Introduction
The IT governance board is a body given authority over all matters related to IT by the corporate board, and as such it is required to comply with regulations and standards as required by the Sarbanes-Oxley Act. One of the systems made to ensure compliance with the act is the COBIT (Control Objectives for Information and Related Technologies) framework (Muglund et al, 2019). Any member of the board, whether established or new, has to be familiar with COBIT. The purpose of this paper is to ensure such familiarity.
What Is COBIT?
COBIT is a governance system for businesses that seek to improve and maintain a high standard of their IT management practice, by the Sarbanes-Oxley Act. This framework seeks to overcome crucial issues between technicalities, business risks, and requirements for control responsiveness (Muglund et al, 2019). It can be implemented in any organization that needs increased quality, control, and reliability of its existing information systems.
Purposes and Basics of COBIT
The main purpose of the framework is to provide a system of terms and parameters between IT professionals, company executives, and auditors, to enable effective communication about IT controls, objectives, and potential outcomes. This system prevents misunderstandings, helps save time, and allows for standardization of practices across industries as well as auditor education. The two foundational pillars upon which COBIT is situated are Control and IT Control Objective (Muglund et al, 2019). The former is defined as the total of IT management procedures, practices, policies, and structures existing to ensure that business goals will be met at the basic level. The latter defines the level at which the results achieved by particular IT notions are deemed acceptable. In essence, Control defines the tools, and the Objective defines the bar that these tools have to achieve.
Principles and Aspects of Governance
There are five principles of COBIT that every board member is supposed to know and internalize before utilizing the model. These are as follows (Muglund et al, 2019):
- Achieving stakeholder needs – without these various stakeholders involved in company operations will not be able to perform at the levels necessary for efficiency;
- Servicing end-to-end enterprises – the IT systems have to guide the production of services and goods from start to finish;
- Framework integration – it is better to have one unified system than different separate ones, with poor vertical communication;
- Holistic approach – problems must be solved on a systematic level, rather than pushing for incremental changes;
- Separation of governance from management – a necessary step to prevent corruption.
The aspects of governance to support the principles established above include aligning policies and frameworks, establishing clear processes, forming a transparent organizational structure, and nurturing a corporate culture based on ethical behavior. Information within the organization has to be readily available to persons operating in it, but also secure and differentiated based on levels of access. Services, infrastructure, and applications have a great influence on these parameters. Finally, the people operating these systems have to develop the skills and competencies necessary to operate the applications, maintain infrastructure, and provide services (Muglund et al, 2019). Cybersecurity is a very important aspect of it, that has to be kept in mind by employees and executives alike.
Conclusion
COBIT is a governance framework that covers all of the major parts of IT governance in a company and is thoroughly implemented in this organization. Members of the IT governance board are to be familiarized with its purposes, principles, and stipulations. Doing so would ensure the organization’s compliance with the Sarbanes-Oxley Act and the enduring quality, stability, and security of the IT systems implemented.
Reference
Mulgund, P., Pahwa, P., & Chaudhari, G. (2019). Strengthening IT governance and controls using COBIT: A systematic literature review. International Journal of Risk and Contingency Management (IJRCM), 8(4), 66-90.