Вы находитесь на странице: 1из 3

CSI Communications | October 2012 | 25

Introduction
In todays complex world, there are a
number of standards and frameworks
which are issued by various institutions
with their own specic objectives. Some
of the prominent ones among this plethora
of standards and frameworks are ITIL,
ISO27001, PMBOK and TOGAF. Each of
these is designed to meet the specic
requirement of the user community.
Additionally, each has a specic depth and
breadth of coverage in a specic focused
area. There was no one comprehensive
framework which could be the one overall
holistic framework that could integrate
other standards and frameworks, cover
the enterprise end to end and meet the
needs of all stakeholders. The COBIT
framework lled that need. The recently
released COBIT 5
[1]
is the comprehensive
business framework created by ISACA
for the governance and management of
enterprise IT. COBIT 5 is the one single,
integrated framework which integrates
and aligns with other frameworks and is
focused on enabling the goal of meeting
the business requirements. This article will
provide an overview of the ve principles
of COBIT 5 and will explain why the COBIT
5 framework is indispensable for every
enterprise using IT for its business.
What Is a Framework?
Framework is a real or conceptual structure
intended to serve as a support or guide for
the building of something that expands
the structure into something useful
[2]
.
We need frameworks as they provide a
structure for consistent guidance. So, if we
need guidance about information security,
we use ISO 27000 series of standards
that together constitute an information
security framework. If we need to design
IT-enabled services, we use ITIL to provide
guidance. Similarly, when it comes to
project management, we use PMBOK. For
software architecture, we use TOGAF. All
these niche standards can be integrated
under the umbrella framework of COBIT 5.
COBIT 5 is a holistic business framework
for the governance and management of
the enterprise IT in its entirety. The COBIT
5 framework is based on ve principles
which are explained hereafter.
Principle 1: Meeting Stakeholder Needs
An enterprise has a number of
stakeholders, both internal and external.
For example, a bank has management
and employees who are the internal
stakeholders, and customers, partners,
suppliers, government and regulators
are the external stakeholders. These
stakeholders have diferent and sometimes
conicting needs. Employees want job
security, management wants productivity,
customers want stability of the bank
and good returns on their investments
and regulators want strict adherence to
the regulations and laws. The decision
of the bank to invest in modernisation
of IT to provide online banking facilities
will have diferent meanings for diferent
stakeholders. Employees will be worried
about their jobs, management will be
concerned about the selection of the
right technology and quick returns on the
investment, customers will be happy that
they will get better service but, at the same
time, worried about security and privacy
of their information, and regulators will
be keenly watching whether the bank is
complying with all the regulations.
To meet the diverse requirements
of internal and external stakeholders,
it is critical to keep in mind not only
the management perspective, but also
the governance perspective, when
implementing IT. The objective of
governance is to make a balanced decision,
keeping all stakeholders interests in mind.
The governance team represents all the
stakeholders and is composed of the board
of directors headed by the Chairman. The
ultimate objective of governance is to
create value for the enterprise. This value
creation leads to benet realisation for the
enterprise. Not all stakeholders can be
happy with every decision. Governance is
about negotiating and deciding amongst
diferent stakeholders value interests.
Every decision will have a diferent impact.
For example, adoption of cloud computing
for banks will reduce investment in
infrastructure, thereby reducing capital
investment and increasing protability.
However, it will increase the security
concerns for customers. Regulators will be
concerned about the location of the data
and whether there is a cross-border ow
of customer information in breach of the
IT Act. So governance has to optimise not
only the resources but also the risks to
realise the benets. At the same time, it
also has to do a balancing act of keeping
all the stakeholders needs in mind while
pursuing the goal of value creation.
How Is This Accomplished by
COBIT 5?
COBIT 5 has identied a large number
of stakeholders questions for such
situations. These questions lead us to
the selection of the enterprise goals.
How can a framework know what goals
an enterprise may have? COBIT 5, as a
business framework, uses the approach
of the balanced scorecard (BSC). As
per BSC principles, an enterprise has to
balance its goals in four dimensions -
nancial, customer, internal, and learning
and growth. An enterprise that has only
nancial goals, but no goals from the
remaining three dimensions, might soon
fail as its goals are not balanced.
In our example of modernizing IT for
the bank, the enterprise goals could be:
Financial dimension:
1. Managed business risk (safeguarding
of assets)
2. Compliance with external laws and
regulations
Customer dimension:
1. Customer-oriented service culture
2. Agile response to a changing
business environment
3. Business service continuity and
availability
Internal dimension:
1. Optimisation of business process
functionality
2. Optimisation of business process
costs
3. Operational and staf productivity
Article
Avinash Kadam [CISA, CISM, CGEIT, CRISC]
Advisor to the ISACA India Task Force
Why Do We Need the COBIT 5 Business Framework?
1. Meeting
Stakeholder
Needs
5. Separating
Governance
From
Management
4. Enabling a
Holistic
Approach
3. Applying a
Single
Integrated
Framework
2. Covering the
Enterprise
End-to-end
COBIT 5
Principles
Source: ISACA, COBIT 5, 2012, www.isaca.org/
cobit. Used with permission
CSI Communications | October 2012 | 26 www.csi-india.org
Learning and growth:
1. Skilled and motivated people
2. Product and business innovation
culture
These enterprise goals are business
oriented and required for enterprise
governance. We need to convert these
into IT-related goals that can be pursued
for IT governance. COBIT 5 provides a
matrix to relate enterprise goals with IT-
related goals. The IT-related goals again
are based on the BSC principle. Using the
matrix, we can identify the following IT-
related goals.
Financial:
1. Alignment of IT and business strategy
2. IT compliance and support for
business compliance with external
laws and regulations
3. Managed IT-related business risk
4. Realised benets from IT-enabled
investments and service portfolio
5. Transparency of IT costs, benets
and risk
Customer:
1. Adequate use of applications,
information and technology solutions
Internal:
1. IT agility
2. Security of information and
processing infrastructure and
applications
3. Optimisation of IT assets, resources
and capabilities
4. Enablement and support of business
processes by integrating applications
and technology into business
processes
Learning and growth:
1. Competent and motivated IT
personnel
2. Knowledge and expertise and
initiative for business innovation
It is not necessary to simultaneously
pursue each and every one of these goals.
Governance is also about prioritisation.
The bank can select specic goals to be
pursued on higher priority. Armed with
the selected IT-related goals, we can then
identify specic enabler goals from the
seven enablers identied by COBIT 5.
These enablers are listed under principle
no. 4 below. Specically, the enabler no. 2,
processes, provides a detailed mapping
of IT-related goals with governance and
management processes. This helps in
selecting the right processes and practices
to achieve these IT-related goals. There
are total 37 processes to guide us.
Principle 2: Covering the Enterprise
End to end
In the earlier days of adoption of
computers, the IT department was
responsible for the IT function. The
data was sent to the IT department
and processed reports were sent back.
This is no more the case. Information
has become one of the critical assets
of the organisation and it is rightly said
in the information age: information is
the currency of the enterprise. Every
action and decision depends on the
availability of the right information at
the right time. COBIT 5 has taken this
view and integrated governance of
enterprise IT into enterprise governance.
It not only focuses on the IT function,
but also treats information and related
technologies as assets like any other
asset for the enterprise. This enterprise-
wide approach is possible by providing
enterprise-wide governance enablers
such as having a uniform framework,
principles, structures, processes and
practices. It also requires considering
the enterprises resources, e.g. service
capabilities, people and information.
Information itself is a key enabler. Every
stakeholder has diferent needs for
information. A bank customer will require
very specic information. The banker
will require diferent type of information
to perform the task. COBIT 5 enables
every stakeholder to dene extensive and
complete requirement of information and
its life cycle. This helps the IT function
to identify and support all stakeholders
needs for information.
COBIT 5 also provides detailed roles,
activities and relationships between
stakeholders, the governing body,
management, operations and execution
team to have clear idea of accountability
and responsibility and avoid any confusion.
This is done by providing RACI charts
(Responsible, Accountable, Consulted
and Informed) for each key governance
and management practice.
Principle 3: Applying a Single
Integrated Framework
ISACA, a non-prot global association of
100,000 IT professionals in 180 countries,
has always strived to create best practices
for the IT profession. It has been a
collaborative efort of numerous experts
and practitioners. The collective eforts
created a number of valuable frameworks
such as COBIT 4.1, Val IT 2.0, Risk IT
and the Business Model for Information
Security (BMIS). All these frameworks
and models have now been integrated
in COBIT 5, a comprehensive business
framework at a macro level. However, this
does not preclude the use of other niche
standards and frameworks dealing with
specialised areas which can be integrated
under COBIT. COBIT 5 aligns itself very
well with other relevant standards and
frameworks such as ISO 27000, ITIL,
ISO, PMBOK and TOGAF so as to provide
guidance on governance and management
of enterprise IT keeping the overall focus
as a business framework. This is a very
important aspect as technical persons
may get too focused on detailed technical
activities and may ignore the main
business objective. COBIT 5 ensures
that you do not lose sight of the overall
enterprise goals to meet the stakeholders
needs while pursuing IT-related goals.
Principle 4: Enabling a Holistic
Approach
ISACA believes that one cannot achieve
enterprise goals through technical
processes alone. To bring this thinking
in clear focus, COBIT 5 has dened 7
enterprise enablers.
1. Principles, policies and framework
2. Processes
3. Organisational structures
4. Culture, ethics and behaviour
5. Information
6. Services, infrastructure and
applications
7. People, skills and competencies
These enablers were briey explained
in the previous article published in
CSI Communications September 2012
issue
[3]
. Each enabler has four dimensions
- shareholders, goals, life cycle and
good practices. Enabler performance
can be managed by dening metrics for
achievement of goals as well as metrics
for application of practice. This helps us
to monitor if we are on the right track and
to measure the progress made toward
achieving these goals. For example, the
quality of information available to the bank
customer should improve substantially
by adopting modern IT infrastructure
and improved processes. This should be
measured to identify whether the enablers
have actually contributed toward better
information quality achieved through
efective governance and management of
enterprise IT.
Principle 5: Separating Governance
from Management
We discussed this principle in the September
article
[3]
. Governance responsibility is to
CSI Communications | October 2012 | 27
evaluate stakeholder needs, conditions and
options; decide on balanced, agreed-on
enterprise objectives; and set the direction
for the enterprise. This alone is not enough.
Governance also requires monitoring the
performance and compliance against
agreed-on direction and objectives. To help
governance of enterprise IT, COBIT 5 has
identied ve distinct governance processes
under the domain of EDM (Evaluate, Direct
and Monitor). These processes make the
task of governance of enterprise IT very
well-organised.
Management of enterprise IT
requires a number of processes to be
applied. The four areas of responsibility
for management are: Plan, Build, Run
and Monitor. These have been further
elaborated as below:
Plan - APO (Align, Plan and Organise)
Build - BAI (Build, Acquire and Implement)
Run - DSS (Deliver, Service and Support)
Monitor - MEA (Monitor, Evaluate and
Assess)
These four domains together have a
total of 32 management processes. Each
process has a link with IT-related goals,
clearly dened goals and metrics, RACI
charts, management practices, input/
outputs and activities.
To date, ISACA has published
the following documents to help in
understanding and implementing COBIT 5:
1. COBIT 5: A Business Framework for
the Governance and Management of
Enterprise IT
2. COBIT 5 : Enabling Processes
3. COBIT 5 Implementation
4. COBIT 5 for Information Security
Other forthcoming publications are COBIT
5: Enabling Information and other enabler
guides, COBIT 5 for Assurance, COBIT 5
for Risk and other practitioner guides.
There is also an India-specic
document published by ISACA: Securing
Sensitive Personal Data or Information: Using
COBIT 5 for Indias IT Act
[4]
. ISACA plans to
bring other India-specic publication for
facilitating COBIT 5 implementation for
Indian enterprises.
Conclusion
Governance is the need of the hour as is
amply demonstrated by failure of various
enterprises that have not had an efective
governance framework. Research has
conrmed that enterprises which have
efective governance in place are more
successful and command a higher
premium in the market. COBIT 5 is not just
another framework but a holistic business
framework essential for governance
and management of enterprise IT. With
growing importance of IT in enterprises
and huge investments being made in
e-Business and e-Governance projects
and the e-way becoming the highway for
all core business processes, it is essential
that each one of us learns how to use
COBIT 5 to make sure that we become
more efective and can contribute in our
chosen area of work to facilitate achieving
the enterprise business goals.
Avinash Kadam, CISA, CISM, CGEIT,
CRISC, is currently advisor to the
ISACA India Task Force. He is also a
past international vice president of
the association. He can be contacted
via e-mail avinash@awkadam.com
Opinion expressed in the blog
are his personal opinions and do
not necessarily reect the views of
Hyperlink reference not valid.ISACA.
References
[1] www.isaca.org/cobit
[2] http://whatis.techtarget.com/denition/
framework
[3] http://www.csi-india.org/web/csi/
(Printed version: CSI Communications,
ISSN 0970-647X |Volume No. 36 | Issue
No. 6 | September 2012)
[4] http: //www. i saca. org /Knowl edge-
Center/ n
software. Tuners such as Guitar Pro tuner
use very simple algorithms and consider
the most pronounced frequency to be
the fundamental frequency, and hence
can be inaccurate at times. But the tuner
module on AGTAB sufers no such aws
and proved to be 100% accurate in
testing.
Conclusion
The idea of developing something like
AGTAB started of when one of the
teammates asked another, why there
wasnt a computer-based guitar tabs
generator software. The aim of the team
was not to make a 100% accurate, fully
functioning tabs generator, but a tabs
generator software that proved tabulation
could be automated and that it had its
advantages. The software has potential
application in the music industry if created
and distributed commercially. Musicians
dont have to waste their time in tabulation
which is very tiresome for someone who
isnt familiar with computers.
As mentioned above, AGTAB does
have its aws, being the rst if its kind. A
simple solution to overcome the inability
of AGTAB to detect guitar efects is
to have the user specify these efects
explicitly using buttons. This solution
takes away the concept of the software
being fully automated. So the designers
have left the idea and have come up
with a whole new algorithm called the
frequency pattern recognition (described
earlier under Detection of Frequency-B)
which is expected not to have any of the
short comings listed above. The algorithm
stores the patterns based on amplitude vs.
frequency graph of the various notes and
the efects. These can be compared to the
input to obtain the proper output.
Though AGTAB only deals with guitar
and keyboards, it can, not so easily, be
extended to other instruments also viz.
drums. Recording of drum beats requires
costly recording hardware, which may not
always be possible, apart from recordings
done in high-end studios. So usually in other
studios the drum beats are programmed.
This takes lot of time and efort. With
the extension of AGTAB to drums, the
drummer can play the drums and the
software could automatically generate the
programmed drum beats. This provides
more freedom to the drummer to the sort
of beats he can create.
References
[1] Arobas Musicals- Guitar Pro, www.guitar-
pro.com
[2] Elliott, R J, et al. (1994). Hidden Markov
Model-Estimation and Control, Springer
eBooks.
[3] Petrus M T Broersen (2006). Automatic
Autocorrelation and Spectral Analysis,
Springer eBooks.
[4] PowerTab-www.powertab.net
[5] Rao, K R, et al. (2010). Fast Fourier
Transform Algorithms and Applications,
Springer eBooks.
[6] Surhone, L M, et al. (2010). Nyquist-
Shannon Sampling Theorem, Betascript
Publishing.
[7] U4SEEN Developments - Bass Audio
Library, www.un4seen.com/bass n
Continued from Page 7

Вам также может понравиться