The IT Governance Institute (ITGI) recently released CoBiT 4.1, an update to the CoBiT (control objectives for information and related technology) IT governance framework. CoBiT prescribes a set of practices intended to allow organizations to reduce IT-related risks and see increased value from their usage of IT.
The last time CoBiT was updated was for version 4.0, which came out in 2005, so this is the first time the framework has seen revision in about 16 months.
“With version 4.0, we moved CoBiT to an IT governance framework, and one of the big changes in version 4.0 was the linkage between business goals and IT goals and processes to help organizations map the metrics that they’re pulling out of IT to their business objectives,” said Robert Stroud, IT governance evangelist for CA (formerly Computer Associates). “In 4.1, we covered what is formally known as an audit framework. One of the big changes in 4.1 was releasing of our Assurance Guide. That’s one of the primary elements in it.”
Stroud also is a member of the board of trustees of ISACA, which established ITGI
The Assurance Guide describes how CoBiT can be used to support assurance activities such as planning for and assessing risks, as well as how an assurance review can be performed for each of CoBiT’s 34 processes.
Stroud said Sarbanes-Oxley has helped push global adoption of CoBiT and that the continual emergence of a variety of other regulatory or quality-assurance programs assists with this, as well.
“People are looking to have this overarching single framework they can use to pull all these lower-level frameworks and standards up to a managing-reporting layer and develop balanced score cards for the appropriate person who’s viewing them based on business objectives and priorities,” Stroud said. “If you consistently do compliance work with every framework independently, you’re causing yourself significant pain and cost.
“So, we’re doing mappings of CoBiT to various standards and frameworks to help people understand where the correlation and crossovers are. It parallels the notion that IT governance or managing IT well is becoming an important consideration for the CIO.”
Stroud also said this is how CoBiT serves to not just aid in regulatory compliance but also to enhance the value of IT usage.
“It’s the notion of rolling up balanced score cards that give the CIO a view of where IT is, how it’s delivering and where it’s adding value,” he said. “What we’re really doing with CoBiT is giving visibility to the elements within IT.”