*By Fernando Lopes
O COBIT 5 it is essentially a framework of best practices for IT governance, recognized globally and used in numerous organizations as a tool to optimize value generation and strengthen the relationship between the administration and the information technology team.
Developed for to integrate all major ISACA structures and aligning COBIT with others frameworks and norms important.
Organizations' needs and governance objective:
Even though there are several types of companies and businesses in the market, there are goals that they all have in common. Being able to highlight the following items:
- Get the satisfaction of business users,
- Achieve compliance with laws, regulations and standards,
- Improve the relationship between the business and IT and most importantly,
- Creating value.
THE value creation is the main objective of the business, but the area designated to achieve this result, specifically, is the governance, because she is the bridge between the needs of the operation, which works on a day-to-day basis, with top management – corporate members. Remembering that the role of Governance is not restricted to these functions, they are also responsible for establishing actions and strategies that bring competitive advantages to IT tools and the business environment, for example.
COBIT 5 Principles
COBIT 5 was structured in 5 principles, such principles are the drivers of framework and the company.
Are they:
- Meet the needs of stakeholders;
- Cover the end-to-end organization;
- Apply a single, integrated template;
- Allow a holistic approach;
- Distinguish governance from management.
As mentioned above, there are several principles in COBIT 5, but I will only detail the First principle: Meet the needs of stakeholders, as this is strictly related to the purpose of value creation (optimization of risks, optimization of resources and realization of benefits).
Thus, for this result to be achieved, it is necessary to meet the needs of the interested parties, and these parts are divided into stakeholders external and internal:
- External: Business partners, suppliers, shareholders, government, external users, customers, auditors, consultants, etc.
- Internal: Board of Directors, CEO, Chief Financial Officer (CFO), Chief Risk Officer, Business Executive, Business Process Owners, Manager, etc.
Objectively, to meet these needs, the goal cascade. Pyramid-shaped, with its base formed by the stakeholder drivers, which are influenced, for example, by regulatory environments.
After this, it is directed to the needs of the interested parties, which are transformed into corporate, IT and finally, the enabler's objectives (they are factors that individually and collectively influence so that something is operationalized, for example: processes, organizational structures, resources in general etc.)
COBIT 5 implementation
For to implement COBIT in an organization, it is necessary, above all, an investment in training and qualification of the professionals who will be involved, both the more technical collaborators, and the involvement of managers who operate in other areas, but who are integrated into the process.
We can add in a simpler and more practical way, some steps for such implementation:
- Develop a strategic plan for improving IT governance,
- Define the company's problems and opportunities,
- Establish an implementation guide for follow-up,
- Plan the program, execute it, and monitor the effectiveness of these new developments, as well as the measurement of results;
- Apply the review process to identify ongoing improvements.
Conclusion
In this way, by adhering to COBIT 5, the company will gain maturity and several benefits, enabling it to expand the business, promoting a broad assessment of its strategies, also ensuring service levels and business continuity, increasing effectiveness and efficiency.
With the processes and techniques described in COBIT 5, IT and management are brought together, establishing a synergistic language between the two areas. With this facilitator in place, the consequence is that it becomes increasingly easier to identify what the real technology demands of the business are and how IT can solve these problems.
— Fernando Lopes is a Junior GRC and Information Security Consultant at SAFEWAY
THE SAFEWAY is an Information Security company, recognized by its clients for offering high added value solutions, through Information Security projects that fully meet the needs of the business.
During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today through more than 23 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
SAFEWAY can help your organization through SAFEWAY SECURITY TOWER a complete service chain so that your operations continue to be monitored and protected by a highly specialized team. Our SOC works on a 24×7 basis, with a high-performance technical team and tools to assist your organization in identifying and responding to incidents in a predictive and reactive manner, keeping your business safe and monitored at all times.
Let's make the world a safer place to live and do business!
