(Italian version [5])
IsacaRoma: Thanks for your collaboration Prof. Van Grembergen. Recently ITGI [6] and ISACA [7] announced COBIT 4.1. Can you summarize the history of COBIT? Where e how COBIT was born? What about COBIT 1.0?
Wim Van Grembergen: It is hard to believe that COBIT, now such a widely recognized and adopted framework, was at one time a relative unknown amid the older, better known frameworks such as COSO [8], Cadbury, CoCo and King [9]. But COBIT has staying power, and it also has a team of dedicated volunteers behind it, led by Erik Guldentops. That team has never ceased to update, revise and upgrade COBIT to make it more useful and more responsive to current needs.
As you mentioned, COBIT’s fourth edition was released late in 2005. There has been a series of incremental steps between that first publication, which was issued in 1996, and COBIT 4.0. The second edition was released in 1998 and added the very important audit guidelines, a tool of great value to ISACA’s IT audit community. The third edition was issued in 2000 and added management guidelines (including KPIs, KGIs, CSFs and maturity models). Finally, 2005 saw the publication of COBIT 4.0, which consolidated the control objectives and management guidelines and offered an enhanced business focus.
As a result of this constant refinement and innovation, COBIT has evolved from the auditor’s tool it was initially to an IT governance framework, used increasingly by IT management.
IR: Along with COBIT 4.0, announcement was made of new white papers on relationships between COBIT and PMBOK [10], PRINCE2 [11], TOGAF [12] etc. What is the strategy? What about the future of COBIT?
WvG: Generally speaking, the strategy for looking ahead at COBIT development can be summed up as “more of the same.” COBIT 4.1 is already underway and should be available by the end of 2006. The new version will include improved control objectives resulting from control practices update work and Val IT [13] development activity, and improved explanation of goals and metrics. Also, the framework-level application controls have been reworked to be more effective, based on work to support financial controls effectiveness assessment and reporting.
All of the COBIT-related products are being updated to be in alignment as well. As you mentioned, there will be a whole series of mappings between COBIT and other international standards and good practices, and in addition such publications of COBIT Security Baseline, COBIT Quickstart and COBIT Online will be brought up to date.
I want to especially mention two of the most widely used COBIT-related publications:
Besides reflecting new material from COBIT 4.0 and Val IT, the new edition of the Implementation Guide will be adapted to cover IT value management implementation. It will also incorporate the control practices, formerly a stand-alone document.
The IT Assurance Guide will replace and expand upon COBIT 3rd Edition’s Audit Guidelines. It will build on the four-step approach outlined in the previous publication with more detailed, structured guidance on testing control design, testing the achievement of control objectives and documenting the impact of control weaknesses for each of the 34 COBIT processes. It will also provide specific guidance on application controls and outline how COBIT components support IT assurance activities.
IR: Recently you established at UAMS (University of Antwerp Management School) the ITAG Research Institute [16]. What is it?
WvG: The Information Technology Alignment and Governance (ITAG) has four main objectives:
- perform active research on IT Governance/IT Strategic Alignment and their structures, processes and mechanisms
- contribute to the understanding of IT Governance and Strategic Alignment through dissemination of the knowledge via publications, conferences, seminars, etc.
- become an international point of reference regarding IT Governance and Strategic Alignment research and best practices, as well for academics as for practitioners
- act as a consultancy partner for organizations confronted with IT Governance issues.
WvG: Thanks to you.
ISACA links
Wim Van Grembergen and Steven De Haes ,“Goals and Metrics: Core Concepts of COBIT 4.0” in COBIT Focus - Volume 1, June 2006 [17]IsacaRoma Newsletter links
- Le faq su COBIT 4.0 in italiano [18] (English version [19])
- La faq su Val IT in italiano [20] (English version [21])
- È arrivato COBIT 4.0 [22]
- Le pagine dedicate a COBIT [23]
- Le pagine dedicate alla IT Governance [24]