COBIT 5 PRINCIPLES
The Five Cobit 5 Principles
The Name of the School
Principle 1: Meeting Stakeholders Needs
According to this principle of Cobit 5, it acknowledges that stakeholders requirements within the business set up ought to be transformed into a practical initiative so as to be of value to the stakeholders themselves
(Guldentops, 2002). This goal can only be achieved through striking a common ground between the realization of the potential benefits and the optimization of the risks involved as well as the usage of the resources (Guldentops, 2002).
One of the potential aspects of ensuring that the needs of the stakeholders are met is to have mechanisms in place to address the unforeseen risks that may crop up in the course of business operations. These ensured risks are managed thus minimizing chances of unnecessary expenses being incurred to restore systems in the event of attach (Prasad, Heales & Green, 2010).
Principle 2: Covering the Enterprise from End to End
This principle also covers all the information and other related technical aspects within the organization. To achieve this, the principle incorporates the governance of the Information Technology (IT) into the enterprise governance and thereafter works to ensure that all the functions as well as processes involved in governance and management of the information and other related technologies are all included in the system
Ideally, incorporating the IT Governance into enterprise governance enables Cobit to specifically combine both the aspects of governance while at the same time taking into consideration the latest views and developments involved in governance
(Prasad, Heales & Green, 2010).
While taking into account all the relevant information and technology management processes, the principle tend to include all the important internal as well as external IT services in addition to both the internal and external business processes within the firm (Guldentops, 2002).
Principle 3: Application of a Single Integrated Framework
According IT experts, most organizations continue to experience challenging aspects of management and governance of their information as well as other related technological aspects
The Principle outlines a basic and easy framework for structural guidance materials while supporting a uniform product set that includes latest ISACA research work, other practical standards comprising of ITIL, TOPAG and ISO in addition to all the other knowledge oriented platform of Cobit related parameters (Prasad, Heales & Green, 2010).
Among the roles of the single and integrated framework is to provide a complete and an up-to date reference source of information. Therefore, in reference to the case of Ipremier, the principle of applying a single integrated framework seems to be missing. This is due to the fact that despite the management of Ipremier having mechanism in place to address the situation in the event of attack, they seem not to have taken into consideration other threats that their network may be exposed to as reported by the IT experts
Principle 4: Enabling Holistic Approach
In order to realize a comprehensive and effective governance and management of Information Technologies (IT) across various organizations, it is recommended that organizations should take into account distinct and related apparatus, Therefore, whenever an organization’s management is in the verge of making a decision, they ought to have as much information as possible, that is, to have a comprehensive understanding of the industry upon which they operate
This principle elaborates some helpful scenarios in the form of enables which are basically the parameters that determine output of the governance and management related activities.
These parameters includes all the tasks and responsibilities of IT functions and non IT business operation functions (Hardy, 2006).
This principle outlines the following seven parameters in relation to the
management and governance of IT functions:-
Principles, Policies and Frameworks; these are basically the guidelines that outlines the management related to information sharing
Processes: these are procedural steps undertaken by the IT experts in implementation of the management decisions
Organization Structure; this is the formation of an entity from the lowest subordinate to the top management
Skilled people and infrastructure; the capital required to facilitate operations
Principle 5:Separating Governance from Management
Ideally difference between governance and management is often difficult to comprehend. This principle explains this by articulating that each of the two aspects serves diverse purposes with diverse tasks and each of them requires diverse activities in addition to diverse supporting organization structures. In a nutshell, this principle uses mnemonics of Evaluate, Direct and Monitor (EDM) for governance and Plan, Build, Run & Monitor (PBRM) for the management.
The Governance is practically about making sure that the needs of the stakeholders are identified and the objectives achieved as desired by the stakeholders. The Management is ideally about ensuring that all the tasks undertaken are controlled and are aligned with the directive of the governing function (Lainhart, 2000).
De Haes, S., Van Grembergen, W., & Debreceny, R. S. (2013). COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems, 27(1), 307-324.
Guldentops, E. (2002). Governing information technology through COBIT. In Integrity, internal control and security in information systems (pp. 115-159). Springer US.
Hardy, G. (2006). Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security technical report, 11(1), 55-61.
Lainhart IV, J. W. (2000). COBIT™: A methodology for managing and controlling information and information technology risks and vulnerabilities. Journal of Information Systems, 14(s-1), 21-25.
Prasad, A., Heales, J., & Green, P. (2010). A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: Evidence from IT steering committees. International Journal of Accounting Information Systems, 11(3), 214-232.