IT Policy – Key Methods

IT Policy Guidelines, Uncategorized 2 Minutes

IT Policy – Key Methods

The below can be seen as a Guideline that will assist with accomplishing goals as an IT professional.

Key method: IT Assurance is one manner of ensuring IT Policy is being upheld on top of analyzing performance. COBIT4 describes the objective of IT Assurance as follows:

            “The objective of an assurance initiative is for an assurance professional to measure or evaluate a process that is the responsibility of another party. For IT assurance initiatives, there is generally also a stakeholder involved who benefits from the process, but who has delegated operation and custodianship of the process to another party.” [1, page 17]

 

The textbook also mentions IT Assurance taking place in 3 phases which are Planning, Scoping, Execution.[1, page 17]. From these 3 phases Planning in Particular ties into the concept of IT Risk, and the textbook gives us the following statement showing this : “Planning is the first stage on the IT assurance road map. To create a comprehensive plan, the assurance professional needs to combine an understanding of the IT assurance universe and the selection of an appropriate IT control framework such as COBIT. The aggregation of these two will allow for risk-based planning of the assurance initiative. The end deliverable of this stage is the IT assurance plan.” [1, page 17] As we see here, “risk-based planning” shows us that IT Policy can essentially serve as the backbone of IT Assurance Planning, due to the fact that the IT Assurance resource or team may use IT Policy to keep them honest and serve as a guide line when evaluating other parties.

IT Assurance is still a key method in the COBIT5 as it was the COBIT4, but in the COBIT5 we once again see that it expands on the subject even more. In the COBIT4 IT Assurance is listed as having 3 major stages (Planning, Scoping, Execution)[1, page 17], but in in COBIT5 instead of stages we are presented “concepts” for IT Assurance which are as follows:

Key concepts:

The assurance process includes the following steps:

Planning assurance

Scoping assurance

Executing assurance (testing)

Risk driver

Value driver” [2, page 35]

 

As we see here Planning, Scoping, and Execution are still mentioned, but Risk Driver and the focus of Value are shown here which shows us that the focus on COBIT5 is that of diving deeper into the preexisting concepts, and also viewing things from a different angle which makes it easier for individuals with no IT experience to be able to consume and understand.

IS-COBIT-5-Reassurance-Audit-IG-L

Image Courtesy of ISACA

 

References:

  1. IT Governance Institute, IT Governance Using COBIT and ValIT: Student Book, 2ndEdition 2007
  2. ISACA, Basic Foundational Concepts Student Book: Using COBIT® 5. 2014

 

Acknowledgement:

IT7833 Exercise 2 – Key Concept Methods

Published

Leave a comment