Cobit 4.1 framework, Management Information Sys

CobiT 4.1

CobiT 4.1 is a very popular framework which mission is: "To research, develop, publicise and promote an authoritative, up-to-date, internationally accepted IT governance control framework for adoption by organizations and day-to-day use by business managers, IT professionals and assurance professionals" (CobiT 4.1 2007). CobiT 4.1 does not intend to offer a recipe to solve a particular problem, but instead, it intends to offer an internationally accepted framework for IT governance control (Ibid.).

CobiT 4.1 framework:

CobiT 4.1 provides processes, metrics and controls to achieve business goals. CobiT 4.1 is business-focused which means that it follows business goals and that IT respond to the business strategy. For example, some goals state: "Respond to business requirements in alignment with the business strategy" or "Provide a good return on investment of IT-enabled business investments" (CobiT 4.1 2007). CobiT 4.1 is "process-oriented" (34 processes) and "measurement-driven" (it works with metrics). Processes need control and, therefore, CobiT 4.1 is also control-based: "Control is defined as the policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected. IT control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process" (Ibid.). In figure 4, the main components of CobiT 4.1 can be appreciated.


Figure 1: CobiT 4.1 Framework (CobiT 4.1 2007)

Next, the focus areas for IT governance will be presented. ISACA promises to guarantee that IT is aligned with the business, that IT delivery business benefits, that IT resources are used correctly and in a disciplined way, and that IT risks are managed properly (Ibid.).

  • "Strategic alignment focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT proposition; and aligning IT operations with organization operations" (CobiT 4.1 2007).
  • "Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT" (Ibid.).
  • "Resource management is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people. Key issues related to the optimization of knowledge and infrastructure" (Ibid.). 
  • "Risk management requires risk awareness by senior corporate officers, a clear understanding of the organization's appetite for risk, understanding of compliance requirements, transparency about the significant risks to the organization and embedding of risk management responsibilities into the organization" (Ibid.).
  • "Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting" (Ibid.).

CobiT 4.1 is able to address different IT governance focus areas with individual CobiT processes (in total 34 generic processes). By putting all the focuses together, it is possible to obtain a holistic view of the IT governance processes and to embody a visual framework for maximizing benefits from information technology. For instance, each process addresses a certain focus of the IT governance which, in turn, is divided in primary and secondary perspectives.  The five focus areas are graphically represented in the CobiT 4.1's diamond.


Figure 2: CobiT Diamond in the process AI5 Procure IT Resources

CobiT 4.1 defines IT activities in 34 processes within four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS) and Monitor and Evaluate (ME). In the text below, the typical questions corresponding the four domains are extracted from the CobiT 4.1Executive Summary are shown (CobiT 4.1 2007). The four domains are:

Plan and Organise

  • Are IT and the business strategy aligned?
  • Is the organization achieving optimum use of its resources?
  • Does everyone in the organisation understand the IT objectives?
  • Are IT risks understood and being managed?
  • Is the quality of IT systems appropriate for business needs?

Acquire and Implement

  • Are new projects likely to deliver solutions that meet business needs?
  • Are new projects likely to be delivered on time and within budget?
  • Will the new systems work properly when implemented?
  • Will changes be made without upsetting current business operations?

Deliver and Support

  • Are IT services being delivered in line with business priorities?
  • Are IT costs optimised?
  • Is the workforce able to use the IT systems productively and safely?
  • Are adequate confidentiality, integrity and availability in place for information security?

Monitor and Evaluate

  • Is IT's performance measured to detect problems before it is too late?
  • Does management ensure that internal controls are effective and efficient?
  • Can IT performance be linked back to business goals?
  • Are adequate confidentiality, integrity and availability controls in place for information security?

For illustrative purposes, all the processes with the corresponding IT governance focus areas are presented in the appendix 3a (Ibid.).

Maturity model:

ISACA developed for CobiT 4.1 a maturity model based on the Capability Maturity Model (CMM) Scale from the Software Engineering Institute. While many concepts of the CMM model were used, the CobiT implementation differs from the original oriented toward software product engineering principles CMM. According to ISACA, the Capability Maturity Model in CobiT 4.1 focuses on strategic issues and high level IT Management processes (FAQ ISACA).

Val IT  in CobiT 4.1

For a better management of benefits, CobiT 4.1 can be applied in combination with other complementary approaches. For example, Val IT and CobiT improve the power of decision makers for the creation of value from the delivery of IT services. Val IT takes a pure business perspective by examining strategic and value issues, while CobiT takes an IT perspective by focusing on the architecture and the delivery. (Val IT ISACA 2008; Fujitsu Consulting et al. 2007). Val IT sets good practices for the outcomes by measuring, monitoring and optimizing financial and non-financial value for IT-enabled investments. In the following figure, the so called 'Four Ares' from Val IT are shown.


Figure 3: The 'Four Ares' adapted from Val IT ISACA (2008)

Posted Date: 9/25/2012 5:28:50 AM | Location : United States

Related Discussions:- Cobit 4.1 framework, Assignment Help, Ask Question on Cobit 4.1 framework, Get Answer, Expert's Help, Cobit 4.1 framework Discussions

Write discussion on Cobit 4.1 framework
Your posts are moderated
Related Questions
2. Discuss De-cruitment in the context of the Break-Even model

You have recently been employed in the Operations and Systems Department as Business Operations and Systems Graduate Trainee. You have been asked to produce a report on the role an

Question: (a) List and briefly describe all the components of a Computer Based Information System. (b) Show how cloud computing can provide value to a business. (c) (i)

Information dissemination is a major activity in all kinds of information processes. And there are various methods that can be identified in information dissemination, and since th

Question: (a) What could be the motivations for a small and medium enterprise engaged in a non-IT activity to outsource its IT function? (b) What could be the risks for t

The phrase called information overload may be a bit of a problem because it used so often, but the fact remain that managers & support staff are merged in information of all kinds.

Problem: (a) IT will be used to maintain a competitive edge in the market place. Give the five main factors which enable this to happen. You will take an example of your own t

Internet and its Capabilities and Services In this Unit, an attempt has been made to expose you to the concept of the Internet, its capabilities and services.  It has been

Question 1: The traditional concept of enterprises is undergoing radical change influenced by computerization. E-commerce has contributed much the online computerization of bus