Download “Aligning COBIT, ITIL and ISO for Business Benefit: . Specific practices and standards, such as ITIL and ISO , cover specific areas and. Aligning COBIT, ITIL, and ISO for Business Benefit: Management Summary. This management briefing is the result of a joint study. View Notes – COBIT Mapping – Aligning CobiT, ITIL and ISO for Business Benefit from ACCOUNTING at Arizona State University. Aligning COBIT.

Author: Gosar Tojamuro
Country: Saint Kitts and Nevis
Language: English (Spanish)
Genre: Medical
Published (Last): 14 May 2016
Pages: 238
PDF File Size: 20.61 Mb
ePub File Size: 18.17 Mb
ISBN: 146-3-80555-510-7
Downloads: 48661
Price: Free* [*Free Regsitration Required]
Uploader: Kazikasa

Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. The IT Governance Institute offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities.

The Office of Government Commerce The mission of the Office of Government Commerce OGC is to work with the public sector as a catalyst to achieve efficiency, value for money in commercial activities and improved success in the delivery of programmes and projects.

OGC supports the achievement of its targets through concentrating its efforts in a wide ranging programme supporting three significant activities in public sector organisations improving: Management Summary the Workprimarily as an educational resource for chief information officers, senior management and IT management.

Venefit Owners make no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results.

In determining the propriety of any specific information, procedure or test, the chief information officers, senior management and IT management should apply their own professional judgement to the specific circumstances presented by the particular systems or information technology environment.

Ifil part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form other than PDF by any means electronic, mechanical, photocopying, recording or otherwise without the prior written authorisation of the IT Governance Institute and the Office of Government Commerce.

Reproduction of selections of this publication, for internal and noncommercial or academic use only, is permitted and must include full attribution of the material s source. No other right or permission is granted with respect to this work.

Management Summary Published simultaneously on the web sites of the joint owners in England and the United States of America 2.

Hinley Associates, UK itsmf: Executive Summary This management briefing is the result of a joint study initiated by the UK government s Office of Government Commerce and the IT Governance Institute in response to the growing significance of best practices to the IT industry and the need for senior business and IT managers to better understand the value of IT best practices and how to implement them.

The growing adoption of IT best practices has been driven by a requirement for the IT industry to better manage the quality and reliability of IT in business and respond to a growing number of regulatory and contractual requirements.

There is a danger, however, that implementation of these potentially helpful best practices will be costly and unfocused if they are treated as purely technical guidance. To be most effective, best practices util be applied within the business context, focusing on where their use would provide the most benefit to the organisation. Top management, business benefjt, auditors, compliance officers and IT managers should work together to make sure IT best practices lead to cost-effective and well-controlled IT delivery.

IT best practices are important because: Management of IT is critical to the success of enterprise strategy. They help enable effective governance of IT activities. A management framework is needed so everyone knows what to do policy, internal controls and defined practices. They provide lso benefits, including efficiency gains, less reliance on experts, fewer errors, increased trust from business partners and respect from regulators.

The briefing applies generally to all IT best practices but focuses on three specific practices and standards that are becoming widely adopted around the world: Implementation of best practices should be consistent with the enterprise s risk management and control framework, appropriate for the organisation, and integrated with other methods and practices that are being used.

Standards and best practices are not a panacea, and their effectiveness depends on how they have been actually implemented and kept up to date. They are most useful when applied as a set of principles and as itli starting point for tailoring specific nusiness.

To avoid practices becoming shelfware, management and staff must understand what to do, how to do it and why it is important. Implementation should be tailored, prioritised and planned to achieve effective use. Busiess briefing describes some pitfalls that should be avoided. There is also a need for detailed, standardised practitioner processes.


ITGI and OGC plan, as part of future bbenefit to their best practices, to further align the terminology and content of their practices with other busimess to facilitate easier integration.

It is a not-for-profit organisation, wholly owned and principally operated by its membership. The intention is covit explain to business users and senior management the value of IT best practices and how harmonisation, implementation and integration of best practices coobit be made easier.

Business managers and boards demanding better busimess from IT investments, i. Strong framework tools are essential for ensuring IT resources are aligned with an enterprise’s business objectives, and that services and information meet quality, fiduciary and security needs.

Creating awareness of the business purpose and the benefits of these practices Supporting decision making on which practices to use and how to integrate with internal policies and procedures Tailoring to suit specific organisations requirements 1 This Gartner research note was issued in Juneand is considered by many to still be very relevant.

Why Senior Management Needs to Know About Best Practices Due to their technical nature, IT standards and best practices are mostly known to the experts IT professionals, managers and advisors who may adopt and use them with good intent but potentially without a alignijg focus or the customer s involvement and support.

Even in organisations where practices such as COBIT and ITIL have been implemented, some business managers understand little about their real purpose and are unable to influence their use. To realise the benffit value of best practices, the customers of IT services need be involved, as the effective use of IT should be a collaborative experience between the customer and internal and external service providers, with the customer ccobit the requirements.

Other interested stakeholders, such as the board, senior executives, auditors and regulators, also have a vested interest in either receiving or providing assurance that the IT investment is properly protected and delivering value.

Figure 1 summarises who has an interest in how IT standards and best practices can help address IT management issues. Is the enterprise achieving optimum use of its resources? Iyil everyone in the organisation understand the IT objectives? Are IT risks understood and managed?

Is the quality of IT systems appropriate for business needs? Acquire and Implement Are new projects likely buziness deliver solutions that meet business needs? Are new projects likely to deliver on time and within coobit Will the new systems work properly when implemented? Will changes be made without upsetting the current business operation? Deliver and Support Are IT services being delivered in anc with business requirements and priorities?

Are IT costs optimised? Is the workforce able to use the IT systems productively and safely? Are adequate confidentiality, integrity and availability in place? Monitor Can IT s performance be measured, and can problems be detected before it is too late? Is independent assurance needed to ensure that critical areas are operating as intended?

Why Best Practices Are Important The effective use of IT is critical to the success of enterprise strategy, as illustrated by the following quote: The use of IT has the potential to be the major driver of economic wealth in the 21 st century. While IT is already critical to enterprise success, provides opportunities to obtain a competitive advantage and offers a means for increasing productivity, it will do all this even more so in the future.

IT also carries risks. It is clear that in these days of doing business on a global scale around the clock, system and network downtime has become far too costly for any enterprise to afford. In some industries, IT is a necessary competitive resource to differentiate and provide a competitive advantage, while in many others it determines survival, not just prosperity. The UK government recognised very early on the significance of IT best practices to government and, for many years, has developed best practices to guide the use of IT in government departments.

These practices have now become de facto standards around the world in private and public sectors. ITIL was developed more than 15 years ago to document best practice for IT service management, with that best practice being tor through the involvement of industry experts, consultants and practitioners. ISACA recognised in the early s that auditors, who had their own checklists for assessing IT controls and effectiveness, were talking a different language to business managers and IT practitioners.

Over the years, COBIT has been developed as an open standard and is now increasingly being adopted globally as the control model for implementing and demonstrating effective IT governance. Today, as every organisation tries to deliver value from IT while managing an increasingly complex range of ITrelated risks, the effective use of best practices can help to avoid re-inventing wheels, optimise the use of scarce IT resources and reduce the occurrence of major IT risks, such as: Project failures Wasted investments Security breaches System crashes Failures by service providers to understand and meet customer requirements OGC is at the forefront in delivering and disseminating best practice material to address these and other current challenges.


Commercial exploitation requires a license see. It describes proven best practice for procurement, programmes, projects, risk management and service management. The toolkit brings together policy and best practice in a single point of reference, helping to identify the critical questions about capability and project delivery and giving practical advice on ways to improve.

However, users need more guidance on how to integrate the leading global frameworks and other practices and standards. In response to this need, ongoing research has been undertaken into the mapping of COBIT to a wide range of other practices.

COBIT focuses on what an enterprise needs to do, not how it needs to do it, and the target audience is senior business management, senior IT management and auditors. ITIL is based on defining best practice processes for IT service management and support, rather than on defining a broad-based control framework.

It focuses on the method and defines a more comprehensive set of processes. Due to its high level and broad coverage and because it is based on many existing practices, COBIT is often referred to as the integrator, bringing disparate practices under one umbrella and, just as important, helping to link these various IT practices to business requirements.

Now that these standards and best practices are increasingly being used in real-world situations, experiences are maturing and organisations are moving from ad hoc and chaotic approaches to IT, to defined and managed processes.

CiteULike: Aligning COBIT, ITIL and ISO for business benefit: management summary

As IT governance the concept and the actual practice gains momentum and acceptance, IT best practices will increasingly be aligned to business and governance requirements rather than technical requirements. IT governance addresses these main areas of IT activity: Strategic alignment, with a focus on aligning with the business and collaborative solutions Value delivery, concentrating on optimising costs and proving the value of IT Risk management, addressing the beneefit of Cobjt assets including project investmentsdisaster recovery and continuity of operations Resource management, optimising knowledge and IT infrastructure Performance measurement, tracking project delivery and monitoring IT services.

Achieving this both in theory the organisation is clearly defined and in practice everyone knows what to do and how requires the right culture, policy frameworks, internal controls and defined practices. Bhsiness Practices Provide Many Benefits The effective adoption of best practices can provide many benefits, especially in the area of advanced technology.

Aligning COBIT, ITIL and ISO 17799 for Business Benefit

It is designed to be employed not only by users and auditors, but also, and more important, as comprehensive guidance for management and business process owners.

Increasingly, business practice involves the full empowerment benefir business process owners so they have total responsibility for all aspects of the business process.

In particular, this includes providing adequate controls. The COBIT framework provides a tool for the business process owner that facilitates the discharge of this responsibility. The framework starts from a simple and pragmatic premise: To provide the information that the organisation needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes. The framework continues with a set of 34 high-level control objectives, one for each of the IT processes, grouped into four domains: This structure covers all aspects of information and the technology that supports it.

By addressing these 34 bejefit control objectives, the business process owner can ensure that an adequate control system is provided for the IT environment. IT iiso provides the structure that links Aand processes, IT resources and information to enterprise strategies and objectives.

IT governance integrates optimal ways of planning and organising, acquiring and implementing, delivering and supporting, and monitoring and evaluating IT performance. IT governance enables the enterprise to take full advantage of its information, a,igning maximising benefits, capitalising on opportunities and gaining competitive advantage.

The management guidelines further enhance and enable enterprise management to deal more effectively with the needs and requirements of IT governance. The guidelines are action-oriented iitil generic, and they provide management direction for getting the enterprise s information and related processes under control, monitoring achievement of organisational goals, monitoring performance within each IT process, and benchmarking organisational achievement.

Specifically, COBIT provides maturity models for control over IT processes, so management can map where the organisation is today, where it stands in relation to the best in class in its industry and to international standards, and where the organisation wants to be.