To provide business and technology leaders with new tools to support these efforts, ISACA just announced it has developed COBIT Focus Area: Information and Technology Risk and COBIT Focus Area: DevOps .
Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance.
ISACA says both new resources offer guidance based on COBIT 2019 to optimise governance and management practices for enterprise risk functions and for enterprises implementing DevOps.
COBIT Focus Area: Information and Technology Risk demonstrates how COBIT 2019 can be tailored as an information and technology (I&T) framework and system, examining COBIT concepts from an I&T risk perspective and showing how COBIT can be used to design, implement, govern and manage I&T risk capabilities in the enterprise.
ISACA says the publication outlines the benefits that boards and executive management, operational risk managers, risk function and corporate risk managers, information security practitioners, internal auditors, CFOs and other stakeholders can realise from following guidance related to this focus area, including:
- A better understanding of risk impact on the enterprise
- Knowledge of how to capitalise on investments related to I&T risk management practices
- A complete risk profile, identifying the full enterprise risk exposure and enabling better utilisation of enterprise resources
- End-to-end guidance on how to manage risk, including an extensive set of measures
“Information and technology risk is ever present in an enterprise and is closely intertwined with business risk,” says Esanju Maseka, IT risk assurance specialist and member of ISACA’s Emerging Trends Working Group.
“Risk governance and management approaches need to factor in the entire spectrum of I&T-related risk, and having a relevant, customised governance framework and system with this in mind can offer an advantage in managing this risk and reduce business impact.”
COBIT Focus Area: DevOps Using COBIT 2019 provides tailored guidance specific to the governance and management system components relevant to DevOps.
According to ISACA, the global digital transformation drive has created a demand for effective and efficient development and delivery of software products, services and solutions and the COBIT Focus Area: DevOps Using COBIT 2019 publication outlines the concepts and guidance that DevOps teams can adopt and practitioners in risk and assurance can consider to help ensure the benefits of DevOps are realised while potential risk is mitigated.
DevOps Focus Area benefits include:
- Establishing alignment of DevOps with enterprise goals and strategic objectives\
- Integrating DevOps with the enterprise architecture
- Understanding of governance and management systems applicable to DevOps
- Providing a consistent governance and management framework and system related to DevOps
ISCA says both focus area publications offer a detailed overview and description of COBIT roles and organisational structures, COBIT terminology and key concepts including the components of a governance system and COBIT governance and management objectives as they pertain to I&T risk and DevOps.
COBIT Focus Area: Information and Technology Risk also includes examples of I&T risk scenarios, a template for risk register entry, IT risk reporting examples and sample risk maps. COBIT Focus Area: DevOps includes a goals cascade mappings table.
“With the introduction of these additional focus areas, business leaders have new enhanced tools for building and maintaining a governance system aligned with standards, frameworks and regulations that meets their needs in addressing I&T risk and implementing DevOps,” says Nader Qaimari, ISACA chief product officer.
“By continuing to evolve our COBIT resources, ISACA is committed to delivering to our global community the best practices and governance solutions to further drive business success.”