PDF Print E-mail

cg_g_24Ocena ładu organizacyjnego w IT na bazie COBIT (CobiT based Assessments)


Ocena ładu organizacyjnego w IT moze przybierać różne formy. Zrozumienie różnic pomiędzy nimi i celów im stawianch pozwala nie tylko wybrać najbardziej odpowiednią dla organizacji (valuable method), ale również zoptymalizować koszty takiej oceny.


  • A SAS 70 based approach is used for auditing third-party service providers. It defines the scope of the IT audit needed to support a financial audit. A specific structure for the audit report is required so that it can be easily followed by other auditors who will need to rely on its contents for financial reporting, as required by the SEC when a third-party service provider's general controls are being relied on.
  • Sarbanes-Oxley requirements include the need for enterprise risk management and COSO is the suggested approach. Control objectives from CobiT are selected according to the COSO framework. The focus is on management implementing adequate controls using a risk-based approach.
  • An application systems review can be based on CobiT. The relevant control objectives from CobiT are used to scope the review of application system controls.
  • A general controls review can be based on CobiT's control objectives. The review of general controls is aligned to specific application systems or business processes that depend on IT general controls for reliability.
  • Corporate governance concerns such as risk management, value delivery, IT's alignment with business, resource management and performance measurement may provide one or more drivers for a review. CobiT processes relevant to the specific concerns are selected and the relevant detailed control objectives used as the basis of the review.
  • Technology issues such as cost optimisation, IT service delivery (or ITIL), selective outsourcing, security (or ISO 17799), enterprise architecture, system integration and priority planning may also be drivers for the review. CobiT processes relevant to the specific issues would be selected and the relevant detailed control objectives used as the basis of the review.
  • Process capability and building organisational maturity are frequently drivers of improvement initiatives. This approach may address all 34 CobiT processes, but can focus on the 15 CobiTLite processes or the 7 CobiT QuickStart processes.
  • Health checks are used to objectively assess the effectiveness of a process. They aim to identify those aspects that are functioning well, thus determining which good practices in current use and should be retained, and pinpoint problem areas.
  • A Gap analysis is used to quickly establish the current status against a target for all 34 CobiT processes (or a smaller number if appropriate). This has the benefit of quickly identifying areas for further investigation, but not recommended for process improvement initiatives.
  • Specific themes assessment such as Internet Banking, eCommerce, ERP systems or Systems Under Development can be the focus of a review. In this insrtance the relevant CobiT processes are identified to establish the baseline for the review.
  • Performance measurement focuses attention on the outcomes derived by the relevant business units (and enterprise) from each significant IT process.










Studia i wykłady