Tugba Yildirim, CISA, CRISC
Business organizations dealing with rapidly changing competitive industry environments and changing customer priorities and demands are required to manage risk related with objectives and establish a reliable internal control system.
Success in business can be achieved by improving business processes. Since IT processes are at the heart of the business life, creating more effective and efficient processes results in the achievement of business objectives.
It is important for an internal control system to establish, document and follow policies, standards, procedures and processes. In practice, quality management departments are responsible for consulting with process development to create effective and efficient processes.
While quality management specialists are trying to develop effective and efficient processes and quality documents for business operations, risk and control specialists concentrate on objectives, the risk of these working styles, and designing controls. This is crucial in gaining value for business without incurring losses.
From the internal control point, COBIT and ISO 9001 have a lot in common since both are aimed at achieving business objectives, focus on identifying planned accomplishments, and fulfill the planned tasks, checking whether the planned tasks are complete and answering the questions of lessons learned.
Organizations can benefit from the guidance of COBIT for IT processes while using ISO 9001 to improve their quality. By integrating the processes of COBIT and ISO 9001, organizations can increase the effectiveness and efficiency of the quality management system (QMS).
By mapping the common objectives of COBIT and ISO 9001:2008, both IT governance processes and QMS processes can be taken into consideration and carried out together, allowing one to support IT quality systems management and IT processes effectively and efficiently.