Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.6 - Establishment of Roles and Responsibilities

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.6 - Establishment of Roles and Responsibilities is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
7 Members
0 Online
3931 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Establishment of Roles and Responsibilities

Establish and communicate roles and responsibilities for IT personnel and end users that delineate between IT personnel and end-user authority, responsibilities and accountability for meeting the organisation’s needs.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Effective individual performance
  • Activities allocated to specific positions
  • Efficient recruitment of appropriately skilled and experienced IT staff
  • Effective staff performance
  Risk Drivers
  • Non-compliance with regulations
  • Compromised information
  • Recruitment of staff not working as intended
  • Fraudulent system usage
  • Non-responsive IT organisation

View Control Practices  help

Hide Control Practices  help

  1. Formalise the skills, experience, authority, responsibility and accountability for each IT task. Update the IT task descriptions when IT tasks change.
  2. Assign all IT tasks to one or more roles, and assign roles to IT personnel.
  3. Allocate accountabilities and responsibilities to roles rather than to organisational positions to support the execution of the role. Allocate roles to organisational positions and allocate organisational positions to individuals.
  4. Inform IT personnel about their roles and any changes to their roles.
  5. Ensure that line managers periodically confirm the accuracy of the role descriptions for their team members.
  6. Develop the role description to outline key goals and objectives, which include SMARRT measures, for use in the staff performance evaluation process.
  7. Ensure that role descriptions for staff members across the organisation specifically identify responsibilities regarding information systems, internal control and security.
  8. Ensure that management initiates regular training and awareness campaigns to reinforce staff knowledge of roles. This may be supplemented with occasional assessments of understanding and compliance.
  9. Require all employees to comply with enterprisewide (e.g., corporate) and applicable department policies related to internal control, security and confidentiality.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 56 total

Must be a Topic member to contribute
View All »
Downloads
Posted by ISACA 508 days ago
Downloads
Posted by ISACA 1593 days ago
Books
Posted by ISACA 209 days ago

Events & Online Learning: 3 total

6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 106 total

Volume 4, 2015
by Steven De Haes, Ph.D., Anant Joshi, Ph.D., and Wim Van Grembergen, Ph.D.
This article presents some key results of a recent international study on how organizations are adopting GEIT using COBIT 5 and whether these adoptions deliver enterprise value to these organizations.
Volume 2, 2015
by Manas Tripathi and Arunabha Mukhopadhyay, Ph.D.
Enterprise resource planning (ERP) aims to enhance business productivity, quality and efficiency by integrating operations and processes.
Volume 2, 2015
by Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CBCP, CDP, CISSP, ITIL V3
Information security events that affect cloud systems are occurring with no end in sight, so it should be no surprise that the cloud should be treated as a nonsecure environment with numerous threats and concerns.
Volume 2, 2015
by Vasant Raval, DBA, CISA, ACMA
While entrepreneurship has always been a key segment of the economy, there has been a huge surge in this sector since the 1990s.
Volume 1, 2015
by Ed Gelbstein, Ph.D.
An information security practitioner preparing a ROSI calculation needs to prepare it in such a way to ensure that it leads to the requested resources and preserves the practitioner’s credibility.
Volume 5, 2014
by Jonathan Copley, CISA and Upesh Parekh, CISA
A resilient service is one that is capable of withstanding major and minor disruptions caused by natural and man-made sources.

Wikis: 2 total

Blog Posts: 21 total

Lately i have been pre-occupied with how to add value to the Audit function as against the more established assurance service Audit has been known for. I see the value in the consulting approach, this is a more pre-emptive approach, allowing the organizat...
Posted By : Clemmento | 0 comments
A rose by any other name would smell as sweet".  The famous quote from Shakespeare is not quite true when it comes to naming IT projects (even more challenging for cloud initiatives).  So what are the challenges? Why the project name matters?Why and how c...
Posted By : sandeep dubey | 0 comments
If you are still using excel for your governance, risk and compliance Maclear eGRC SuiteTM have put together a whitepaper to help you understand the benefits of automation and what to look for when selecting your solution. IT GRC Whitepaper includes: 1...
Posted By : SHAMU2015 | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: http://feapo.org/press-release-ea-perspectives-white-paper/ Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 0 comments
Ina fast changing world of business and relentless competition, strategicplanning is not only critical, but also the differentiating factor for anorganization. Since IT has moved from a supportive role to a more strategicrole, the IT Strategic Planning an...
Posted By : SA | 0 comments
Agile technique in software development has been around for quite some time. There have been efforts to adopt the agile techniques for strategic planning, alignment and execution. Following are some of the relevant articles/blog posts in this area. The to...
Posted By : SA | 0 comments