COBIT®

Overview

Control Objectives for Information and Related Technology (COBIT®) provides good practices across a domain and process framework. It presents activities in a manageable and logical structure. They are strongly focused on control and less on execution. These practices will help optimize IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong.

For IT solutions to be successful in delivering business requirements, management should put an internal control system or framework in place. The COBIT® control framework contributes to these needs by:

  • Better alignment, based on a business focus;
  • A view, understandable to management, of what IT does;
  • Clear ownership and responsibilities, based on process orientation;
  • Defining the management control objectives to be considered.

The principle of this framework says: to provide the information that the enterprise needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes.

Faydalar

The benefits of implementing COBIT® as a governance framework over IT include:
  • Better alignment, based on a business focus;
  • A view, understandable to management, of what IT does;  
  • Clear ownership and responsibilities, based on process orientation;
  • General acceptability with third parties and regulators;
  • Shared understanding amongst all stakeholders, based on a common language;
  • Fulfillment of the COSO (Committee of Sponsoring Organizations of the Treadway Commission) requirements for the IT control environment. 

The Challenge

Internal IT organizations are under increasing pressure to meet the business goals of their companies. This challenge can be particularly daunting because it involves complying with regulations, such as the Sarbanes-Oxley (SOX) and Basel II. Compliance requires strong corporate governance capabilities that are demonstrable to outside auditors. Because IT plays such a major role in business processes, the IT organization not only creates complexity for the business, but at the same time, provides the means to demonstrate this compliance. Organizations rely on guidelines such as COBIT® to help understand and address these challenges.

Implementing COBIT® is by no means a trivial task. It requires an organization to address high complexity in three areas: IT infrastructure, IT processes, and COBIT® control objectives. Processes are often in silos supporting specific organizational entities, requiring a complex organizational structure to ensure compliance is maintained. Further complicating the problem is that the IT environment is in a constant state of flux. Therefore, manual processes are not viable. They are not sustainable because they are difficult to enforce and monitor. They are not cost efficient. And they depend on dedicated staff willing to maintain a reliable paper trail that can stand up to a rigorous compliance audit.

Technology plays an indispensable role in helping companies achieve the COBIT® control objectives. As a result, it's important that the solution also support COBIT®. Organizations need to deploy systems-based ITSM solutions to help them conquer the complexity and establish sustainability. Well planned systems-based solutions should cover the full spectrum of ITSM disciplines.

SoftExpert SE Suite is an easy-to-use, comprehensive compliance solution for automating the four COBIT® domains: plan and organize; acquire and implement; deliver and support; and monitor and evaluate. The solution provides the foundation for aligning with COBIT®; improving IT processes and controls; and easing compliance with regulations, industry mandates, and internal policies.

Module    COBIT Compliance and Requirements                                                                                  

        SE Audit
   
SE Audit  

             

  • Supports the planning and execution of audits.
  • Results of audits are communicated to management.
  • All findings are corrected and registered.
  • Manages any required corrective action.   
  • Ensures corrective actions are carried out on time.                                                                                                                                                                                                                                   

      SE Competence
   
SE Competence

  • Defines job descriptions, positions within all IT department, and identifying specified required responsibilities, authorities, and capabilities.
  • Provides a database of educational institutes and identifies specific competency courses.
  • Schedules training sessions on user-defined calendars - weekly, monthly, or annually - with automatic display of training needs that are pending in a certain period of time.
  • Displays all scheduled training sessions through timesheets, spreadsheets, and charts, then groups results based on specific IT department, or the entire company.
  • Provides tools for all kinds of competence evaluation.
  • Evaluates employee competencies and skills based on personalized evaluation forms.
  • Calculates the employees' qualification levels.

      SE Document
SE Document

  • Maintains any related COBIT, process and project documentation in a secure, centralized system that can be accessed by users and auditors from virtually anywhere.
  • utomates task assignments, routing, escalation, review, and approval, increasing efficiency for the entire team.
  • Changes are automatically tracked and approvals are streamlined.
  • Enables users and auditors to search and retrieve documents faster and easily, resulting in savings in hours used.
  • Retains documents according to company policy.
  • Documents the Quality Management System.
  • Ensures only the latest document versions are used.

     SE Performance
SE Performance

  • Link business goals to IT goals.
  • Provides identification of critical dependencies and current performance.
  • Automates the establishment, management and communication of the corporate and IT strategic plan.
  • Enables the company to actively monitor current performance against goals previously defined, and report this performance to auditors and internal stakeholders in real-time.
  • Provides establishment and measurement of key performance indicators related to either business processes or to IT infrastructure elements.
  • Totally compliant with the BSC (Balanced Scorecard) methodology.

     SE Process
   
 SE Process

  • Ensures processes are defined, planned and documented.
  • Ensures processes are monitored and controlled.
  • Creations of approval cycles to enable full visibility and accountability for executive management.
  • Advanced tracks and reports capability.
  • Real-time view of a company's COBIT environment, allowing continuous monitoring and processes improvement, increasing confidence among executives, process owners, and auditors.
  • Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval of processes and controls.

     SE Risk
      SE Risk
      

  • Manages enterprise and IT risks.
  • Risks, controls, and tests are linked for traceability.
  • Risk framework can easily be configured to a variety of organizational structures or methodologies, enabling organizations to adapt the solution to their unique systems and processes.
  • Automates the tracking of inherent, target and residual risks.
  • Identifies and scores risks based upon significance and likelihood, and tracks controls related to each risk.
  • Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership, and monitoring progress against goals.            

    SE_WORKFLOW
   SE
 Workflow

  • Generic, personal and customizable workflow engine to structure the service flows and activities. 
  • Enforces task priorities and deadlines required to meet service.
  • Monitors and reports end-to-end service level performance.
  • Automates the process of recording, assessing and prioritization of change requests.
  • Assures that any emergency and critical change follows the approved process.
  • Provides a workflow to authorize changes.
  • Manages and disseminates relevant information regarding changes.
  • Audit history always accessible.