IT Management Reviews (CobiT)
The Information Systems Audit and Control Association (ISACA) is an organization established in 1967 that today supports a network of over 35,000 IT auditors and IT control professionals. In 1998 ISACA formed the IT Governance Institute (ITGI) to focus on original research into IT Governance. Some of the work of the IT Governance Institute is published as CobiT - Control objectives for information and related Technologies.
The research from the IT Governance Institute, identified as CobiT, was developed to support IT auditing requirements for risk and control. CobiT takes a business level view on a broad range of IT management disciplines, called IT domains. These IT domains define the areas that need to be covered in terms of risk and control to achieve effective IT Governance. CobiT is defined in a set of documentation covering the overall framework, detailed control objectives, management/auditor guidelines, maturity models and implementation toolsets. CobiT identifies 34 IT Governance domains grouped into a lifecycle view that covers:
- Plan and Organise
- Aquire and Implement
- Deliver and Support
- Monitor and Evaluate
CobiT provides a very comprehensive definition of IT Governance but we have found that the level of detailed advice needs to be digested gradually by organisations that have limited experience of formal IT Governance. To help you understand the scope of CobiT IT Governance we have provided a version of our Reccan IT management review tools that is based on the CobiT 4.0 IT Governance framework and resources. Details of CobiT can be found at ISACA and we strongly recommend that you explore the quality IT management advice provided by ISACA and CobiT.
This Reccan series of IT management reviews, using CobiT based IT Governance, has been designed to help you consider which IT management processes might be limiting your business success. This set of IT management reviews is now based on the CobiT 4.0 resources but if you prefer to work with the CobiT 3.0 domains and processes this facility is still available at ITM review (CobiT 3.0)
| Maturity | helps establish the process maturity for each IT management area |
| Risk | a portfolio view of risks |
| Priorities | focuses on which IT management processes are inhibiting business success |
| Improvement | asks where IT management improvements are currently taking place |
| Dependencies | explores the relationship between IT management processes |
| Focus | looks at the type of improvement needed |
To use the management reviews, first explore each review framework to understand the purpose of the review and the classification of framework positions. When you are comfortable with the purpose of the framework, move the CobiT defined IT management area into its appropriate framework position to show the status for your organisation at this time.
The value of using the review frameworks is in the analysis you make of the current status of each IT management area within your organisation. For all frameworks, consideration should be given to how well the IT management commitment is performed across the whole of your organisation and if required, extend the review scope to include the performance of your IT service partners.
After each review session we recommend you print the framework results (in landscape format) before moving onto the next review framework. The maturity level review is probably the best starting point because this establishes a base line position for your organisation's IT management capability.
These reviews are provided as IT governance development aids and are not intended as an alternative to professional IT governance development or IT auditing services. They are provided to help you consider the benefit of using the CobiT IT Governance framework within your company's IT governance commitment.
Because of the number of IT management areas provided by the CobiT framework, you may find it helpful to initially select no more than 12 areas to explore within any review session or consider taking each lifecycle stage as a separate review exercise. If you organization has limited experience of formal IT governance is would be better to build the commitment to core IT governance areas (such as IT organization & relationships, manage IT investments, managed human resources, manage change, manage problems & incidents and monitor the processes) than to take on the full CobiT framework in a single IT governance initiative.
We do hope that you find these review frameworks useful. The frameworks can help visualise your perceptions of which IT management areas are working well and where some attention is needed. We would like your feedback on the review frameworks and any ideas you have for improvement. We would also be pleased to help you take this analysis further with a short investigation that will help you identify the root cause of some of your IT management concerns. Either way please do contact us at
©2005 Reccan Ltd. All rights reserved Privacy Policy
