Enabling a holistic approach

CHAPTER 7
CONTROL AND ACCOUNTING INFORMATION SYSTEMS
As shown in Figure 7-1, the objective of governance is to create value by optimizing the use of organizational resources to produce desired benefits in a manner that effectively addresses risk. Governance is the responsibility of the board of directors who (1) evaluate stakeholder needs to identify objectives, (2) provide management with direction by prioritizing objectives, and (3) monitor management’s performance.
Management is responsible for planning, building, running, and monitoring the activities and processes used by the organization to pursue the objectives established by the board of directors. Management also periodically provides the board of directors with feedback that can be used to monitor achievement of the organization’s objectives and, if necessary, tore- evaluate and perhaps modify those objectives.
The governance and management of IT are ongoing processes. The board of directors and management monitor the organization’s activities and use that feedback to modify existing plans and procedures or develop new strategies to respond to changes in business objectives and new developments in IT.
COBIT 5 is a comprehensive framework that helps enterprises achieve their IT governance and management objectives. This comprehensiveness is one of the strengths of
COBIT 5 and underlies its growing international acceptance as a framework for managing and controlling information systems.
Figure 7-2 is the COBIT 5 process reference model. The model identifies the five governance processes (referred to as evaluate, direct and monitor—or EDM) and 32 management processes. The 32 management processes are broken down into the following four domains:

Download 1.2 Mb.

Share with your friends: