Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.6 - Establishment of Roles and Responsibilities

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.6 - Establishment of Roles and Responsibilities is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
5 Members
0 Online
3408 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!


Establishment of Roles and Responsibilities

Establish and communicate roles and responsibilities for IT personnel and end users that delineate between IT personnel and end-user authority, responsibilities and accountability for meeting the organisation’s needs.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Effective individual performance
  • Activities allocated to specific positions
  • Efficient recruitment of appropriately skilled and experienced IT staff
  • Effective staff performance
  Risk Drivers
  • Non-compliance with regulations
  • Compromised information
  • Recruitment of staff not working as intended
  • Fraudulent system usage
  • Non-responsive IT organisation

View Control Practices  help

Hide Control Practices  help

  1. Formalise the skills, experience, authority, responsibility and accountability for each IT task. Update the IT task descriptions when IT tasks change.
  2. Assign all IT tasks to one or more roles, and assign roles to IT personnel.
  3. Allocate accountabilities and responsibilities to roles rather than to organisational positions to support the execution of the role. Allocate roles to organisational positions and allocate organisational positions to individuals.
  4. Inform IT personnel about their roles and any changes to their roles.
  5. Ensure that line managers periodically confirm the accuracy of the role descriptions for their team members.
  6. Develop the role description to outline key goals and objectives, which include SMARRT measures, for use in the staff performance evaluation process.
  7. Ensure that role descriptions for staff members across the organisation specifically identify responsibilities regarding information systems, internal control and security.
  8. Ensure that management initiates regular training and awareness campaigns to reinforce staff knowledge of roles. This may be supplemented with occasional assessments of understanding and compliance.
  9. Require all employees to comply with enterprisewide (e.g., corporate) and applicable department policies related to internal control, security and confidentiality.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 65 total

Must be a Topic member to contribute
View All »
Downloads
Posted by ISACA 14 days ago
Downloads
Posted by ISACA 1099 days ago
ICQs and Audit Programs
Posted by ISACA 14 days ago
Posted by ISACA 24 days ago
Posted by ISACA 24 days ago

Events & Online Learning: 4 total

6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
29 Sep 2014
ISACA International Event
Barcelona, Spain
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM 2014—the leading European conference for IT audit, assurance, security and risk professionals.
6 Oct 2014
ISACA International Event
Panama City, Panama
La Conferencia Latinoamericana CACS/ISRM 2014

Journal Articles: 99 total

Volume 2, 2014
by Key Mak, CISM, CAP, CISSP, ITIL, PMP, Security Plus, ECMp
Whether launching an information security project or developing a road map for an enterprise, determining where to start can be overwhelming.
Volume 2, 2014
by Myles Suer, Chane Cullens and Don Brancato
COBIT 5 fosters the use of balanced scorecards and goal cascades to help IT leaders show that IT is managing its ship for the good of the enterprise.
Volume 2, 2014
by Tugba Yildirim, CISA, CGEIT, CRISC, and Bilgin Metin, Ph.D.
The processes described in this article were identified as critical from the viewpoint of using confidential information in business operations.
Volume 2, 2014
by John Kyriazoglou | Reviewed by Maria Patricia Prandini, CISA, CRISC
From an organization’s point of view, the best technology is worthless when it is not appropriately implemented.
Volume 1, 2014
by Nageswaran Kumaresan, Ph.D., CISA, CRISC, CGMA, CIA
Protecting digital assets and intellectual property (IP) is becoming increasingly challenging for organizations.
Volume 6, 2013
by Frank Bezzina, Ph.D., Pascal Lélé, Ph.D., Ronald Zhao, Ph.D., Simon Grima, Ph.D., Robert W. Klein, Ph.D. and Martin Hellmich, Ph.D.
IT-directed IRM adds value to risk management by strengthening internal controls and audit processes.

Wikis: 2 total

Blog Posts: 76 total

"Combatirse a sí mismo es la guerra más difícil; vencerse a sí mismo es la victoria más bella"Friedrich von Logau (1605-1655) Poeta alemán.En estos momentos en que la contratación de un profesional para una empresa debe de ser un tema muy bien planteado, ...
Posted By : Javier | 0 comments
13 Mar 2014
Complying with a multitude of complex regulations, assessing risks of non-compliance with each statute and guideline, implementing controls for every process across multiple lines of business and at every level of an organization can be overwhelming. So m...
Posted By : CraigerGRC | 0 comments
Fundamental to any organization’s ongoing success is leadership. But success of one leader does not guarantee the success of the other.  Ongoing success of an organization after a leader departs is measured by how deeply the seeds of the organization’s ...
Posted By : Debi | 0 comments
Enterprise Architecture Practice provides several benefits to organization. Some of the benefits are listed below:  an improved road map for strategy execution; focused and measured strategy implementation; creating synergies; cost reduction (value for m...
Posted By : SA | 0 comments
Agile technique in software development has been around for quite some time. There have been efforts to adopt the agile techniques for strategic planning, alignment and execution. Following are some of the relevant articles/blog posts in this area. The to...
Posted By : SA | 0 comments
Ina fast changing world of business and relentless competition, strategicplanning is not only critical, but also the differentiating factor for anorganization. Since IT has moved from a supportive role to a more strategicrole, the IT Strategic Planning an...
Posted By : SA | 0 comments