* Kelly Ribeiro
What is COBIT 5?
COBIT 5 is a corporate governance and IT management framework, which was published in late 2012 by ISACA (Information System Audit and Control). This promotes the integration of the content of the main frameworks published by ISACA, such as:
- COBIT 4.1;
- Val IT;
- Risk IT;
Integration with frameworks mentioned above, makes the COBIT 5 one of the most complete frameworks focused on IT governance offering an end-to-end business vision.
The main novelty of this framework It is the clear distinction between governance and IT management and the areas of activity at each tier. IT Governance must evaluate, direct, and monitor IT processes and activities.
COBIT Goal 5
O COBIT 5 can be implemented and customized to any type and size of organization. It is an instrument to enable the management of risks associated with IT and determine how to address it in accordance with business priorities, aiming to:
- Offer a comprehensive framework that helps organizations optimize value for IT;
- Allow IT to be governed and managed holistically across the organization;
- Create a common language between IT and business to facilitate governance and IT management.
O COBIT 5 can bring several benefits to the organization, including:
- Provide quality information to support decisions;
- Achieve operational excellence with the reliable and efficient application of technology;
- Maintain IT-related risks at an acceptable level, considering each organization's tolerance and risk appetite;
- Optimize the costs of IT services and technologies;
- Achieve strategic goals and realize benefits through effective and innovative use of IT;
- Support for compliance with laws, regulations, contractual agreements and policies.
O ISACA provides an implementation guide for COBIT 5which is based on continuous improvement so as to assist and uncomplicate and the challenges presented.
Phase 1 - What are the drivers?
- Evaluate the most common weaknesses and triggering events (this activity can be assessed through interviews, questionnaires, SWOT analysis, etc.);
- Implement an appropriate environment and change program;
- Develop the Strategic Plan for improving IT governance and management (used to document the rationale for carrying out a project)
Stage 2 - Where are we now?
- Evaluate the current state of the processes, mobilize the implementation team and define the problems and opportunities (diagnosis of the current state of maturity of your IT area, in relation to the processes that may need to be implemented);
- The diagnosis can be made through a qualified professional and / or a complex process, where evidence should be collected; (self-assessment performed by IT itself with its customers).
Stage 3 - Where do we want to be?
- Define the goals to be achieved, communicate the result and define the roadmap. Priority should be given to short-term initiatives that bring the most benefits.
Stage 4 - What needs to be done?
- Build improvements, identify stakeholders and plan implementation;
- Focus on practical solutions by defining projects supported by justifiable business plans.
Phase 5 - How will we get there?
- Identify and implement the necessary improvements;
- Define metrics and monitor processes to ensure alignment with business strategies.
Stage 6 - Did we get there?
- Operate and measure, implement new approaches to continuous improvement (this step focuses on the process improvement operation and monitoring the effectiveness of the estimated benefits).
Phase 7 - How do we keep up the pace?
- Monitor and evaluate, operate and review effectiveness (at this stage the monitoring and continuous analysis process is performed).
In addition to operational risks, organizations have faced problems such as fraud, operational errors, economic difficulties, human resources failures, among others that, although not directly related to technology, represent losses that can be minimized by a maturity of processes. IT within Corporate Governance.
With the adoption of COBIT 5 organizations can increase the value of their IT as it framework It is oriented to a set of business processes and not to a specific department, maintaining the balance between delivering benefits and results of its services.
** Kelli Ribeiro, Information Security Consultant at [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;