterprise value to these organizations.
Volume 4, 2015
by Ganapathi Subramaniam
How should I go about establishing the security function and building a culture that is supportive to controls implementation?
Volume 3, 2015
by Makoto Miyazaki, CISA, CPA
What constitutes true adoption of COBIT 5? Is it a minimum condition that at least one principle of COBIT 5 is adopted for true adoption of COBIT 5?
Volume 3, 2015
by Robert F. Smallwood | Reviewed by Upesh Parekh, CISA
By 2016, one in five chief information officers in regulation industries will be fired from their job for a failed information governance (IG) initiative.

Wikis: 2 total

Blog Posts: 32 total

Throughout my career I have experienced various “philosophies” in planning and design of IT projects. Some choose the fire fighter philosophy, while others choose the “agile as an excuse for insufficient design”. On the other end of the scale I have found...
Posted By : John410 | 0 comments
Water Management Cyber Security guide from the American Water Works Association is bypassing certain critical controls on ICS Networks. Are we still in time in Spain to avoid this mishap? I know I should be looking for the needle in the Haystack, but lo...
Posted By : Enrique229 | 0 comments
Lately i have been pre-occupied with how to add value to the Audit function as against the more established assurance service Audit has been known for. I see the value in the consulting approach, this is a more pre-emptive approach, allowing the organizat...
Posted By : Clemmento | 0 comments
A rose by any other name would smell as sweet".  The famous quote from Shakespeare is not quite true when it comes to naming IT projects (even more challenging for cloud initiatives).  So what are the challenges? Why the project name matters?Why and how c...
Posted By : sandeep dubey | 0 comments
If you are still using excel for your governance, risk and compliance Maclear eGRC SuiteTM have put together a whitepaper to help you understand the benefits of automation and what to look for when selecting your solution. IT GRC Whitepaper includes: 1...
Posted By : SHAMU2015 | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 0 comments