The most common question I get is "We want to implement CobiT, but where do we start?" First, implementing CobiT is the wrong strategic objective. Improving IT governance, while taking advantage of the CobiT framework is a better approach. CobiT, as wonderful of a framework as it is, is only a means to an end. So where do we start? By identifying the most important IT governance decisions based specifically on the company's strategy and on the IT areas in trouble. Looking at the IT governance decisions that many other companies find critical may be a start.
In general, the following IT governance decisions have been found by many organizations completing benchmarks through ISACA's database to be the most important:
- Do we have a clear and compelling It strategy? (CobiT PO1)
- Are we appropriately assessing and managing IT risks? (CobiT PO9)
- How are we going to manage projects? (CobiT PO10)
- How do we effectively and efficiently manage changes? (CobiT AI6)
- Are we ensuring system security? (CobiT DS5)
- Are we adequately protecting valuable business data? (CobiT DS11)
- How do we monitor and evaluate IT’s performance? (CobiT ME1)
- Are we compliant to regulatory requirements? (CobiT ME3)
- Is there an effective IT governance in place? (CobiT ME4)
Do you want to learn more about this topic? Please listen to this PodCast now by clicking this link. If you are reading this in the blog, you may also subscribe to it and automatically get future releases for free by clicking the iTunes or RSS orange buttons on the left column.