ISACA is enjoying a rare opportunity: the International Headquarters office will be among one of the first organizations to implement COBIT 5 as ISACA’s business framework. We are convinced that COBIT’s commonsense, business-oriented approach to governance and management will help us address specific activities and the broader organization.
How did we get started down this path? Those of you who have been reading ISACA publications for the past 12 months know that the association has been focused on an extension of its 2009 strategy, resulting in a sharpened focus on trust and value in information and information systems, and a series of 24 supporting initiatives to help us achieve our goals. The initiatives are ambitious and complex, and contain numerous dependencies. They represent a prime opportunity—and need—for effective governance and management, with special focus on resource optimization, risk mitigation and value delivery. In other words, COBIT 5.
One of COBIT’s strengths, since its first edition, has always been its flexibility. It not only accommodates customization to fit the enterprise’s needs, it encourages it. Therefore, we will be customizing it as well. Our usage, in this instance, will not focus on IT. Instead, it will focus on ensuring that the strategic initiatives are undertaken in such a way as to enable the goals cascade: the needs of stakeholders (members, certification holders, others in “IT trust” professions and enterprises that are dependent on IT, among others) are reflected in appropriate organizational goals, the achievement of which is enabled by achievement of the goals of the entire strategic portfolio, which in turn is supported by achieving individual initiative goals.
We plan to capture our approach and outcomes in the form of a case study that we hope will help other small to medium enterprises (SMEs) understand how COBIT 5 could be used in their own environment. ISACA is, after all, a typical SME. We will be approaching COBIT 5 with the same degree of understanding, challenges and questions as other SMEs. A publication addressing COBIT for SMEs is in the planning stage; we believe ISACA’s experience can be useful input into its development.
We will apply COBIT 5 to other specific activities as well, and will gradually expand its scope to cover broader enterprise issues. It is exciting to be able to apply our own framework to our own environment. We feel certain our experience will constitute yet another COBIT success story. Watch for further information as we progress.