Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.6 - Establishment of Roles and Responsibilities

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.6 - Establishment of Roles and Responsibilities is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
7 Members
0 Online
4350 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Establishment of Roles and Responsibilities

Establish and communicate roles and responsibilities for IT personnel and end users that delineate between IT personnel and end-user authority, responsibilities and accountability for meeting the organisation’s needs.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Effective individual performance
  • Activities allocated to specific positions
  • Efficient recruitment of appropriately skilled and experienced IT staff
  • Effective staff performance
  Risk Drivers
  • Non-compliance with regulations
  • Compromised information
  • Recruitment of staff not working as intended
  • Fraudulent system usage
  • Non-responsive IT organisation

View Control Practices  help

Hide Control Practices  help

  1. Formalise the skills, experience, authority, responsibility and accountability for each IT task. Update the IT task descriptions when IT tasks change.
  2. Assign all IT tasks to one or more roles, and assign roles to IT personnel.
  3. Allocate accountabilities and responsibilities to roles rather than to organisational positions to support the execution of the role. Allocate roles to organisational positions and allocate organisational positions to individuals.
  4. Inform IT personnel about their roles and any changes to their roles.
  5. Ensure that line managers periodically confirm the accuracy of the role descriptions for their team members.
  6. Develop the role description to outline key goals and objectives, which include SMARRT measures, for use in the staff performance evaluation process.
  7. Ensure that role descriptions for staff members across the organisation specifically identify responsibilities regarding information systems, internal control and security.
  8. Ensure that management initiates regular training and awareness campaigns to reinforce staff knowledge of roles. This may be supplemented with occasional assessments of understanding and compliance.
  9. Require all employees to comply with enterprisewide (e.g., corporate) and applicable department policies related to internal control, security and confidentiality.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 54 total

Must be a Topic member to contribute
View All »
Posted by ISACA 929 days ago
Posted by ISACA 2014 days ago
Posted by ISACA 347 days ago

Events & Online Learning: 3 total

21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 49 total

Volume 5, 2016
by Syed K. Ishaq, CISA, CRISC, CCISO
Although the short-term impact from a cyberattack can be overwhelming, the long-term implications can be quite burdensome
Volume 5, 2016
by John W. Lainhart IV, CISA, CISM, CGEIT, CRISC, CIPP/G, CIPP/US, Zhiwei Fu, Ph.D., CISA, CGEIT, CRISC, CFE, CISSP, ITIL, PMP and Christopher M. Ballister, CISM, CGEIT, CRISC
Organizations need to move toward a more holistic and proactive approach to addressing security threats and managing compliance requirements in today’s information-driven economy.
Volume 3, 2016
by Joseph Zipper, CISA, IPRC, PMP
Efficient and effective auditing of major projects requires a flexible approach, where audit is actively engaged throughout the project life cycle.
Volume 3, 2016
by Simon Grima, Ph.D., Robert W. Klein, Ph.D., Ronald Zhao, Ph.D., Frank Bezzina, Ph.D. and Pascal Lélé, Ph.D.
What are the specific risk and opportunities that affect the ability of the organization to create value in the short, medium and long term? How will the organization capitalize on these to obtain a competitive advantage?
Volume 2, 2016
by Nancy Lankton, CISA, CPA and Jean Price
Ten years ago, Richard Nolan and F. Warren McFarlan wrote a Harvard Business Review article about the role of the board of directors (BoD) in IT governance.
Volume 2, 2016
by Jeroen van Lewe, CISA, CEH, CIA, ECSA
In the Netherlands, large-scale cyberattacks on government web sites began in 2011. In 2012, the Dutch government decided to use IT audits as one of the remedies for this issue.

Wikis: 2 total

Blog Posts: 46 total

CyberSecurity Month is recognized by the United States government. Homeland Security has a campaign that we will look at called Stop.Think.Connect. It is focused on CyberSecurity awareness. I have been looking at CyberSecurity since 2011 when I found...
Posted By : Gerri Anne Redmond | 0 comments
A customer walks into a grocery store to buy a cold yogurt, then walks toward the checkout stand to buy it. While waiting in line to buy the yogurt, there is a chance it will warm up. If the line is long, not only will the customer refuse to buy the yogu...
Posted By : Don Turnblade | 0 comments
Some exciting projects coming. I am working on reworking our managed health care system to include an all online process from doctor prescribed prescriptions to filled prescriptions. I have reaching out to technology companies and politicians to see if ...
Posted By : Gerri Anne Redmond | 0 comments
National Cyber Security Awareness Month is approaching. It is October. I will be providing some fun things for you to research and learn. Check back often. Look at the Homeland Security site for additional tips.
Posted By : Gerri Anne Redmond | 0 comments
6 Sep 2016
Hi everyone - I hope you can help me with my questions: I have passed my CISA exam last October, with my work experience combine with my educational background, I am able to save 3 years from the requirement to get my CISA designation, but I am lac...
Posted By : Lan234 | 1 comments
Our company has renovated only a few months back and we have been issued recent PCs and meeting equipment replaced. I am hoping I could ship these assets back to a bunch of innocent school children in impoverished areas in the Philippines to introduce the...
Posted By : Mary Lou | 0 comments