You must be logged in to post a comment to this blog.
ISACA > Journal > Journal Author Blog > Posts > Governance—COBIT and ISACA Frameworks
Governance—COBIT and ISACA Frameworks
Larry MarksLarry Marks, CISA, CGEIT, CRISC, CFE, CISSP, CSTE, ITIL, PMP
 
How does a comparison of governance models help me become a more effective audit professional? That was the challenge that I was trying to address. In fact, currently ISO is reviewing the differences between project, program and portfolio governance with the objective to enhance management accountability or accountability in general over IT projects. I have found in my current position that there may be a need to create an interdisciplinary governance model—one that crosses information security, controls and overall value added to a firm. Yes, COBIT with its emphasis on—Evaluate, Direct and Monitor; Build, Acquire and Implement; Deliver, Service and Support—is a model designed for all situations. But, does it help firms to better analyze implementing cloud programs? Does it help implement a broad-based IT program of data privacy? Does it help focus management’s attention on the threat vectors that need to be evaluated in line with change management or capacity management? These are several of the more practical questions that I believe need answers. The issue is more in the implementation of the model. The governance of enterprise IT (GEIT) model does cover risk analysis and remediations.
 
As it is understood, project governance, IT governance and enterprise governance have their own types of guidance—each with similar goals but often varying terms and techniques for achievement. My thought is that this may have to be amplified as businesses see the need and value to move forward into cloud computing and identity access management, since some of the low-level challenges may risk not being captured in these models.
 
Read Larry Marks’ recent Journal article:
Governance Implementation—COBIT 5 and ISO,” ISACA Journal, volume 1, 2013

Comments

There are no comments yet for this post.