Wadah Menulis Mahasiswa

COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance

July 18th, 2013 | by | in Review Jurnal | No Comments

Author :

Craig Symons


Title :

COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance


Year :



Background and Problem :

Boards of directors’ oversight of IT is becoming increasingly common as a result of several factors: the increase in investment in IT (budgets comprise 1.5% to 12% of revenues and more than 50% of a firm’s capital budget); the increasingly critical role that IT plays in core business processes, as system downtime means revenue downtime; and the growing impact of regulation and compliance like Sarbanes-Oxley, HIPAA, and Basel II. These factors have created an environment in frameworks are proliferating to help with governance (Frameworks are proliferating to help with governance and CIOs must educate themselves on frameworks’ use).


Most of these frameworks are not mutually exclusive and are most effective when used in combination with one another. The road to a comprehensive IT governance framework involves understanding the differences among the frameworks and when to apply each framework.1 To help explain the major frameworks and how they relate to one another, we have mapped the major elements of COBIT, ITIL, and ISO 17799 to one another and provide more detailed guidance around their use.


The Objectives :

Mapping the major elements of COBIT, ITIL, ISO 17799 to another.



COBIT Framework’s Domain and Objectives

COBIT Frameworks Domains and Objectives

While ITIL addresses all of the above areas with its books, its strength lies in service delivery and management, where it is more mature and has been implemented by many organizations. ITIL can be mapped to parts of COBIT :


COBIT Processes Covered By ITIL


Unlike COBIT and ITIL, ISO 17799 is an international standard first published in 2000 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under a joint technical committee.6 The standard provides information for implementing information security within an organization. ISO 17799 contains best practices for policies of information security, assignment of responsibility for information security, problem escalation, and business continuity management. This information is organized into 10 sections that contain 36 objectives and 127 controls.

ISO 17799 addresses all of the above areas to provide a comprehensive approach to security. ISO 17799 can be mapped to parts of COBIT.

COBIT Processes Covered By ISO 17799

COBIT Processes Covered By ISO 17799

Unfortunately, there is no “silver bullet,” no complete framework that IT managers can use to implement a comprehensive framework for IT governance and management. However, several relatively mature frameworks can be used to assemble a more complete and comprehensive governance framework.

Only COBIT addresses the full spectrum of IT governance processes, but it does so from a high-level management and business perspective with an emphasis on audit and control. Other frameworks address a subset of processes in more detail, including ITIL for IT service management and delivery, and ISO 17799 for IT security. These can be further augmented by use of additional frameworks and methodologies, including Six Sigma for process improvement and the Balanced Scorecard for IT performance management.

Conclusions :

Frameworks Help Run It Like A Business.


Ultimately, boards of directors and executive management want more transparency in IT. Transparency is attained with IT governance and IT performance management, which form the foundation of running IT like a business. CIOs who build IT organizations that focus on the customer, deliver high quality and cost-effective IT services, and engage business units to partner in developing and implementing innovative business change will find their future secure. Those who continue to run IT like a “black box” will not be so lucky.

Ditulis Oleh

Lihat semua tulisan dari

Leave a Reply