COBIT takes on business outlook

The IT governance framework known as Control Objectives for Information and Related Technology (COBIT) has recently been updated in efforts to make the guidelines more business focused.

COBIT 4.0 marks the first major update of the COBIT core content since the release of COBIT 3rd Edition in 2000. The first edition was published in 1994. Traditionally a tool that is often utilized by IT auditors, COBIT is increasingly being used to help organizations prepare for audits and now as a more standard method for measuring and monitoring a company's IT processes.

"COBIT 4.0 will help push IT governance guidelines to more senior IT and business executives," said Frank Yam, vice president of the Information Systems Audit and Control Association (ISACA), in Hong Kong. The IT Governance Institute issued the COBIT update at the end of 2005 and is an affiliate of ISACA, which is an education and research group for IT governance and audit practices.

COBIT 4.0 includes guidance for boards of directors and all levels of management. It consists of four sections: the executive overview, the framework, the core content (control objectives, management guidelines and maturity models) and appendices. The core content is divided according to the 34 IT process and gives a complete picture of how to control, manage and measure each process. Yam notes that are no changes in the framework itself but there are a few additional processes within the four sections. The changes are in the presentation of the guidelines which relate the framework more directly to management practices.

Yam observed that COBIT 4.0 is one of many emerging frameworks and systems that are being used to address IT governance and management. The IT Infrastructure Library (ITIL), Capability Maturity Model and BS 7799 are all standards and frameworks that address parts of the IT governance challenge.

Yam believes that with all the changes in business and in the different emerging frameworks and tools, COBIT can offer an umbrella set of guidelines to help tie IT governance to business goals rather than be too focused on IT objectives. "The emphasis today is on business-IT alignment and making sure business challenges can be translated into IT objectives and vice versa," said Yam. He added that as companies face compliance and governance issues, IT professionals need tools and business terminology to help them discuss with business executives the potential role for IT' in supporting corporate objectives.