Beruflich Dokumente
Kultur Dokumente
Control Objectives for Information and related Technology (COBIT) began as a guide for IT auditors. It has evolved greatly since its first edition. The current version provides practical and widely applicable IT governance best practice standards. It can be used to supply the contextual framework that is missing from such standards as ITIL. The 34 COBIT processes cover all important processes within IT. COBIT can be used as an effective IT planning framework. It allows an IT shop to close in on the IT processes that are most important for that shop and its parent organization. A gap analysis can be developed directly from the COBIT process maturity models. COBIT gap analysis has been used to guide internal IT improvement plans in shops ranging from dozens to thousands of IT professionals. But COBIT offers little help in determining which specific best practices a shop should follow. It is useful in identifying the critical gaps, but offers minimal help in identifying the best practices that should be used to bridge those gaps. ITIL (or BS 15000) can be an excellent source of best practices to use for some of those gaps. One recent assignment saw a large IT organization identify 10 COBIT gaps that needed to be bridged. The operational gaps centered on risk management, change management, quality management and value management. ITIL could provide this client with useful best practices for managing operational changesa critical point where the rubber meets the road. But ITIL does not provide much help with risks, quality or value. COBIT and the new Val IT initiative are being used to guide selection of best practices in these other areas. ITIL is a proven and practical way to bridge the operational gaps that can be identified when using COBIT. COBIT adds the critical overall context missing from ITIL. ITIL adds the practical advice about operational details that are missing from COBIT. It is true interdependency. Robert Fabian, Ph.D., I.S.P. is a management and systems consultant based in Toronto, Ontario, Canada. He has more than 40 years of experience with IT methodologies and best practices, and is committed to helping his clients find best practices that deliver maximum value from IT. He can be reached at robert@fabian.ca.
Information Systems Control Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the Information Systems Control Journal. Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content. Copyright 2007 by ISACA. All rights reserved. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25 per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. www.isaca.org
JOURNALONLINE