ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Governance—COBIT and ISACA Frameworks

Governance—COBIT and ISACA Frameworks

| Published: 1/21/2013 9:39 AM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this Post | Comments (0)
How does a comparison of governance models help me become a more effective audit professional? That was the challenge that I was trying to address. In fact, currently ISO is reviewing the differences between project, program and portfolio governance with the objective to enhance management accountability or accountability in general over IT projects. I have found in my current position that there may be a need to create an interdisciplinary governance model—one that crosses information security, controls and overall value added to a firm. Yes, COBIT with its emphasis on—Evaluate, Direct and Monitor; Build, Acquire and Implement; Deliver, Service and Support—is a model designed for all situations. But, does it help firms to better analyze implementing cloud programs? Does it help implement a broad-based IT program of data privacy? Does it help focus management’s attention on the threat vectors that need to be evaluated in line with change management or capacity management? These are several of the more practical questions that I believe need answers. The issue is more in the implementation of the model. The governance of enterprise IT (GEIT) model does cover risk analysis and remediations.
As it is understood, project governance, IT governance and enterprise governance have their own types of guidance—each with similar goals but often varying terms and techniques for achievement. My thought is that this may have to be amplified as businesses see the need and value to move forward into cloud computing and identity access management, since some of the low-level challenges may risk not being captured in these models.
Read Larry Marks’ recent Journal article:
Governance Implementation—COBIT 5 and ISO,” ISACA Journal, volume 1, 2013


There are no comments yet for this post.