1. What is COBIT 5’s purpose?
COBIT helps business process owners and managements manage the risks associated with IT and deliver value from IT, by providing them with IT governance models. The model ensures information systems’ integrity.
2. Who uses COBIT 5?
People involved in business process and technology, those dependent on IT of information and those responsible to ensuring reliability & controlling IT use COBIT.
3. How to train oneself to use COBIT 5?
ISACA provides 2 online and 4 classroom offerings on COBIT.
Online: COBIT Foundation Course
COBIT Foundation Examination
Classroom: COBIT Foundation Course with associated Foundation Examination
Implementing IT Governance using COBIT and Val IT
ISACA On-site Training program
ISACA’s Training Week program
4. People who need to undergo this training?
IT professionals, business process managers, quality assurance and audit Professionals, IS & audit managers can undergo this training.
5. Can COBIT be considered superior to other control models?
COBIT does not replace the other models. It is a framework encompassing all the other models and building on their strengths.
6. How does COBIT help in achieving regulatory compliance?
COBIT is often used by publicly traded companies to achieve Sarbanes-Oxley Act compliance. The public traded companies need to get their financial reports attested by their chief executives. These reports necessitate reliable IT processes and controls.
7. How can I suggest that my IT management use COBIT 5?
Basically COBIT 5 is used to understand IT control objectives, manage risks and deliver IT value. Suggesting the IT management use this would be rather straightforward.
o The COBIT 5 framework’s business objectives are to be given priority.
o The IT processes and control objectives that will be appropriate to that particular enterprise must be chosen.
o Operate from the business plan.
o The enterprise’s goals, management guidelines, status, critical activities, performance etc., must be kept in mind while suggesting COBIT 5.
o Use the IT assurance guide to assess procedures and results.
8. What are the various dimensions of maturity that COBIT has?
COBIT has three dimensions of maturity. They are explained in the COBIT framework. They are: Capability, Performance and Control. These dimensions are of immense use while assessing the maturity of IT processes in specific situations. Depending on the scope of the assessment target area and how precise and detailed it needs to be, the COBIT user can choose the application of the dimensions.
- Capability is the level of maturity required in the process to meet the business requirements. The requirements are driven by business and IT goals that are clearly defined. The maturity model helps the enterprise in recognising the capability that will suit specific process requirements. The model’s focus is on capability.
- Control is a measure of actual control and execution of the process, in managing risks and delivering the value expected in line with business requirements and risk appetite. Inadequate control design will lead to process failure, despite being at the correct capability level and having correct management characteristics.
- Coverage is a performance measure. It helps decide how and where the management needs to deploy the Capability. It is usually based on the business need and investment decisions based on benefits and costs.
A detailed assessment for particular critical areas can be carried out using all these dimensions of maturity. Keeping in mind these three dimensions in the context of the overall business requirement, they can help with an overall assessment of the process’s maturity.
9. What is the orientation of COBIT focused on?
The orientation of COBIT is focused on the process and not the applications or functions. The framework has 34 IT processes with interrelated life cycle activities or interrelated discrete tasks. Due to several reasons, the makers preferred the Process model.
- The first of the reasons is that all processes are result oriented and they focus on the final outcome, whilst optimising the use of resources.
- Secondly, the objective of the process does not change often and is more of a permanent nature.
- Thirdly, use of IT isn’t confined to a particular department; it involves specialists, users and management as well.
The applications are treated as one of the 4 resource categories within the framework. Therefore they are managed and controlled in such a way so as bring the required information at the business process level. The applications can be addressed through resource vantage points, since they are an integral part of the COBIT framework. To put it across differently, one can automatically get an application view of the objectives of COBIT, by focusing on the resources only.
10. What about the Application controls?
Since COBIT was business process oriented, and the level application controls were hardly a part of the overall controls to be used over information systems and its related technology, the application controls were initially fully integrated into the COBIT model. But, this part cannot be outsourced in most cases.
11. How does COBIT 5 differ from COBIT 4.1?
The main aim of COBIT 5 is to bridge the gap between business risks, control requirements and technology. In order for the general audience to views information governance and control as assets, we must align the business objectives with the IT objectives. That is exactly what COBIT 5 intends to do. COBIT 5, the latest version of COBIT, boasts it capability to create business value by generating buy-in from all the stakeholders of the company, including top executives and directors.
- COBIT 5 helps the company achieve an organization-wide information governance perspective by the inclusion of new processes that can cover IT and business activities end-to-end.
- It makes the IT responsibilities and accountabilities of all the stakeholders transparent, by offering clear definitions of each player's responsibilities and involvement and also detailed explanation of the roles played in IT management, governance and control.
- COBIT 5 integrates all the other ISACA standards, such as Val IT and Risk IT.
- COBIT 5 has imbibed all the aspects of the previous versions of the COBIT.
- COBIT5 provides a framework that integrates all other standards and approaches including ITIL, PMP, COSO, NIST, TOGAF, Prince2, CMMI, ISO27001, SIO20k and Six Sigma.
- COBIT 5 has introduced 7 enablers: processes; principles, policies and frameworks; organizational structures; people, skills and competencies; culture, ethics and behaviour; services, information and infrastructure and applications. These help in meeting the enterprise’s IT governance goals.
Want to get more information about COBIT 5 training and certification?
Connect with one of our consultants for more information!
Email us now at email@example.com or call us at our centralized number: 9015266266.