Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.1 - IT Process Framework

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.1 - IT Process Framework is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
9 Members
0 Online
3842 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


IT Process Framework

Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It should provide integration amongst the processes that are specific to IT, enterprise portfolio management, business processes and business change processes. The IT process framework should be integrated into a quality management system (QMS) and the internal control framework.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Consistent approach for the definition of IT processes
  • Organisation of key activities into logical, interdependent processes
  • Clear definition of ownership of and responsibility for processes and key activities
  • Reliable and repeatable execution of key activities
  • Flexible and responsive IT processes
  Risk Drivers
  • Framework not being accepted by the business and IT processes not being related to business requirements
  • Incomplete framework of IT processes
  • Conflicts and unclear interdependencies amongst processes
  • Overlaps between activities
  • Inflexible IT organisation
  • Gaps between processes
  • Duplication of processes

View Control Practices  help

Hide Control Practices  help

  1. Identify IT processes required to realise the IT strategic plan.
  2. Define and implement a framework to enable the definition and follow-up of process goals, measures, controls and maturity.
  3. Define relationships and touchpoints (e.g., inputs/outputs) amongst the IT processes, enterprise portfolio management and business processes.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 159 total

Must be a Topic member to contribute
View All »
Downloads
Posted by ISACA 756 days ago
Downloads
Posted by ISACA 766 days ago
Downloads
Posted by ISACA 1841 days ago
Books
Posted by ISACA 59 days ago
Books
Posted by ISACA 59 days ago
Books
Posted by ISACA 104 days ago

Events & Online Learning: 6 total

16 Jun 2014
ISACA International Event
Seattle, WA, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.
22 Aug 2016
ISACA International Event
Hollywood, Florida, US
2016 GRC Conference - 22-24 August , Fort Lauderdale, FL. Explore the future of Governance Risk and Control through expert-led workshops and sessions developed by the IIA and ISACA. Register early for our GRC learning tracks.

Journal Articles: 136 total

Volume 3, 2016
by Ed Gelbstein, Ph.D.
Every topic can be subdivided into many more sections, but the intention of this column is not to provide a detailed manual (it would be a large book), just an overview.
Volume 2, 2016
by Nancy Lankton, CISA, CPA and Jean Price
Ten years ago, Richard Nolan and F. Warren McFarlan wrote a Harvard Business Review article about the role of the board of directors (BoD) in IT governance.
Volume 2, 2016
by Ed Gelbstein, Ph.D.
This article provides a map of the IS/IT risk management activities that are auditable and shows how to maintain a collaborative relationship with the ERM team while avoiding conflicts of interest.
Volume 2, 2016
by Jeroen van Lewe, CISA, CEH, CIA, ECSA
In the Netherlands, large-scale cyberattacks on government web sites began in 2011. In 2012, the Dutch government decided to use IT audits as one of the remedies for this issue.
Volume 2, 2016
by Robert Putrus, CISM, CFE, CMC, PE, PMP
Investments in cybersecurity tend to be fairly significant, so organizations continually seek ways to determine whether the investments were appropriate based on return.
Volume 2, 2016
by Vimal Mani, CISA, CICA, Six Sigma Black Belt
Lean is a philosophy of continuous, incremental improvement of business processes, products and services.

Wikis: 2 total

Blog Posts: 44 total

Abstract Performance of incident response team during a forensic investigation is very important. But during a forensic investigation the majority of participants is over task assignment and data gathering for optimum analysis while incident may become w...
Posted By : Navid Baradaran | 0 comments
Disclaimer: This only represent my experience Views and opinion Introduction Information Security Manager’s oversee information security programs which includes network security in organisations or business enterprises. With documented knowledge ab...
Posted By : Prince143 | 0 comments
How do you achieve effectiveness or simple integrated approach during implementation of COBIT 5. By selecting required COBIT 5 processes combination to achieve organization requirement and align as per regulations and standards. i.e. to implement Enterpri...
Posted By : Sriram S IT IS | 0 comments
I must be honest and say that up until the day I saw the advert inviting applications for trainee IT Analyst positions in one of the members of the Big-4 that operate in Swaziland, I had no clue about the exciting world of assurance in IT. I had always vi...
Posted By : Tipho217 | 0 comments
The PCI Council has announced some new information on the upcoming version of PCI - Version 3.2.  Find out the latest here: http:/www.lbmcinformationsecurity.com/blog
Posted By : Stewart141 | 0 comments
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 0 comments