If you ever tried to Googling with 'IT Governance Framework' as a tokens, a huge number around 81 millions of links will appeared as result. It is not a surprise, since we knew already that people considered IT Governance (ITG) as a significant subject since 1990s. Whenever they were discussing about Corporate Governance, ITG would always be there. A lot of literature and academic papers put ITG as research and discussion topic.
For this time being, we know several frameworks and every of them have their own focus. There are big names including COBIT, ISO 38500, and ITIL whereby in this series I will explain in a brief.
COBIT
Have you ever considered COBIT as the King of ITG Framework? Perhaps you are not the only one who thought that it is the complete one and you would be happy to say that you are satisfy enough with COBIT. According to ISACA, COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draws significantly from the Business Model for Information Security (BMIS) and ITAF. ISACA has been trying to classify COBIT as business framework, rather than IT framework since COBIT 5-the latest edition was endorsed in April 2012. COBIT 5, as declared in ISACA website, expands on COBIT 4.1 by integrating other major frameworks including Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO).
In ISACA FAQs, COBIT 5 is not meant to replace any of those frameworks or standards. It is intended to emphasize what governance and management elements and practices are required to create value from information and technology in support of enterprise business goals. To me, it sounds like a contradiction, but I don't get bothered with that and let it be as it is.
I always got intrigued on why COBIT 5 has a strong effort to differentiate governance and management. COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise information and technology assets (IT). In short, it helps enterprises create maximum value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector.
COBIT 5 has 5 principles and enablers as displayed below:
A process-enabling and goals cascading are then translate the above principles and enablers into Management Practices and Activities. A total of 37 processes are defined in management practices template and classified into 5 areas starting from Align, Plan and Organize (APO1 to APO13), Build, Acquire and Implement (BAI1 to BAI10), Deliver, Service and Support (DSS1 to DSS6), Monitor, Evaluate and Assess (MEA1 to MEA3) and Evaluate, Direct and Monitor (EDM1 to EDM5). Goals are cascading from the level of Stakeholder Needs, Enterprise Goals, IT Related Goals and continue to to in-depth Enabler Goals.
To be continued...