Enhancing the Control Objectives for Information and Related Technologies (COBIT 5) Framework for Sustainable IT Governance

IT Governance and COBIT 5

IT governance is a subset of corporate governance, and consists of policies, resources and a management structure that provides oversight for an organization’s information assets and technology practices. Goals of IT governance include ensuring that investments in IT assets are made for strategic business purposes and complying with a myriad of regulations around data, such as privacy. The Control Objectives for Information and Related Technology (COBIT) 5 is the 5th edition of the IT framework created by ISACA to control the governance and management of information technology (ISACA, 2015a). COBIT 5 aims to provide a generally accepted set of IT control objectives for business managers and IT professionals in all types of industries. COBIT 5 is divided into five categories, referred to as domains. These domains each have unique processes, which are “a collection of practices influenced by the enterprise’s policies and procedures that takes inputs from a number of sources, manipulates the inputs and produces outputs” (ISACA, 2012, p.19). These collections of practices are specifically worded to cover seemingly every possible responsibility of the IT function. 

Examples of enterprises that have implemented COBIT include diverse organizations, such as E. I. du Pont de Nemours and Company (commonly referred to as DuPont), Yount, Hyde & Barbour (a mid-sized regional accounting firm), Tokio Marine & Nichido Systems (an IT services division for Tokio Marine Group, which is a global insurance corporate group), and New York State Government Agency (ISACA, 2015b). COBIT is designed to be flexible so that adopting organizations can utilize it as the model best fits the unique governance needs of the enterprise. For example, Nicho and Fahkry (2013) assert that COBIT 5’s 37 management processes, because they are generic, can be mapped to control multiple security vulnerabilities. 

In its current form, however, we believe COBIT 5 has sustainability limitations (see Figure 3). COBIT 5 fails to adequately consider the environmental and, partially, the social aspects of the triple bottom line. This failure is due mainly to the current absence of environmental and social stakeholder drivers, needs, and objectives within COBIT 5 (Moeller, Loeser, Erek & Zarnekow, 2013). If COBIT 5 wording is updated to include a sustainability focus, its revamped management processes could be mapped to even more vulnerabilities. Entirely new, sustainability-focused sets of practices and activities could also be created and implemented. Figure 4 illustrates some potential sustainability-focused additions to COBIT 5 we have created along with process details. These updates could help COBIT 5 be applicable to the difficulties brought about by the transformation of the existing technology infrastructure to support sustainability dimensions.

Review

COBIT 5 merupakan framework yang komprehensif dan digunakan secara global untuk keperluan bisnis yang memungkinkan organisasi memanfaatkan informasi dan teknologi yang dimiliki dengan sebaik mungkin dengan menyediakan Framework management dan governance untuk IT di tingkat enterprise. COBIT 5 membantu organisasi menciptakan nilai yang optimal dari teknologi informasi dengan menjaga keselarasan antara perolehan manfaat, optimalisasi risiko dan optimalisasi sumberdaya yang dimiliki.

COBIT 5 harus berfungsi sebagai Framework yang mengarahkan organisasi untuk memasukkan keberlanjutan ke dalam penggunaan dan pengelolaannya. Aset dan praktik TI dalam Hal ini benar mengingat salah satu prinsip COBIT  5 adalah "Menerapkan Single Kerangka yang terpadu",  sebagai penyelarasan diri dengan standar dan framework relevan lain, sehingga perusahaan memapu menggunakan COBIT 5 sebagai framework tata kelola umum dan integrator. Selain itu prinsip ini menyatukan semua pengetahuan yang sebelumnya tersebar dalam berbagai framework ISACA (COBIT, VAL IT, Risk IT, BMIS, ITAF, dll).

Framework yang berlaku untuk semua jenis organisasi di setiap bidang Industri, dan berhasil mengintegrasikan fitur keberlanjutan yang dapat menciptakan dampak positif bagi banyak hal dalam. sebuah Organisasi. Dalam hal ini COBIT 5 juga perlu diperbaharui agar fitur nya lebih lengkap.  

Sumber jurnal