The IT Governance Institute (ITGI) released the fourth version of its CobiT (Control Objectives for Information and related Technology) standard last week. The CobiT 4 framework was developed to further align it to its original purpose as an audit and compliance tool, as well as its newer function as a guide for IT processes and best practices, said Dan Casciano, chair of the CobiT steering committee and head of technology and risk services for Ernst & Young’s Carolinas operations.
Issues like complying with new legislation and making IT a more useful component of organizations compelled ITGI to devise Cobit 4. “First, with the increased regulatory requirements such as Sarbanes-Oxley, there is now a need for CIOs to implement and embrace a governance framework,” Casciano said. “It’s never been more important. It’s also how IT drives value back to the organization. There’s a whole focus on value within CobiT 4. I think the framework is sound from a governance perspective. Also, we’re trying to greater align IT to business strategy.”
These drivers are reflected in changes to content in the latest version of CobiT, Casciano said. “Within the monitoring and evaluation domain, we’ve included two new detail-control objectives: one around ensuring compliance and the other to provide IT governance,” he explained. “In addition, we’ve done a lot more harmonization to more of the other standard frameworks we see out there—ITIL, ISO 17799, CMM. If you looked at our domains within delivery and support, you’ll see that they’re now really aligned with the ITIL service-management components.”
Additionally, the structure of the standard has been altered to further synthesize its various elements. “(Another) difference between (CobiT) 3 and 4 is that we’ve consolidated the control objectives and the management guidelines into one succinct framework,” Casciano said. “We spent a considerable amount of time working on the management guidelines, which is the maturity model assessment within CobiT. That’s integrated very tightly within CobiT 4.”
For more information, see http://www.isaca.org/cobit.